Autonomous Identity 2022.11.10

Access Control

The following are Autonomous Identity access control endpoints:

GET /api/userDetails/decisions

GET /api/userDetails/decisions

Get the current entitlement decisions for the user. [Supervisor, Ent Owner, App Owner, Admin]

Endpoint

/api/userDetails/decisions

Authorization

<Bearer Token JWT-value> OR <API-KEY>

Param

user=john.doe
Query Parameters
Parameter Type Description

user

string

User ID (required)

filter

object

Filter to add (single property shown below)

Filter Query Object Properties
Parameter Type Description

datasinkStatus

string

Datasink status filter ('ack' or 'nack')

timestampThresholds

Timestamp threshold object

timestampThresholds Object Properties
Parameter Type Description

gt

string

Greater than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with gte.

gte

string

Greater than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with gt.

lt

string

Less than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with lte.

lte

string

Less than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with le.

Example Request (DatasinkStatus Filter)

curl -k -X GET \
'datasinkStatus=nack' \
-H 'Authorization: Bearer <token value>' \  <or>   -H 'X-API-KEY: <api key value>' \
-H 'Content-Type: application/json'

Example Response (DatasinkStatus Filter)

{
  "decisions": [
    {
      "user": "john.doe",
      "entitlement": "ent_1",
      "is_certified": false,
      "is_revoked": false,
      "is_processed": false,
      "is_archived": false,
      "author": "jane.smith",
      "author_name": "Jane Smith",
      "author_type": "Zoran Admin",
      "reason": null,
      "last_updated": "2022-01-11T19:48:17.195Z",
      "datasink_status": "nack",
      "usr_name": "John Doe",
      "ent_name": "Entitlement 1",
      "app_id": "Gateway",
      "app_name": "Gateway",
      "usr_manager_id": "john.smith",
      "conf": 0.75,
      "freq": 4,
      "freqUnion": 3
    }
  ]
}

POST /api/userDetails/decisions

POST /api/userDetails/decisions

Update entitlement decisions for users. [Supervisor, Ent Owner, App Owner, Admin]

Endpoint

/api/userDetails/decisions

Authorization

<Bearer Token JWT-value> OR &ltAPI-KEY>
Request Body Parameters
Parameter Type Description

assignments

array of assignment objects

List of assignments affected by the decision (available properties listed below)(required)

is_certified

boolean

Certification decision

is_revoked

boolean

Revoke decision

is_requested

boolean

Decision is processed

reason

string

Reason for decision

datasink_status

string

Datasink status ('ack' or 'nack')

Assignments Object Properties
Parameter Type Description

user

string

User ID (required)

entitlements

string array

List of entitlement ID’s (required)

Body

{
  "assignments": [
    {
      "user": "string",
      "entitlements": [
        "string"
      ]
    }
  ],
  "is_certified": true,
  "is_revoked": true,
  "is_requested": true,
  "is_processed": true,
  "reason": "string",
  "datasink_status": "nack"
}

Example Request

curl --request POST "https://autoid-api.forgerock.com/api/userDetails/decisions" \
-H  "accept: /" -H  "Content-Type: application/json" \
--data-raw '{
    "assignments": [
       {
          "user": "string",
          "entitlements": [
             "string"
          ]
       }
    ],
    "is_certified": true,
    "is_revoked": true,
    "is_requested": true,
    "is_processed": true,
    "reason": "string",
    "datasink_status": "nack"
}'

Example Response

{
  "status": 200
}

POST /api/rules/decision

POST /api/rules/decision

Update rule decisions. [Supervisor, Ent Owner, App Owner, Admin]

Endpoint

/api/rules/decision

Authorization

<Bearer Token JWT-value>
Request Body Parameters
Parameter Type Description

rules

array of rules objects

List of rules affected by the decision (available properties listed below)(required)

is_autocertify

boolean

Auto-Certification decision (required)

is_autorequest

boolean

Auto-Request decision (required)

autocertify_reason

boolean

Auto-Certification reason (required)

autorequest_reason

boolean

Auto-Request reason (required)

datasink_status

string

Datasink status ('ack' or 'nack')

Rule Object Properties
Parameter Type Description

entitlement

string

Entitlement ID (required)

justification

string array

List of raw justifications (required)

Body

{
  "rules": [
    {
      "entitlement": "string",
      "justification": [
        "string"
      ]
    }
  ],
  "is_autocertify": true,
  "is_autorequest": true,
  "autocertify_reason": "string",
  "autorequest_reason": "string"
}

Example Request

curl -k -X POST \
"https://autoid-api.forgerock.com/api/rules/decision" \
-H 'Authorization: Bearer <token-value>' \
-H  "accept: /" -H  "Content-Type: application/json" \
--data-raw '{
"rules": [
    {
      "entitlement": "Ent_1",
      "justification": [
        "0C_CHIEF_YES_NO_Yes",
        "0C_JOBCODE_NAME_Service Representitive II",
        "0C_MANAGER_NAME_John_Doe",
        "0C_USR_EMP_TYPE_Non-Employee"
      ]
    }
  ],
  "is_autocertify": true,
  "is_autorequest": false,
  "autocertify_reason": "Goodbye, world.",
  "autorequest_reason": "Hello, world."
}'

Example Response

Status 204: No Content