PingOne Advanced Identity Cloud - Identity Governance (IGA) (1.0.0)

Download OpenAPI specification:Download

This is the API specification for the Access Request related endpoints and data model for Identity Governance (IGA).

Request Type

Request type endpoints

Get list of supported request type

query Parameters

_queryFilter	string The query filter for searching
_pageSize	string Number of results per page
_pageNumber	string Page number of results to show
_fields	string Properties to return in the results
_sortBy	string The property want to be sorted by
_pagedResultsOffset	integer The offset of the first element of the page
_sortKeys	string Property to sort the results by. Prefix + or - to the property name for ascending or descending order.

Responses

Response samples

Content type

application/json

[{"id": "string",
"schemas": {"custom": [{"_meta": {"type": "string",
"displayName": "string",
"properties": { }
},
"properties": { }
}
]
},
"workflow": {"id": "string",
"type": "bpmn"
}
}
]

Create new custom request type

Request Body schema: application/json

id	string The identifier of the request type
	object
	object The workflow that handles this reqeust type

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"schemas": {"custom": [{"_meta": {"type": "string",
"displayName": "string",
"properties": { }
},
"properties": { }
}
]
},
"workflow": {"id": "string",
"type": "bpmn"
}
}

Response samples

Content type

application/json

{"id": "string",
"schemas": {"custom": [{"_meta": {"type": "string",
"displayName": "string",
"properties": { }
},
"properties": { }
}
]
},
"workflow": {"id": "string",
"type": "bpmn"
}
}

Get the request type by ID

path Parameters

requestTypeId

required

string

Responses

Response samples

Content type

application/json

{"id": "string",
"schemas": {"custom": [{"_meta": {"type": "string",
"displayName": "string",
"properties": { }
},
"properties": { }
}
]
},
"workflow": {"id": "string",
"type": "bpmn"
}
}

Replace existing request type

path Parameters

requestTypeId

required

string

Request Body schema: application/json

id	string The identifier of the request type
	object
	object The workflow that handles this reqeust type

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"schemas": {"custom": [{"_meta": {"type": "string",
"displayName": "string",
"properties": { }
},
"properties": { }
}
]
},
"workflow": {"id": "string",
"type": "bpmn"
}
}

Response samples

Content type

application/json

{"id": "string",
"schemas": {"custom": [{"_meta": {"type": "string",
"displayName": "string",
"properties": { }
},
"properties": { }
}
]
},
"workflow": {"id": "string",
"type": "bpmn"
}
}

Update request type

path Parameters

requestTypeId

required

string

Request Body schema: application/json

Array

operation	string Enum: "add" "replace" "copy" "move" "increment" "remove" "transform" The operation apply to the field
field	string The field that will be updated
value	any The value of the field

Responses

Request samples

Payload

Content type

application/json

[{"operation": "add",
"field": "/type",
"value": null
}
]

Response samples

Content type

application/json

{"id": "string",
"schemas": {"custom": [{"_meta": {"type": "string",
"displayName": "string",
"properties": { }
},
"properties": { }
}
]
},
"workflow": {"id": "string",
"type": "bpmn"
}
}

Delete request type

path Parameters

requestTypeId

required

string

Responses

Access Request

Access request endpoints.

Create or validate new access request for list of users.

For submitting a new request for access, which will validate the contents of the request, and if there are no issues, create a request for each user-to-catalog item pairing that the request contains. To only check validation an _action of validate is supported, which will allow the caller to see any errors that exist with the current request payload. Regardless of result, no requests will be created when that action is used.

query Parameters

_action required	string Enum: "create" "validate" Action to be performed for requests endpoint.
runPreventativeScan	boolean Check whether the requested access violates any policies.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

users	Array of strings List of unique user IDs for whom the access is being requested.
	Array of objects List of catalog items being requested for the users.
startDate	string The date that the granted access will take effect. The value should be provided in ISO8601 format.
endDate	string The date that the granted access will end for the user. The value should be provided in ISO8601 format.
expiryDate	integer The expiry date of the access request, by which if the request is not completed it will be cancelled automatically by the system. The value should be provided in ISO8601 format.
priority	string Default: "low" Enum: "low" "medium" "high" The priority of the request, either low, medium, or high.
justification	string The reason for which this request is being submitted.
accessModifier	string Enum: "add" "remove" The access modifier of this request, i.e. is this an add request or a remove request.
externalRequestId	string If using an external service (e.g. SNOW) to manage any portion of the access request flow, you can include an ID reference to that external process using this field.
requestIdPrefix	string This field can be used to assign an additional prefix to the generated UUID for the request(s) that are created from this call. For example, a requestIdPrefix of REQ would result in a UUID like REQ-f8c8f9ae-12b3-4316-b011-c117a9c3f1a2.

Responses

Request samples

Payload

Content type

application/json

{"users": ["52cf01b4-288e-4c21-aed6-f992be073988"
],
"catalogs": [{"type": "application",
"id": "ea412dc4804ae80e625fdd8f7b7521d9ae3f7cae30f2401cf8f3be43d985176843404f1022c44537edeedc0bf11b5e5a028082cc05a7d90843b882c7c4b5d988",
"data": { }
}
],
"startDate": "2023-09-11T12:00:00+00:00",
"endDate": "2023-12-11T12:00:00+00:00",
"expiryDate": "2023-09-05T12:00:00+00:00",
"priority": "low",
"justification": "I need this access to start working on a new project.",
"accessModifier": "add",
"externalRequestId": "c926c10f-300a-4222-876f-348e0ca07d63",
"requestIdPrefix": "REQ"
}

Response samples

Content type

application/json

{"result": ["f70b1565-8d42-4492-93dd-90173fa62635"
],
"errors": [{"error": "DUPLICATE",
"message": "Duplicate request already exists.",
"user": "e7c38019-844f-4b70-93d1-9bdbfa00f1da",
"requestId": "3cd52fdd-9725-411f-bcae-0f5f3254e24d",
"catalogId": "a09030e6-f4d1-4442-9c7c-1a51ce4683c1"
}
]
}

Create request of the given request type.

Create request

path Parameters

requestTypeId

required

string

The ID of the request type

Request Body schema: application/json
required

The payload for creating request. Properties must match the request type schema definition.

id	string The unique identifier of the request.
	object (User) The properties of a user object.
requestType	string Enum: "applicationGrant" "applicationRemove" "entitlementGrant" "entitlementRemove" "roleGrant" "roleRemove" The identifier of the request type.
	object (AccessRequest) This information appears under the request key on any request object. It contains all of the relevant information submitted by an end user for the request. The fields startDate, endDate, justification, externalRequestId, isDraft and requestIdPrefix under the common key will appear for all requests. Depending on the request type, there will also be additional request type specific details that appear within this object.
application	object (Application) An application object, as stored in IGA
	Array of objects (ApplicationOwner) A list of user objects whom are assigned as the owners of an application
	Array of objects (User) If applicable, the user who is listed as the owner of the entitlement for which this request is for.
	Array of objects (User) If applicable, the user who is listed as the owner of the role for which this request is for.
	object (User) The properties of a user object.
	object The decision key contains all of the information related to the request lifecycle, such as the status, the task information, comments, and more.
	object

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"requester": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"requestType": "applicationGrant",
"request": {"common": {"startDate": "2023-09-11T12:00:00+00:00",
"endDate": "2023-12-11T12:00:00+00:00",
"justification": "I need this access to start working on a new project.",
"externalRequestId": "c926c10f-300a-4222-876f-348e0ca07d63",
"isDraft": false,
"requestIdPrefix": "REQ"
}
},
"application": {"authoritative": false,
"connectorId": "AzureAD",
"description": "AzureAD application",
"fr": {"realm": "alpha"
},
"icon": "https://example.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "a09030e6-f4d1-4442-9c7c-1a51ce4683c1",
"mappingNames": ["systemAzureadUser_managedAlpha_user",
"systemAzureadDirectoryrole_managedAlpha_assignment",
"systemAzuread__group___managedAlpha_assignment",
"managedAlpha_user_systemAzureadUser"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-08-31T21:23:35.809Z"
},
"name": "AzureAD",
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entitlementOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"roleOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"decision": {"status": "in-progress",
"decision": "approved",
"outcome": "provisioned",
"startDate": "2023-09-10T12:00:00+00:00",
"completionDate": "2023-09-10T12:00:00+00:00",
"comments": [{"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"comment": "I need to find out more information before approving.  Will check back later.",
"action": "comment",
"timeStamp": "2023-09-11T12:00:00+00:00",
"phase": "ManagerApproval"
}
],
"actors": {"active": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
],
"inactive": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
]
},
"phases": [{"phase": {"name": "ManagerApproval",
"type": "request",
"status": "in-progress",
"decision": "approve",
"startDate": "2023-09-10T12:00:00+00:00",
"events": {"assignment": {"notification": "requestAssigned"
},
"reassign": {"notification": "requestReassigned"
},
"expiration": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestExpired",
"action": "reassign",
"actors": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": null,
"comment": null,
"modify": null,
"reassign": null,
"reject": null
}
}
]
},
"escalation": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestEscalated",
"actors": [{"id": "875bbc8f-e868-451f-a690-453473205ca1"
}
],
"frequency": 3
},
"reminder": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestReminder",
"frequency": 3
}
},
"justification": "string",
"workflowTaskId": 1025,
"completedBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"completionDate": "2023-09-10T12:00:00+00:00"
}
}
]
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}

Response samples

Content type

application/json

{"id": "string",
"requester": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"requestType": "applicationGrant",
"request": {"common": {"startDate": "2023-09-11T12:00:00+00:00",
"endDate": "2023-12-11T12:00:00+00:00",
"justification": "I need this access to start working on a new project.",
"externalRequestId": "c926c10f-300a-4222-876f-348e0ca07d63",
"isDraft": false,
"requestIdPrefix": "REQ"
}
},
"application": {"authoritative": false,
"connectorId": "AzureAD",
"description": "AzureAD application",
"fr": {"realm": "alpha"
},
"icon": "https://example.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "a09030e6-f4d1-4442-9c7c-1a51ce4683c1",
"mappingNames": ["systemAzureadUser_managedAlpha_user",
"systemAzureadDirectoryrole_managedAlpha_assignment",
"systemAzuread__group___managedAlpha_assignment",
"managedAlpha_user_systemAzureadUser"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-08-31T21:23:35.809Z"
},
"name": "AzureAD",
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entitlementOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"roleOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"decision": {"status": "in-progress",
"decision": "approved",
"outcome": "provisioned",
"startDate": "2023-09-10T12:00:00+00:00",
"completionDate": "2023-09-10T12:00:00+00:00",
"comments": [{"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"comment": "I need to find out more information before approving.  Will check back later.",
"action": "comment",
"timeStamp": "2023-09-11T12:00:00+00:00",
"phase": "ManagerApproval"
}
],
"actors": {"active": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
],
"inactive": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
]
},
"phases": [{"phase": {"name": "ManagerApproval",
"type": "request",
"status": "in-progress",
"decision": "approve",
"startDate": "2023-09-10T12:00:00+00:00",
"events": {"assignment": {"notification": "requestAssigned"
},
"reassign": {"notification": "requestReassigned"
},
"expiration": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestExpired",
"action": "reassign",
"actors": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": null,
"comment": null,
"modify": null,
"reassign": null,
"reject": null
}
}
]
},
"escalation": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestEscalated",
"actors": [{"id": "875bbc8f-e868-451f-a690-453473205ca1"
}
],
"frequency": 3
},
"reminder": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestReminder",
"frequency": 3
}
},
"justification": "string",
"workflowTaskId": 1025,
"completedBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"completionDate": "2023-09-10T12:00:00+00:00"
}
}
]
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}

Get access request by ID.

Retrieve the details of a single access request using its unique identifier.

path Parameters

requestId

required

string

The unique identifier of the request to get.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"id": "string",
"requester": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"requestType": "applicationGrant",
"request": {"common": {"startDate": "2023-09-11T12:00:00+00:00",
"endDate": "2023-12-11T12:00:00+00:00",
"justification": "I need this access to start working on a new project.",
"externalRequestId": "c926c10f-300a-4222-876f-348e0ca07d63",
"isDraft": false,
"requestIdPrefix": "REQ"
}
},
"application": {"authoritative": false,
"connectorId": "AzureAD",
"description": "AzureAD application",
"fr": {"realm": "alpha"
},
"icon": "https://example.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "a09030e6-f4d1-4442-9c7c-1a51ce4683c1",
"mappingNames": ["systemAzureadUser_managedAlpha_user",
"systemAzureadDirectoryrole_managedAlpha_assignment",
"systemAzuread__group___managedAlpha_assignment",
"managedAlpha_user_systemAzureadUser"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-08-31T21:23:35.809Z"
},
"name": "AzureAD",
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entitlementOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"roleOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"decision": {"status": "in-progress",
"decision": "approved",
"outcome": "provisioned",
"startDate": "2023-09-10T12:00:00+00:00",
"completionDate": "2023-09-10T12:00:00+00:00",
"comments": [{"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"comment": "I need to find out more information before approving.  Will check back later.",
"action": "comment",
"timeStamp": "2023-09-11T12:00:00+00:00",
"phase": "ManagerApproval"
}
],
"actors": {"active": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
],
"inactive": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
]
},
"phases": [{"phase": {"name": "ManagerApproval",
"type": "request",
"status": "in-progress",
"decision": "approve",
"startDate": "2023-09-10T12:00:00+00:00",
"events": {"assignment": {"notification": "requestAssigned"
},
"reassign": {"notification": "requestReassigned"
},
"expiration": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestExpired",
"action": "reassign",
"actors": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": null,
"comment": null,
"modify": null,
"reassign": null,
"reject": null
}
}
]
},
"escalation": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestEscalated",
"actors": [{"id": "875bbc8f-e868-451f-a690-453473205ca1"
}
],
"frequency": 3
},
"reminder": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestReminder",
"frequency": 3
}
},
"justification": "string",
"workflowTaskId": 1025,
"completedBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"completionDate": "2023-09-10T12:00:00+00:00"
}
}
]
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}

Replace the content of a request. The only properties that it can be changed are properties that are defined in the request schema, and not in the notModifiableProperties.

Replace request

path Parameters

requestId

required

string

The ID of the request

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

The payload for replacing request content. Properties must match the request type schema definition of this request

id	string The unique identifier of the request.
	object (User) The properties of a user object.
requestType	string Enum: "applicationGrant" "applicationRemove" "entitlementGrant" "entitlementRemove" "roleGrant" "roleRemove" The identifier of the request type.
	object (AccessRequest) This information appears under the request key on any request object. It contains all of the relevant information submitted by an end user for the request. The fields startDate, endDate, justification, externalRequestId, isDraft and requestIdPrefix under the common key will appear for all requests. Depending on the request type, there will also be additional request type specific details that appear within this object.
application	object (Application) An application object, as stored in IGA
	Array of objects (ApplicationOwner) A list of user objects whom are assigned as the owners of an application
	Array of objects (User) If applicable, the user who is listed as the owner of the entitlement for which this request is for.
	Array of objects (User) If applicable, the user who is listed as the owner of the role for which this request is for.
	object (User) The properties of a user object.
	object The decision key contains all of the information related to the request lifecycle, such as the status, the task information, comments, and more.
	object

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"requester": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"requestType": "applicationGrant",
"request": {"common": {"startDate": "2023-09-11T12:00:00+00:00",
"endDate": "2023-12-11T12:00:00+00:00",
"justification": "I need this access to start working on a new project.",
"externalRequestId": "c926c10f-300a-4222-876f-348e0ca07d63",
"isDraft": false,
"requestIdPrefix": "REQ"
}
},
"application": {"authoritative": false,
"connectorId": "AzureAD",
"description": "AzureAD application",
"fr": {"realm": "alpha"
},
"icon": "https://example.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "a09030e6-f4d1-4442-9c7c-1a51ce4683c1",
"mappingNames": ["systemAzureadUser_managedAlpha_user",
"systemAzureadDirectoryrole_managedAlpha_assignment",
"systemAzuread__group___managedAlpha_assignment",
"managedAlpha_user_systemAzureadUser"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-08-31T21:23:35.809Z"
},
"name": "AzureAD",
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entitlementOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"roleOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"decision": {"status": "in-progress",
"decision": "approved",
"outcome": "provisioned",
"startDate": "2023-09-10T12:00:00+00:00",
"completionDate": "2023-09-10T12:00:00+00:00",
"comments": [{"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"comment": "I need to find out more information before approving.  Will check back later.",
"action": "comment",
"timeStamp": "2023-09-11T12:00:00+00:00",
"phase": "ManagerApproval"
}
],
"actors": {"active": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
],
"inactive": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
]
},
"phases": [{"phase": {"name": "ManagerApproval",
"type": "request",
"status": "in-progress",
"decision": "approve",
"startDate": "2023-09-10T12:00:00+00:00",
"events": {"assignment": {"notification": "requestAssigned"
},
"reassign": {"notification": "requestReassigned"
},
"expiration": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestExpired",
"action": "reassign",
"actors": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": null,
"comment": null,
"modify": null,
"reassign": null,
"reject": null
}
}
]
},
"escalation": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestEscalated",
"actors": [{"id": "875bbc8f-e868-451f-a690-453473205ca1"
}
],
"frequency": 3
},
"reminder": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestReminder",
"frequency": 3
}
},
"justification": "string",
"workflowTaskId": 1025,
"completedBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"completionDate": "2023-09-10T12:00:00+00:00"
}
}
]
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}

Response samples

Content type

application/json

{"id": "string",
"requester": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"requestType": "applicationGrant",
"request": {"common": {"startDate": "2023-09-11T12:00:00+00:00",
"endDate": "2023-12-11T12:00:00+00:00",
"justification": "I need this access to start working on a new project.",
"externalRequestId": "c926c10f-300a-4222-876f-348e0ca07d63",
"isDraft": false,
"requestIdPrefix": "REQ"
}
},
"application": {"authoritative": false,
"connectorId": "AzureAD",
"description": "AzureAD application",
"fr": {"realm": "alpha"
},
"icon": "https://example.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "a09030e6-f4d1-4442-9c7c-1a51ce4683c1",
"mappingNames": ["systemAzureadUser_managedAlpha_user",
"systemAzureadDirectoryrole_managedAlpha_assignment",
"systemAzuread__group___managedAlpha_assignment",
"managedAlpha_user_systemAzureadUser"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-08-31T21:23:35.809Z"
},
"name": "AzureAD",
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entitlementOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"roleOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"decision": {"status": "in-progress",
"decision": "approved",
"outcome": "provisioned",
"startDate": "2023-09-10T12:00:00+00:00",
"completionDate": "2023-09-10T12:00:00+00:00",
"comments": [{"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"comment": "I need to find out more information before approving.  Will check back later.",
"action": "comment",
"timeStamp": "2023-09-11T12:00:00+00:00",
"phase": "ManagerApproval"
}
],
"actors": {"active": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
],
"inactive": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
]
},
"phases": [{"phase": {"name": "ManagerApproval",
"type": "request",
"status": "in-progress",
"decision": "approve",
"startDate": "2023-09-10T12:00:00+00:00",
"events": {"assignment": {"notification": "requestAssigned"
},
"reassign": {"notification": "requestReassigned"
},
"expiration": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestExpired",
"action": "reassign",
"actors": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": null,
"comment": null,
"modify": null,
"reassign": null,
"reject": null
}
}
]
},
"escalation": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestEscalated",
"actors": [{"id": "875bbc8f-e868-451f-a690-453473205ca1"
}
],
"frequency": 3
},
"reminder": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestReminder",
"frequency": 3
}
},
"justification": "string",
"workflowTaskId": 1025,
"completedBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"completionDate": "2023-09-10T12:00:00+00:00"
}
}
]
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}

Update the content of a request. The only properties that it can be updated are properties that are defined in the request schema, and not in the notModifiableProperties.

Update request

path Parameters

requestId

required

string

The ID of the request

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

The payload for updating request

Array

operation	string Enum: "add" "replace" "copy" "move" "increment" "remove" "transform" The operation apply to the field
field	string The field that will be updated
value	any The value of the field

Responses

Request samples

Payload

Content type

application/json

[{"operation": "add",
"field": "/type",
"value": null
}
]

Response samples

Content type

application/json

{"id": "string",
"requester": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"requestType": "applicationGrant",
"request": {"common": {"startDate": "2023-09-11T12:00:00+00:00",
"endDate": "2023-12-11T12:00:00+00:00",
"justification": "I need this access to start working on a new project.",
"externalRequestId": "c926c10f-300a-4222-876f-348e0ca07d63",
"isDraft": false,
"requestIdPrefix": "REQ"
}
},
"application": {"authoritative": false,
"connectorId": "AzureAD",
"description": "AzureAD application",
"fr": {"realm": "alpha"
},
"icon": "https://example.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "a09030e6-f4d1-4442-9c7c-1a51ce4683c1",
"mappingNames": ["systemAzureadUser_managedAlpha_user",
"systemAzureadDirectoryrole_managedAlpha_assignment",
"systemAzuread__group___managedAlpha_assignment",
"managedAlpha_user_systemAzureadUser"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-08-31T21:23:35.809Z"
},
"name": "AzureAD",
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entitlementOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"roleOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"decision": {"status": "in-progress",
"decision": "approved",
"outcome": "provisioned",
"startDate": "2023-09-10T12:00:00+00:00",
"completionDate": "2023-09-10T12:00:00+00:00",
"comments": [{"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"comment": "I need to find out more information before approving.  Will check back later.",
"action": "comment",
"timeStamp": "2023-09-11T12:00:00+00:00",
"phase": "ManagerApproval"
}
],
"actors": {"active": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
],
"inactive": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
]
},
"phases": [{"phase": {"name": "ManagerApproval",
"type": "request",
"status": "in-progress",
"decision": "approve",
"startDate": "2023-09-10T12:00:00+00:00",
"events": {"assignment": {"notification": "requestAssigned"
},
"reassign": {"notification": "requestReassigned"
},
"expiration": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestExpired",
"action": "reassign",
"actors": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": null,
"comment": null,
"modify": null,
"reassign": null,
"reject": null
}
}
]
},
"escalation": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestEscalated",
"actors": [{"id": "875bbc8f-e868-451f-a690-453473205ca1"
}
],
"frequency": 3
},
"reminder": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestReminder",
"frequency": 3
}
},
"justification": "string",
"workflowTaskId": 1025,
"completedBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"completionDate": "2023-09-10T12:00:00+00:00"
}
}
]
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}

Take action on a request.

Perform various actions on a specific request, such as approve, reject, comment, cancel, update, or reassign. Each action may have different payloads depending on the information the caller needs to provide.

path Parameters

requestId

required

string

The unique identifier of the request to act on.

query Parameters

phaseName	string For approval task specific actions, the name of the task that the action applies to.
_action required	string Enum: "cancel" "approve" "reject" "comment" "reassign" "update" "modify" Action to be performed on a single request.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Any of

comment

string

The comment text that will be added to the request.

Responses

Request samples

Payload

Content type

application/json

Example

comment

{"comment": "Can someone please expedite this approval?"
}

Get requests user has permissions to view.

Get requests for which the authenticated user has permissions to view. For additional search capabilities, use the POST /governance/user/{userId}/requests?_action=search API.

path Parameters

userId

required

string

Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_sortType	string Enum: "date" "integer" Example: _sortType=date The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"result": [{"id": "string",
"requester": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"requestType": "applicationGrant",
"request": {"common": {"startDate": "2023-09-11T12:00:00+00:00",
"endDate": "2023-12-11T12:00:00+00:00",
"justification": "I need this access to start working on a new project.",
"externalRequestId": "c926c10f-300a-4222-876f-348e0ca07d63",
"isDraft": false,
"requestIdPrefix": "REQ"
}
},
"application": {"authoritative": false,
"connectorId": "AzureAD",
"description": "AzureAD application",
"fr": {"realm": "alpha"
},
"icon": "https://example.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "a09030e6-f4d1-4442-9c7c-1a51ce4683c1",
"mappingNames": ["systemAzureadUser_managedAlpha_user",
"systemAzureadDirectoryrole_managedAlpha_assignment",
"systemAzuread__group___managedAlpha_assignment",
"managedAlpha_user_systemAzureadUser"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-08-31T21:23:35.809Z"
},
"name": "AzureAD",
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entitlementOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"roleOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"decision": {"status": "in-progress",
"decision": "approved",
"outcome": "provisioned",
"startDate": "2023-09-10T12:00:00+00:00",
"completionDate": "2023-09-10T12:00:00+00:00",
"comments": [{"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"comment": "I need to find out more information before approving.  Will check back later.",
"action": "comment",
"timeStamp": "2023-09-11T12:00:00+00:00",
"phase": "ManagerApproval"
}
],
"actors": {"active": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
],
"inactive": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
]
},
"phases": [{"phase": {"name": "ManagerApproval",
"type": "request",
"status": "in-progress",
"decision": "approve",
"startDate": "2023-09-10T12:00:00+00:00",
"events": {"assignment": {"notification": "requestAssigned"
},
"reassign": {"notification": "requestReassigned"
},
"expiration": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestExpired",
"action": "reassign",
"actors": [null
]
},
"escalation": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestEscalated",
"actors": [{ }
],
"frequency": 3
},
"reminder": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestReminder",
"frequency": 3
}
},
"justification": "string",
"workflowTaskId": 1025,
"completedBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"completionDate": "2023-09-10T12:00:00+00:00"
}
}
]
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}
],
"searchAfterKey": ["a321329c-a7e6-47ad-8349-99b6e38f9a59"
],
"totalCount": 0,
"resultCount": 0
}

Get requests user has permissions to view.

Get requests for which the authenticated user has permissions to view. The targetFilter property in the API payload can be used to filter the requests based on the desired criteria.

path Parameters

userId

required

string

Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters

_action required	string Value: "search" Action to be performed on user requests endpoint.
_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_sortType	string Enum: "date" "integer" Example: _sortType=date The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: /

object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Response samples

Content type

application/json

{"result": [{"id": "string",
"requester": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"requestType": "applicationGrant",
"request": {"common": {"startDate": "2023-09-11T12:00:00+00:00",
"endDate": "2023-12-11T12:00:00+00:00",
"justification": "I need this access to start working on a new project.",
"externalRequestId": "c926c10f-300a-4222-876f-348e0ca07d63",
"isDraft": false,
"requestIdPrefix": "REQ"
}
},
"application": {"authoritative": false,
"connectorId": "AzureAD",
"description": "AzureAD application",
"fr": {"realm": "alpha"
},
"icon": "https://example.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "a09030e6-f4d1-4442-9c7c-1a51ce4683c1",
"mappingNames": ["systemAzureadUser_managedAlpha_user",
"systemAzureadDirectoryrole_managedAlpha_assignment",
"systemAzuread__group___managedAlpha_assignment",
"managedAlpha_user_systemAzureadUser"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-08-31T21:23:35.809Z"
},
"name": "AzureAD",
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entitlementOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"roleOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"decision": {"status": "in-progress",
"decision": "approved",
"outcome": "provisioned",
"startDate": "2023-09-10T12:00:00+00:00",
"completionDate": "2023-09-10T12:00:00+00:00",
"comments": [{"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"comment": "I need to find out more information before approving.  Will check back later.",
"action": "comment",
"timeStamp": "2023-09-11T12:00:00+00:00",
"phase": "ManagerApproval"
}
],
"actors": {"active": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
],
"inactive": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
]
},
"phases": [{"phase": {"name": "ManagerApproval",
"type": "request",
"status": "in-progress",
"decision": "approve",
"startDate": "2023-09-10T12:00:00+00:00",
"events": {"assignment": {"notification": "requestAssigned"
},
"reassign": {"notification": "requestReassigned"
},
"expiration": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestExpired",
"action": "reassign",
"actors": [null
]
},
"escalation": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestEscalated",
"actors": [{ }
],
"frequency": 3
},
"reminder": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestReminder",
"frequency": 3
}
},
"justification": "string",
"workflowTaskId": 1025,
"completedBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"completionDate": "2023-09-10T12:00:00+00:00"
}
}
]
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}
],
"searchAfterKey": ["a321329c-a7e6-47ad-8349-99b6e38f9a59"
],
"totalCount": 0,
"resultCount": 0
}

Get requests for which the user is assigned to act on.

Get requests the authenticated user is assigned, either directly, through a role, or through a delegate. The targetFilter property in the API payload can be used to filter the requests based on the desired criteria.

path Parameters

userId

required

string

Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters

_action required	string Value: "search" Action to be performed on user approvals endpoint.
_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_sortType	string Enum: "date" "integer" Example: _sortType=date The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.
actorStatus	string Status of the approver to search on, e.g. "active", "inactive". Active will show tasks which are currenty assigned to the user, while inactive will show tasks that they were assigned and have been completed.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: /

object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Response samples

Content type

application/json

{"result": [{"id": "string",
"requester": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"requestType": "applicationGrant",
"request": {"common": {"startDate": "2023-09-11T12:00:00+00:00",
"endDate": "2023-12-11T12:00:00+00:00",
"justification": "I need this access to start working on a new project.",
"externalRequestId": "c926c10f-300a-4222-876f-348e0ca07d63",
"isDraft": false,
"requestIdPrefix": "REQ"
}
},
"application": {"authoritative": false,
"connectorId": "AzureAD",
"description": "AzureAD application",
"fr": {"realm": "alpha"
},
"icon": "https://example.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "a09030e6-f4d1-4442-9c7c-1a51ce4683c1",
"mappingNames": ["systemAzureadUser_managedAlpha_user",
"systemAzureadDirectoryrole_managedAlpha_assignment",
"systemAzuread__group___managedAlpha_assignment",
"managedAlpha_user_systemAzureadUser"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-08-31T21:23:35.809Z"
},
"name": "AzureAD",
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entitlementOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"roleOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"decision": {"status": "in-progress",
"decision": "approved",
"outcome": "provisioned",
"startDate": "2023-09-10T12:00:00+00:00",
"completionDate": "2023-09-10T12:00:00+00:00",
"comments": [{"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"comment": "I need to find out more information before approving.  Will check back later.",
"action": "comment",
"timeStamp": "2023-09-11T12:00:00+00:00",
"phase": "ManagerApproval"
}
],
"actors": {"active": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
],
"inactive": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
]
},
"phases": [{"phase": {"name": "ManagerApproval",
"type": "request",
"status": "in-progress",
"decision": "approve",
"startDate": "2023-09-10T12:00:00+00:00",
"events": {"assignment": {"notification": "requestAssigned"
},
"reassign": {"notification": "requestReassigned"
},
"expiration": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestExpired",
"action": "reassign",
"actors": [null
]
},
"escalation": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestEscalated",
"actors": [{ }
],
"frequency": 3
},
"reminder": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestReminder",
"frequency": 3
}
},
"justification": "string",
"workflowTaskId": 1025,
"completedBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"completionDate": "2023-09-10T12:00:00+00:00"
}
}
]
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
},
"phases": [{"name": "string",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
}
}
]
}
],
"searchAfterKey": ["a321329c-a7e6-47ad-8349-99b6e38f9a59"
],
"totalCount": 0,
"resultCount": 0
}

Request Form

Request form endpoints.

Search request forms

This endpoint is used to search request forms

query Parameters

_queryFilter	string The search query filter
_fields	string The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pagedResultsOffset	integer Offset number of the record from which to start the paginated results.
_pageSize	integer Number of response result objects to return.
_sortKeys	string The property on which to sort the results.

Responses

Response samples

Content type

application/json

{"id": "string",
"name": "string",
"type": "request",
"categories": {"applicationType": "active.directory",
"objectType": "__ACCOUNT__",
"operation": "create"
},
"form": { },
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}

Create request form

This endpoint is used to create request form

Request Body schema: application/json
required

The payload for create request form

id	string The ID of the request form
name required	string The name of the request form
type required	string The type of the request
categories	object The category information of the form. Categories are name and value pair.
form required	object the UI form definitoin. Server will store it as its, and won't interpret it in any way.
	object

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"name": "string",
"type": "request",
"categories": {"applicationType": "active.directory",
"objectType": "__ACCOUNT__",
"operation": "create"
},
"form": { },
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}

Response samples

Content type

application/json

{"id": "string",
"name": "string",
"type": "request",
"categories": {"applicationType": "active.directory",
"objectType": "__ACCOUNT__",
"operation": "create"
},
"form": { },
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}

Get request form by ID

This endpoint is used to get request form by ID

path Parameters

required

string

The ID of the request form

Responses

Response samples

Content type

application/json

{"id": "string",
"name": "string",
"type": "request",
"categories": {"applicationType": "active.directory",
"objectType": "__ACCOUNT__",
"operation": "create"
},
"form": { },
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}

Replace request form

This endpoint is used to replace an existing request form

path Parameters

required

string

The ID of the request form

Request Body schema: application/json
required

The payload for replacing request form

id	string The ID of the request form
name required	string The name of the request form
type required	string The type of the request
categories	object The category information of the form. Categories are name and value pair.
form required	object the UI form definitoin. Server will store it as its, and won't interpret it in any way.
	object

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"name": "string",
"type": "request",
"categories": {"applicationType": "active.directory",
"objectType": "__ACCOUNT__",
"operation": "create"
},
"form": { },
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}

Response samples

Content type

application/json

{"id": "string",
"name": "string",
"type": "request",
"categories": {"applicationType": "active.directory",
"objectType": "__ACCOUNT__",
"operation": "create"
},
"form": { },
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}

Update request form

This endpoint is used to update an existing request form

path Parameters

required

string

The ID of the request form

Request Body schema: application/json
required

The payload for replacing request form

Array

operation	string Enum: "add" "replace" "copy" "move" "increment" "remove" "transform" The operation apply to the field
field	string The field that will be updated
value	any The value of the field

Responses

Request samples

Payload

Content type

application/json

[{"operation": "add",
"field": "/type",
"value": null
}
]

Response samples

Content type

application/json

{"id": "string",
"name": "string",
"type": "request",
"categories": {"applicationType": "active.directory",
"objectType": "__ACCOUNT__",
"operation": "create"
},
"form": { },
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}

Search request form assignements

The endpoint is used to search the assignement of request forms

query Parameters

_queryFilter	string The search query filter
_fields	string The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pagedResultsOffset	integer Offset number of the record from which to start the paginated results.
_pageSize	integer Number of response result objects to return.
_sortKeys	string The property on which to sort the results.

Responses

Response samples

Content type

application/json

{"objectId": "string",
"formId": "string"
}

Assign and unassign request form

The endpoint is used to assign and unassign request form

query Parameters

_action

required

string

Enum: "assign" "unassign"

Request Body schema: application/json
required

The payload for assign or unassign request form

objectId

required

string

This must be a unique identifier of the object that you want to assigne a request form to. Keep in mind that request form can be used in different use cases. Such as create account for an application, sumbitting data for request, etc. Be sure to have a naming convention that can be use to uniquely identify each user case. One approach is construct this using a URI like format; For example application/900cb1ac-7d6d-4d26-9d62-13e8858a14d5/objectType/ACCOUNT/operation/create, or a simplier version application/900cb1ac-7d6d-4d26-9d62-13e8858a14d5/ACCOUNT/create

formId

required

string

The ID of request form

Responses

Request samples

Payload

Content type

application/json

{"objectId": "string",
"formId": "string"
}

Response samples

Content type

application/json

{"objectId": "string",
"formId": "string"
}

Catalog

Catalog endpoints.

Get catalog items.

Get a list of items from the IGA Access Catalog. Each entry represents a single type of requestable access that can be added to a request. The current supported types of access that are requestable are application, entitlement, and role.

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_sortType	string Enum: "date" "integer" Example: _sortType=date The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.
ignoreRequestable	string Example: ignoreRequestable=false For admin use, will allow admin to view catalog items not marked as requestable when set to true
userId	string Example: userId=3f9aeffb-dec7-484d-9031-a9e28646d284 For admin use, when provided will return the scoped catalog access that matches the given user id.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

Example

application

{"id": "26f2bd6b-3d23-4fbb-92f7-9aecd0183852",
"item": {"type": "accountGrant"
},
"application": {"_rev": "23b2b11e-3ee6-499d-9e66-88ea2a867f98-50136",
"authoritative": true,
"connectorId": "AzureADAuth1",
"description": "AD Auth App1",
"fr": {"realm": "alpha"
},
"icon": "https://openam-glossary-fix-0608.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "26f2bd6b-3d23-4fbb-92f7-9aecd0183852",
"mappingNames": ["systemAzureadauth1User_managedAlpha_user"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-06-09T15:01:49.259Z"
},
"name": "AzureADAuth1",
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"_rev": "23b2b11e-3ee6-499d-9e66-88ea2a867f98-1944",
"accountStatus": "active",
"cn": "iga admin",
"fr": {"realm": "alpha"
},
"givenName": "iga",
"id": "b409de90-dc24-42ee-b315-7e133c7cfaca",
"mail": "iga-admin@fr.net",
"metadata": {"entityType": "/openidm/managed/user",
"created": "2023-06-08T23:02:15.385Z"
},
"sn": "admin",
"userName": "iga-admin"
}
]
}

Search catalog items.

Get a list of items from the IGA Access Catalog using additional filter criteria. Each entry represents a single type of requestable access that can be added to a request. The current supported types of access that are requestable are application, entitlement, and role.

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_sortType	string Enum: "date" "integer" Example: _sortType=date The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.
ignoreRequestable	string Example: ignoreRequestable=false For admin use, will allow admin to view catalog items not marked as requestable when set to true
userId	string Example: userId=3f9aeffb-dec7-484d-9031-a9e28646d284 For admin use, when provided will return the scoped catalog access that matches the given user id.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Any of

object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Request samples

Payload

Content type

application/json

{"targetFilter": {"operator": "AND",
"operand": [{"operator": "EQUALS",
"operand": {"targetName": "user.userName",
"targetValue": "ljones"
}
},
{"operator": "CONTAINS",
"operand": {"targetName": "application.name",
"targetValue": "Active Directory"
}
}
]
}
}

Response samples

Content type

application/json

{"result": [{"id": "system_TargetADApp2_directoryRole_08ec32b7-b9c5-4d71-bd72-ea7b8584c5a4",
"item": {"type": "entitlementGrant"
},
"descriptor": {"idx": {"/entitlement": {"displayName": "Directory Readers"
}
}
},
"glossary": {"idx": {"/entitlement": {"requestable": true
}
}
},
"entitlement": {"_id": "08ec32b7-b9c5-4d71-bd72-ea7b8584c5a4",
"description": "Can read basic directory information. Commonly used to grant directory read access to applications and guests.",
"displayName": "Directory Readers"
},
"assignment": {"_rev": "23b2b11e-3ee6-499d-9e66-88ea2a867f98-72216",
"attributes": [{"name": "__roles__",
"value": ["08ec32b7-b9c5-4d71-bd72-ea7b8584c5a4"
]
}
],
"description": "Can read basic directory information. Commonly used to grant directory read access to applications and guests.",
"fr": {"realm": "alpha"
},
"id": "system_TargetADApp2_directoryRole_08ec32b7-b9c5-4d71-bd72-ea7b8584c5a4",
"mapping": "managedAlpha_user_systemTargetadapp2User",
"metadata": {"entityType": "/openidm/managed/assignment",
"created": "2023-06-09T22:09:42.877Z"
},
"name": "Directory Readers",
"type": "__ENTITLEMENT__"
},
"application": {"_rev": "23b2b11e-3ee6-499d-9e66-88ea2a867f98-67718",
"authoritative": false,
"connectorId": "TargetADApp2",
"description": "Target AD App2",
"fr": {"realm": "alpha"
},
"icon": "https://openam-glossary-fix-0608.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "a4e54fcb-9088-4d42-bb4a-138d69b2486e",
"mappingNames": ["systemTargetadapp2User_managedAlpha_user",
"systemTargetadapp2Directoryrole_managedAlpha_assignment",
"systemTargetadapp2__group___managedAlpha_assignment",
"managedAlpha_user_systemTargetadapp2User"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-06-09T20:43:57.74Z"
},
"name": "TargetADApp2",
"ssoIdentities": {"oidcId": "TargetADApp2"
},
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"_rev": "23b2b11e-3ee6-499d-9e66-88ea2a867f98-1944",
"accountStatus": "active",
"cn": "iga admin",
"fr": {"realm": "alpha"
},
"givenName": "iga",
"id": "b409de90-dc24-42ee-b315-7e133c7cfaca",
"mail": "iga-admin@fr.net",
"metadata": {"entityType": "/openidm/managed/user",
"created": "2023-06-08T23:02:15.385Z"
},
"sn": "admin",
"userName": "iga-admin"
}
],
"metadata": {"firstCreated": "2024-01-11T12:00:00+00:00",
"created": "2024-04-24T12:00:00+00:00"
}
}
],
"searchAfterKey": ["a321329c-a7e6-47ad-8349-99b6e38f9a59"
],
"totalCount": 1,
"resultCount": 1
}

Get the properties available to filter by/search when using the catalog API.

This endpoint will retrieve all of the currently configured properties that are eligible to be used for search/sort when searching against the catalog API. Each property will include some additional metadata about the property, such as whether or not the property is multi value and its data type.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"application": [{"key": "application.description",
"name": "description",
"displayName": "Description",
"description": "Application Description",
"type": "string",
"isMultiValue": false
},
{"key": "application.name",
"name": "name",
"displayName": "Name",
"description": "Application name",
"type": "string",
"isMultiValue": false
}
],
"entitlement": [{"key": "glossary.idx./entitlement.description",
"allowedValues": [ ],
"isIndexed": true,
"isMultiValue": false,
"managedObjectType": null,
"searchable": true,
"isInternal": true,
"displayName": "Description",
"name": "description",
"description": "Description of entitlement",
"objectType": "/openidm/managed/assignment",
"type": "string"
},
{"key": "entitlement.displayName",
"name": "displayName",
"displayName": "Display Name",
"description": "",
"type": "text",
"isMultiValue": false
},
{"key": "glossary.idx./entitlement.entitlementOwner",
"allowedValues": [ ],
"isIndexed": true,
"isMultiValue": false,
"managedObjectType": "/openidm/managed/user",
"searchable": true,
"isInternal": true,
"displayName": "Entitlement Owner",
"name": "entitlementOwner",
"description": "Entitlement Owner of Object",
"objectType": "/openidm/managed/assignment",
"type": "managedObject"
},
{"key": "glossary.idx./entitlement.requestable",
"allowedValues": [ ],
"isIndexed": true,
"isMultiValue": false,
"managedObjectType": null,
"searchable": true,
"isInternal": true,
"displayName": "Requestable",
"name": "requestable",
"description": "Can the entitlement be requested",
"objectType": "/openidm/managed/assignment",
"type": "boolean"
}
],
"role": [{"key": "role.applications._ref",
"name": "applications",
"displayName": "Applications",
"description": "Role Applications",
"type": "managedObject",
"isMultiValue": true,
"managedObjectType": "/openidm/managed/alpha_application"
},
{"key": "role.description",
"name": "description",
"displayName": "Description",
"description": "The role description, used for display purposes.",
"type": "string",
"isMultiValue": false
},
{"key": "role.id",
"name": "_id",
"displayName": "Name",
"description": "Role ID",
"type": "string",
"isMultiValue": false
},
{"key": "role.name",
"name": "name",
"displayName": "Name",
"description": "The role name, used for display purposes.",
"type": "string",
"isMultiValue": false
},
{"key": "glossary.idx./role.requestable",
"allowedValues": [ ],
"isIndexed": true,
"isMultiValue": false,
"managedObjectType": null,
"searchable": true,
"isInternal": true,
"displayName": "Requestable",
"name": "requestable",
"description": "Can the role be requested",
"objectType": "/openidm/managed/role",
"type": "boolean"
},
{"key": "role.members._ref",
"name": "members",
"displayName": "Role Members",
"description": "Role Members",
"type": "managedObject",
"isMultiValue": true,
"managedObjectType": "/openidm/managed/alpha_user"
}
]
}

Get the properties available to filter by/search for a specific object when using the catalog API.

This endpoint will retrieve all of the currently configured properties that are eligible to be used for search/sort for a single object when searching against the catalog API. For example, all of the entitlement specific properties you can use to search. Each property will include some additional metadata about the property, such as whether or not the property is multi value and its data type.

path Parameters

objectType

required

string

Enum: "application" "entitlement" "role"

Type of object to get filter properties for.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

Example

application

[{"key": "application.description",
"name": "description",
"displayName": "Description",
"description": "Application Description",
"type": "string",
"isMultiValue": false
},
{"key": "application.name",
"name": "name",
"displayName": "Name",
"description": "Application name",
"type": "string",
"isMultiValue": false
}
]

Provisioning

Access provisioning endpoints.

Provision or de-provision applications for a user.

path Parameters

userId

required

string

Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters

_action

required

string

Enum: "add" "remove"

Action to be performed on access provisioning endpoint.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

applicationId required	string
startDate	string The date that the granted access will take effect. The value should be provided in ISO8601 format.
endDate	string The date that the granted access will end for the user. The value should be provided in ISO8601 format.
grantType	string (ProvisionGrantTypes) Enum: "request" "admin" The mechanism for a given provisioning action, request if done so via a request, or admin if directly assigned by an administrator.

Responses

Request samples

Payload

Content type

application/json

{"applicationId": "0c067d47-f07c-46d6-9162-14476d18d87a",
"startDate": "2023-09-11T12:00:00+00:00",
"endDate": "2023-12-11T12:00:00+00:00",
"grantType": "request"
}

Response samples

Content type

application/json

{ }

Provision or de-provision roles for a user.

path Parameters

userId

required

string

Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters

_action

required

string

Enum: "add" "remove"

Action to be performed on access provisioning endpoint.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

roleId required	string
startDate	string The date that the granted access will take effect. The value should be provided in ISO8601 format.
endDate	string The date that the granted access will end for the user. The value should be provided in ISO8601 format.
grantType	string (ProvisionGrantTypes) Enum: "request" "admin" The mechanism for a given provisioning action, request if done so via a request, or admin if directly assigned by an administrator.

Responses

Request samples

Payload

Content type

application/json

{"roleId": "0c067d47-f07c-46d6-9162-14476d18d87a",
"startDate": "2023-09-11T12:00:00+00:00",
"endDate": "2023-12-11T12:00:00+00:00",
"grantType": "request"
}

Response samples

Content type

application/json

{ }

Provision or de-provision entitlements for a user.

path Parameters

userId

required

string

Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters

_action

required

string

Enum: "add" "remove"

Action to be performed on access provisioning endpoint.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

entitlementId required	string
startDate	string The date that the granted access will take effect. The value should be provided in ISO8601 format.
endDate	string The date that the granted access will end for the user. The value should be provided in ISO8601 format.
grantType	string (ProvisionGrantTypes) Enum: "request" "admin" The mechanism for a given provisioning action, request if done so via a request, or admin if directly assigned by an administrator.

Responses

Request samples

Payload

Content type

application/json

{"entitlementId": "0c067d47-f07c-46d6-9162-14476d18d87a",
"startDate": "2023-09-11T12:00:00+00:00",
"endDate": "2023-12-11T12:00:00+00:00",
"grantType": "request"
}

Response samples

Content type

application/json

{ }

Config

Configuration endpoints.

Get all IGA configuration settings.

Reads and returns all of the IGA configuration properties, across all categories (currently only iga_access_request configuration is available.) These properties are used throughout IGA to determine how certain functionality should behave. For example, iga_access_request contains configuration for whether or not justification is required to reject a request, or whether or not a user can approve their own access.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"iga_access_request": {"requireRequestJustification": true,
"requireRejectJustification": true,
"requireApproveJustification": true,
"preventRequestWithViolation": true,
"requireRequestJustificationWithViolation": true,
"defaultApprover": "managed/role/0e3de08d-fb8f-4f7f-91a8-4e65576fcac4",
"allowSelfApproval": true
},
"iga_global": {"enableScoping": false
}
}

Update all IGA configuration settings.

Update all of the IGA configuration properties, across all categories (currently only iga_access_request configuration is available.) Note that all current configuration must be included when saving changes, any omitted keys will be replaced by default values.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

required	object (IGAAccessRequestConfig) IGA configuration options specifically related to access request use cases.
	object (IGAGlobalConfig) IGA configuration options that are applied across IGA functionality.

Responses

Request samples

Payload

Content type

application/json

{"iga_access_request": {"requireRequestJustification": true,
"requireRejectJustification": true,
"requireApproveJustification": true,
"preventRequestWithViolation": true,
"requireRequestJustificationWithViolation": true,
"defaultApprover": "managed/role/0e3de08d-fb8f-4f7f-91a8-4e65576fcac4",
"allowSelfApproval": true
},
"iga_global": {"enableScoping": false
}
}

Get IGA configuration settings for a given category.

Reads and returns IGA configuration settings for a given category (e.g. iga_access_request.)

path Parameters

key

required

string

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

Example

iga_access_request

{"requireRequestJustification": true,
"requireRejectJustification": true,
"requireApproveJustification": true,
"preventRequestWithViolation": true,
"requireRequestJustificationWithViolation": true,
"defaultApprover": "managed/role/0e3de08d-fb8f-4f7f-91a8-4e65576fcac4",
"allowSelfApproval": true
}

Update IGA configuration settings for a given category.

Update IGA configuration settings for a given category (e.g. iga_access_request).

path Parameters

key

required

string

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Any of

requireRequestJustification	boolean Whether requests require justification to be submitted.
requireRejectJustification	boolean Whether request rejections require justification to be submitted.
requireApproveJustification	boolean Whether request approvals require justification to be submitted.
preventRequestWithViolation	boolean Whether or not a request can be generated if it causes violations.
requireRequestJustificationWithViolation	boolean Whether requests require justification to be submitted on violations generated.
defaultApprover	string The default role that can be used to handle approvals when an approver cannot be calculated.
allowSelfApproval	boolean Whether a user is allowed to approve/reject an approval task on a request for their own access.

Responses

Request samples

Payload

Content type

application/json

Example

iga_access_request

{"requireRequestJustification": true,
"requireRejectJustification": true,
"requireApproveJustification": true,
"preventRequestWithViolation": true,
"requireRequestJustificationWithViolation": true,
"defaultApprover": "managed/role/0e3de08d-fb8f-4f7f-91a8-4e65576fcac4",
"allowSelfApproval": true
}

Response samples

Content type

application/json

Example

iga_access_request

{"requireRequestJustification": true,
"requireRejectJustification": true,
"requireApproveJustification": true,
"preventRequestWithViolation": true,
"requireRequestJustificationWithViolation": true,
"defaultApprover": "managed/role/0e3de08d-fb8f-4f7f-91a8-4e65576fcac4",
"allowSelfApproval": true
}

Account

Account endpoints

Search IGA for account objects.

This endpoint is used to search IGA for account objects that have been on-boarded as part of any application.

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_sortType	string Enum: "date" "integer" Example: _sortType=date The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"result": [{"id": "system/TargetADApp/User/8df77c8b-dac0-4cc5-9f38-b4a467983609",
"keys": {"type": "accountGrant",
"userId": "041ae68e-c54d-43ae-957d-5bda01d6f259",
"applicationId": "a87e3d1f-1f9e-4597-bb0a-2ed56d2484a3",
"accountId": "system/TargetADApp/User/6841028f-2cf7-4439-afa2-51cc3fcb0363"
},
"account": {"state": "PA",
"status": "3",
"isManager": "no",
"depName": "Human Resources",
"__UID__": "2014",
"phone": "555-1212",
"city": "Allentown",
"jobCode": "2002",
"address": "1234 Spruce St",
"__NAME__": "2014",
"uid": "2014",
"lastName": "Hart",
"firstName": "Jeremy",
"country": "US",
"depId": "200",
"email": "jhart@forgerock.com",
"empType": "1",
"postalCode": "12345",
"_id": "2014"
},
"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"application": {"authoritative": false,
"connectorId": "AzureAD",
"description": "AzureAD application",
"fr": {"realm": "alpha"
},
"icon": "https://example.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "a09030e6-f4d1-4442-9c7c-1a51ce4683c1",
"mappingNames": ["systemAzureadUser_managedAlpha_user",
"systemAzureadDirectoryrole_managedAlpha_assignment",
"systemAzuread__group___managedAlpha_assignment",
"managedAlpha_user_systemAzureadUser"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-08-31T21:23:35.809Z"
},
"name": "AzureAD",
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"descriptor": {"idx": {"/account": {"displayName": "Example Account"
}
}
},
"glossary": {"idx": {"/account": {"accountType": "normal",
"accountStatus": "active"
},
"/application": {"requestable": true,
"classification": "internal"
}
}
},
"item": {"decision": {"campaignId": "string",
"completedBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"completionDate": "string",
"decision": "certify",
"decisionBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"decisionDate": "string"
}
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}
],
"searchAfterKey": ["a321329c-a7e6-47ad-8349-99b6e38f9a59"
],
"totalCount": 1,
"resultCount": 1
}

Search IGA for account objects using additional filters.

This endpoint is used to search IGA for account objects that have been on-boarded as part of any application. Additional filter criteria can be provided to allow searching by application, user, or glossary data.

query Parameters

_action required	string Value: "search" Action to be performed for account endpoint.
_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_sortType	string Enum: "date" "integer" Example: _sortType=date The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Any of

object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Request samples

Payload

Content type

application/json

{"targetFilter": {"operator": "AND",
"operand": [{"operator": "EQUALS",
"operand": {"targetName": "user.userName",
"targetValue": "ljones"
}
},
{"operator": "CONTAINS",
"operand": {"targetName": "application.name",
"targetValue": "Active Directory"
}
}
]
}
}

Response samples

Content type

application/json

{"result": [{"id": "system/TargetADApp/User/8df77c8b-dac0-4cc5-9f38-b4a467983609",
"keys": {"type": "accountGrant",
"userId": "041ae68e-c54d-43ae-957d-5bda01d6f259",
"applicationId": "a87e3d1f-1f9e-4597-bb0a-2ed56d2484a3",
"accountId": "system/TargetADApp/User/6841028f-2cf7-4439-afa2-51cc3fcb0363"
},
"account": {"state": "PA",
"status": "3",
"isManager": "no",
"depName": "Human Resources",
"__UID__": "2014",
"phone": "555-1212",
"city": "Allentown",
"jobCode": "2002",
"address": "1234 Spruce St",
"__NAME__": "2014",
"uid": "2014",
"lastName": "Hart",
"firstName": "Jeremy",
"country": "US",
"depId": "200",
"email": "jhart@forgerock.com",
"empType": "1",
"postalCode": "12345",
"_id": "2014"
},
"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"application": {"authoritative": false,
"connectorId": "AzureAD",
"description": "AzureAD application",
"fr": {"realm": "alpha"
},
"icon": "https://example.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "a09030e6-f4d1-4442-9c7c-1a51ce4683c1",
"mappingNames": ["systemAzureadUser_managedAlpha_user",
"systemAzureadDirectoryrole_managedAlpha_assignment",
"systemAzuread__group___managedAlpha_assignment",
"managedAlpha_user_systemAzureadUser"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-08-31T21:23:35.809Z"
},
"name": "AzureAD",
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"descriptor": {"idx": {"/account": {"displayName": "Example Account"
}
}
},
"glossary": {"idx": {"/account": {"accountType": "normal",
"accountStatus": "active"
},
"/application": {"requestable": true,
"classification": "internal"
}
}
},
"item": {"decision": {"campaignId": "string",
"completedBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"completionDate": "string",
"decision": "certify",
"decisionBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"decisionDate": "string"
}
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}
],
"searchAfterKey": ["a321329c-a7e6-47ad-8349-99b6e38f9a59"
],
"totalCount": 1,
"resultCount": 1
}

Get an account object by ID.

Retrieve the details of a single account object using its unique identifier.

path Parameters

accountId

required

string

The unique identifier of the account to get.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"id": "system/TargetADApp/User/8df77c8b-dac0-4cc5-9f38-b4a467983609",
"keys": {"type": "accountGrant",
"userId": "041ae68e-c54d-43ae-957d-5bda01d6f259",
"applicationId": "a87e3d1f-1f9e-4597-bb0a-2ed56d2484a3",
"accountId": "system/TargetADApp/User/6841028f-2cf7-4439-afa2-51cc3fcb0363"
},
"account": {"state": "PA",
"status": "3",
"isManager": "no",
"depName": "Human Resources",
"__UID__": "2014",
"phone": "555-1212",
"city": "Allentown",
"jobCode": "2002",
"address": "1234 Spruce St",
"__NAME__": "2014",
"uid": "2014",
"lastName": "Hart",
"firstName": "Jeremy",
"country": "US",
"depId": "200",
"email": "jhart@forgerock.com",
"empType": "1",
"postalCode": "12345",
"_id": "2014"
},
"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"application": {"authoritative": false,
"connectorId": "AzureAD",
"description": "AzureAD application",
"fr": {"realm": "alpha"
},
"icon": "https://example.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "a09030e6-f4d1-4442-9c7c-1a51ce4683c1",
"mappingNames": ["systemAzureadUser_managedAlpha_user",
"systemAzureadDirectoryrole_managedAlpha_assignment",
"systemAzuread__group___managedAlpha_assignment",
"managedAlpha_user_systemAzureadUser"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-08-31T21:23:35.809Z"
},
"name": "AzureAD",
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"descriptor": {"idx": {"/account": {"displayName": "Example Account"
}
}
},
"glossary": {"idx": {"/account": {"accountType": "normal",
"accountStatus": "active"
},
"/application": {"requestable": true,
"classification": "internal"
}
}
},
"item": {"decision": {"campaignId": "string",
"completedBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"completionDate": "string",
"decision": "certify",
"decisionBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"decisionDate": "string"
}
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}

Get an account's glossary metadata by ID.

Retrieve the glossary specific details of a single account object using its unique identifier.

path Parameters

accountId

required

string

The unique identifier of the account to get glossary information for.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"accountType": "normal",
"accountStatus": "active"
}

Create an account's glossary metadata by ID.

Create glossary entry for a single account object using its unique identifier.

path Parameters

accountId

required

string

The unique identifier of the account to get.

query Parameters

_action

required

string

Value: "create"

Action to be performed for account endpoint.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Any of

object (AccountGlossaryDetail)

This is an object of arbitrary key-value pairs for account glossary metadata that has been stored for a given account object.

Responses

Request samples

Payload

Content type

application/json

{"accountType": "normal",
"accountStatus": "active"
}

Response samples

Content type

application/json

{"accountType": "normal",
"accountStatus": "active"
}

Create or update an account's glossary metadata by ID.

Create or update a glossary entry for a single account object using its unique identifier.

path Parameters

accountId

required

string

The unique identifier of the account to get.

query Parameters

_action

required

string

Value: "create"

Action to be performed for account endpoint.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Any of

object (AccountGlossaryDetail)

This is an object of arbitrary key-value pairs for account glossary metadata that has been stored for a given account object.

Responses

Request samples

Payload

Content type

application/json

{"accountType": "normal",
"accountStatus": "active"
}

Response samples

Content type

application/json

{"accountType": "normal",
"accountStatus": "active"
}

Event

Event rule endpoints.

Get event definitions.

Get and search for a list of event rules defined in IGA. Each entry represents a single event rule that has been defined to detect a change in the system. IGA rules consist of two core pieces, the condition for the event, and the action that should be taken when that event occurs. For example, a rule may be defined that determines that any time a user is created in IGA, an certification for that user should be created.

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_sortType	string Enum: "date" "integer" Example: _sortType=date The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"result": [{"name": "User Creation Event",
"description": "This event will create an identity certification for a new user upon creation",
"owners": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entityType": "user",
"mutationType": "create",
"condition": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.after.country",
"right": {"literal": "USA"
}
}
}
]
}
},
"action": {"type": "orchestration",
"template": {"id": "8baa49a4-2c22-40e1-a2b9-5cbe4930f8da-46357"
},
"name": "IdentityCertificationKickOff",
"parameters": { }
},
"status": "active",
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
},
"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}
],
"resultCount": 0,
"totalCount": 0,
"searchAfterKey": ["string"
]
}

Create a new event definition.

Create a single IGA event rule. A single event rule is defined to detect a change in the system. IGA rules consist of two core pieces, the condition for the event, and the action that should be taken when that event occurs. For example, a rule may be defined that determines that any time a user is created in IGA, an certification for that user should be created.

query Parameters

_action

required

string

Value: "create"

Action to be performed for event endpoint.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

name	string The name of the event
description	string The descripton of the event and its purpose
	Array of objects (User) This list of unique owner IDs for the event.
entityType	string Value: "user" The type of entity for which this event applies (e.g. user, role, etc.)
mutationType	string Enum: "create" "update" "delete" The type of mutation event on the entity, (e.g. create, update, etc.)
condition	object The condition definition for how to detect this event has occurred.
	object Object that defines what action will be used to respond to this event
status	string Enum: "active" "inactive" The status of the event, active/inactive

Responses

Request samples

Payload

Content type

application/json

Example

orchestration

{"name": "User Creation Event",
"description": "This event will kick off an orchestration for a new user upon creation.",
"entityType": "user",
"mutationType": "create",
"condition": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.after.country",
"right": {"literal": "USA"
}
}
}
]
}
},
"action": {"type": "orchestration",
"name": "IdentityCertificationKickOff"
},
"status": "active",
"owners": [{"id": "managed/user/02612d23-2f7e-4fd0-98f2-3c3d0988df27",
"mail": "aparsons@frgov.net",
"givenName": "Alvin",
"sn": "Parsons",
"userName": "aparsons"
}
]
}

Response samples

Content type

application/json

{"name": "User Creation Event",
"description": "This event will create an identity certification for a new user upon creation",
"owners": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entityType": "user",
"mutationType": "create",
"condition": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.after.country",
"right": {"literal": "USA"
}
}
}
]
}
},
"action": {"type": "orchestration",
"template": {"id": "8baa49a4-2c22-40e1-a2b9-5cbe4930f8da-46357"
},
"name": "IdentityCertificationKickOff",
"parameters": { }
},
"status": "active",
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
},
"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Get event definition by id.

Get a single IGA event by id. The response is a single event rule that has been defined to detect a change in the system.

path Parameters

required

string

ID of the event

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"name": "User Creation Event",
"description": "This event will create an identity certification for a new user upon creation",
"owners": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entityType": "user",
"mutationType": "create",
"condition": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.after.country",
"right": {"literal": "USA"
}
}
}
]
}
},
"action": {"type": "orchestration",
"template": {"id": "8baa49a4-2c22-40e1-a2b9-5cbe4930f8da-46357"
},
"name": "IdentityCertificationKickOff",
"parameters": { }
},
"status": "active",
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
},
"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Update entire event definition by id.

Update a single IGA event by id. This call expects the entire object to be provided and replace the entire existing event definition.

path Parameters

required

string

ID of the event

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

name	string The name of the event
description	string The descripton of the event and its purpose
	Array of objects (User) This list of unique owner IDs for the event.
entityType	string Value: "user" The type of entity for which this event applies (e.g. user, role, etc.)
mutationType	string Enum: "create" "update" "delete" The type of mutation event on the entity, (e.g. create, update, etc.)
condition	object The condition definition for how to detect this event has occurred.
	object Object that defines what action will be used to respond to this event
status	string Enum: "active" "inactive" The status of the event, active/inactive

Responses

Request samples

Payload

Content type

application/json

{"name": "User Creation Event",
"description": "This event will create an identity certification for a new user upon creation",
"owners": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entityType": "user",
"mutationType": "create",
"condition": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.after.country",
"right": {"literal": "USA"
}
}
}
]
}
},
"action": {"type": "orchestration",
"template": {"id": "8baa49a4-2c22-40e1-a2b9-5cbe4930f8da-46357"
},
"name": "IdentityCertificationKickOff",
"parameters": { }
},
"status": "active"
}

Response samples

Content type

application/json

{"name": "User Creation Event",
"description": "This event will create an identity certification for a new user upon creation",
"owners": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entityType": "user",
"mutationType": "create",
"condition": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.after.country",
"right": {"literal": "USA"
}
}
}
]
}
},
"action": {"type": "orchestration",
"template": {"id": "8baa49a4-2c22-40e1-a2b9-5cbe4930f8da-46357"
},
"name": "IdentityCertificationKickOff",
"parameters": { }
},
"status": "active",
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
},
"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Update specific properties of an event definition by id.

Update a single IGA event by id. This call will allow the caller to update specific properties of the event only, without providing the entire object.

path Parameters

required

string

ID of the event

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Schema not provided

Responses

Request samples

Payload

Content type

application/json

[{"operation": "replace",
"field": "/status",
"value": "active"
}
]

Response samples

Content type

application/json

{"name": "User Creation Event",
"description": "This event will create an identity certification for a new user upon creation",
"owners": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entityType": "user",
"mutationType": "create",
"condition": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.after.country",
"right": {"literal": "USA"
}
}
}
]
}
},
"action": {"type": "orchestration",
"template": {"id": "8baa49a4-2c22-40e1-a2b9-5cbe4930f8da-46357"
},
"name": "IdentityCertificationKickOff",
"parameters": { }
},
"status": "active",
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
},
"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Delete a single IGA event by id.

path Parameters

required

string

ID of the event

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"name": "User Creation Event",
"description": "This event will create an identity certification for a new user upon creation",
"owners": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entityType": "user",
"mutationType": "create",
"condition": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.after.country",
"right": {"literal": "USA"
}
}
}
]
}
},
"action": {"type": "orchestration",
"template": {"id": "8baa49a4-2c22-40e1-a2b9-5cbe4930f8da-46357"
},
"name": "IdentityCertificationKickOff",
"parameters": { }
},
"status": "active",
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
},
"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Get available event entities.

Get the list of available entities on which a condition can be defined.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"entities": ["user"
]
}

Get schema for a given object.

Get the available schema for defining a condition on a given object. For example, 'user' will return the attributes available for defining an event for users in IGA.

path Parameters

object

required

string

Type of object for which to return schema

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"schema": {"user.after.profileImage": {"class": "json",
"type": "string"
},
"user.before.description": {"class": "json",
"type": "string"
},
"user.before._id": {"class": "json",
"type": "string"
},
"user.after.manager": {"class": "json",
"reference": "/openidm/managed/alpha_user",
"type": "reference"
},
"user.before.postalAddress": {"class": "json",
"type": "string"
},
"user.after.applications": {"class": "json",
"item": {"type": "reference",
"reference": "/openidm/managed/alpha_application"
},
"type": "array"
},
"user.before.accountStatus": {"class": "json",
"type": "string"
},
"user.before.groups": {"class": "json",
"item": {"type": "reference",
"reference": "/openidm/managed/alpha_group"
},
"type": "array"
},
"user.before.adminOfOrg": {"class": "json",
"item": {"type": "reference",
"reference": "/openidm/managed/alpha_organization"
},
"type": "array"
},
"user.after.country": {"class": "json",
"type": "string"
},
"user.after.telephoneNumber": {"class": "json",
"type": "string"
},
"user.after.reports": {"class": "json",
"item": {"type": "reference",
"reference": "/openidm/managed/alpha_user"
},
"type": "array"
},
"user.before.frUnindexedMultivalued4": {"class": "json",
"item": {"type": "string"
},
"type": "array"
},
"user.before.ownerOfApp": {"class": "json",
"item": {"type": "reference",
"reference": "/openidm/managed/alpha_application"
},
"type": "array"
},
"user.before.frUnindexedMultivalued5": {"class": "json",
"item": {"type": "string"
},
"type": "array"
},
"user.before.frUnindexedMultivalued2": {"class": "json",
"item": {"type": "string"
},
"type": "array"
},
"user.after.givenName": {"class": "json",
"type": "string"
},
"user.before.frUnindexedMultivalued3": {"class": "json",
"item": {"type": "string"
},
"type": "array"
},
"user.before.manager": {"class": "json",
"reference": "/openidm/managed/alpha_user",
"type": "reference"
},
"user.after.mail": {"class": "json",
"type": "string"
}
}
}

Scope

Scoping related endpoints.

Get scope definitions.

Get and search for a list of scoping rules defined in IGA. Each entry represents a single scoping rule that has been defined to assign a set of conditions that will allow a subset of users visibility on a subset of target objects. IGA scoping rules consist of two core pieces, the condition for the source object (who/what the scope applies to), and the condition for the target objects that can be viewed/acted on/etc.

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_sortType	string Enum: "date" "integer" Example: _sortType=date The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"result": [{"name": "Contractor Scope",
"description": "This event will create a scoping rule for users who are contractors",
"status": "active",
"sourceCondition": {"user": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.employeeType",
"right": {"literal": "contractor"
}
}
}
]
}
}
},
"targetCondition": {"application": {"version": "v2",
"filter": {"and": [{"equals": {"left": "application.templateName",
"right": {"literal": "azure.ad"
}
}
}
]
}
},
"role": {"version": "v2",
"filter": {"and": [{"contains": {"search_string_array": [{"literal": "contractor"
},
{"literal": "temp"
}
],
"in_string": "role.name"
}
}
]
}
},
"entitlement": {"version": "v2",
"filter": {"and": [{"equals": {"left": "entitlement.name",
"right": {"literal": "Directory Admin"
}
}
}
]
}
}
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
},
"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}
],
"resultCount": 0,
"totalCount": 0,
"searchAfterKey": ["string"
]
}

Create a new scope.

Create a single scoping rule in IGA. Each scoping rule is defined to assign a set of conditions that will allow a subset of users visibility on a subset of target objects. IGA scoping rules consist of two core pieces, the condition for the source object (who/what the scope applies to), and the condition for the target objects that can be viewed/acted on/etc.

query Parameters

_action

required

string

Value: "create"

Action to be performed for scope endpoint.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

name	string The name of the scope
description	string The descripton of the scope and its purpose
status	string Enum: "active" "inactive" The status of the event, active/inactive
	object The conditions for this scoping rule that determine who/what the rule applies to
	object The conditions for this scoping rule that determine who/what the source objects can view/access/act on/etc.

Responses

Request samples

Payload

Content type

application/json

{"name": "Contractor Scope",
"description": "This event will create a scoping rule for users who are contractors",
"status": "active",
"sourceCondition": {"user": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.employeeType",
"right": {"literal": "contractor"
}
}
}
]
}
}
},
"targetCondition": {"application": {"version": "v2",
"filter": {"and": [{"equals": {"left": "application.templateName",
"right": {"literal": "azure.ad"
}
}
}
]
}
},
"role": {"version": "v2",
"filter": {"and": [{"contains": {"search_string_array": [{"literal": "contractor"
},
{"literal": "temp"
}
],
"in_string": "role.name"
}
}
]
}
},
"entitlement": {"version": "v2",
"filter": {"and": [{"equals": {"left": "entitlement.name",
"right": {"literal": "Directory Admin"
}
}
}
]
}
}
}
}

Response samples

Content type

application/json

{"name": "Contractor Scope",
"description": "This event will create a scoping rule for users who are contractors",
"status": "active",
"sourceCondition": {"user": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.employeeType",
"right": {"literal": "contractor"
}
}
}
]
}
}
},
"targetCondition": {"application": {"version": "v2",
"filter": {"and": [{"equals": {"left": "application.templateName",
"right": {"literal": "azure.ad"
}
}
}
]
}
},
"role": {"version": "v2",
"filter": {"and": [{"contains": {"search_string_array": [{"literal": "contractor"
},
{"literal": "temp"
}
],
"in_string": "role.name"
}
}
]
}
},
"entitlement": {"version": "v2",
"filter": {"and": [{"equals": {"left": "entitlement.name",
"right": {"literal": "Directory Admin"
}
}
}
]
}
}
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
},
"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Get scope by id.

Get a single scoping rule in IGA by id. Each scoping rule is defined to assign a set of conditions that will allow a subset of users visibility on a subset of target objects. IGA scoping rules consist of two core pieces, the condition for the source object (who/what the scope applies to), and the condition for the target objects that can be viewed/acted on/etc.

path Parameters

required

string

ID of the scope

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"name": "Contractor Scope",
"description": "This event will create a scoping rule for users who are contractors",
"status": "active",
"sourceCondition": {"user": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.employeeType",
"right": {"literal": "contractor"
}
}
}
]
}
}
},
"targetCondition": {"application": {"version": "v2",
"filter": {"and": [{"equals": {"left": "application.templateName",
"right": {"literal": "azure.ad"
}
}
}
]
}
},
"role": {"version": "v2",
"filter": {"and": [{"contains": {"search_string_array": [{"literal": "contractor"
},
{"literal": "temp"
}
],
"in_string": "role.name"
}
}
]
}
},
"entitlement": {"version": "v2",
"filter": {"and": [{"equals": {"left": "entitlement.name",
"right": {"literal": "Directory Admin"
}
}
}
]
}
}
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
},
"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Update entire scope by id.

Update a single IGA scope by id. This call expects the entire object to be provided and replace the entire existing scope definition.

path Parameters

required

string

ID of the scope

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

name	string The name of the scope
description	string The descripton of the scope and its purpose
status	string Enum: "active" "inactive" The status of the event, active/inactive
	object The conditions for this scoping rule that determine who/what the rule applies to
	object The conditions for this scoping rule that determine who/what the source objects can view/access/act on/etc.

Responses

Request samples

Payload

Content type

application/json

{"name": "Contractor Scope",
"description": "This event will create a scoping rule for users who are contractors",
"status": "active",
"sourceCondition": {"user": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.employeeType",
"right": {"literal": "contractor"
}
}
}
]
}
}
},
"targetCondition": {"application": {"version": "v2",
"filter": {"and": [{"equals": {"left": "application.templateName",
"right": {"literal": "azure.ad"
}
}
}
]
}
},
"role": {"version": "v2",
"filter": {"and": [{"contains": {"search_string_array": [{"literal": "contractor"
},
{"literal": "temp"
}
],
"in_string": "role.name"
}
}
]
}
},
"entitlement": {"version": "v2",
"filter": {"and": [{"equals": {"left": "entitlement.name",
"right": {"literal": "Directory Admin"
}
}
}
]
}
}
}
}

Response samples

Content type

application/json

{"name": "Contractor Scope",
"description": "This event will create a scoping rule for users who are contractors",
"status": "active",
"sourceCondition": {"user": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.employeeType",
"right": {"literal": "contractor"
}
}
}
]
}
}
},
"targetCondition": {"application": {"version": "v2",
"filter": {"and": [{"equals": {"left": "application.templateName",
"right": {"literal": "azure.ad"
}
}
}
]
}
},
"role": {"version": "v2",
"filter": {"and": [{"contains": {"search_string_array": [{"literal": "contractor"
},
{"literal": "temp"
}
],
"in_string": "role.name"
}
}
]
}
},
"entitlement": {"version": "v2",
"filter": {"and": [{"equals": {"left": "entitlement.name",
"right": {"literal": "Directory Admin"
}
}
}
]
}
}
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
},
"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Update specific properties of a scope by id.

Update a single IGA scope by id. This call will allow the caller to update specific properties of the scope only, without providing the entire object.

path Parameters

required

string

ID of the scope

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Schema not provided

Responses

Request samples

Payload

Content type

application/json

[{"operation": "replace",
"field": "/status",
"value": "active"
}
]

Response samples

Content type

application/json

{"name": "Contractor Scope",
"description": "This event will create a scoping rule for users who are contractors",
"status": "active",
"sourceCondition": {"user": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.employeeType",
"right": {"literal": "contractor"
}
}
}
]
}
}
},
"targetCondition": {"application": {"version": "v2",
"filter": {"and": [{"equals": {"left": "application.templateName",
"right": {"literal": "azure.ad"
}
}
}
]
}
},
"role": {"version": "v2",
"filter": {"and": [{"contains": {"search_string_array": [{"literal": "contractor"
},
{"literal": "temp"
}
],
"in_string": "role.name"
}
}
]
}
},
"entitlement": {"version": "v2",
"filter": {"and": [{"equals": {"left": "entitlement.name",
"right": {"literal": "Directory Admin"
}
}
}
]
}
}
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
},
"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Delete a single IGA scope by id.

path Parameters

required

string

ID of the scope

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"name": "Contractor Scope",
"description": "This event will create a scoping rule for users who are contractors",
"status": "active",
"sourceCondition": {"user": {"version": "v2",
"filter": {"and": [{"equals": {"left": "user.employeeType",
"right": {"literal": "contractor"
}
}
}
]
}
}
},
"targetCondition": {"application": {"version": "v2",
"filter": {"and": [{"equals": {"left": "application.templateName",
"right": {"literal": "azure.ad"
}
}
}
]
}
},
"role": {"version": "v2",
"filter": {"and": [{"contains": {"search_string_array": [{"literal": "contractor"
},
{"literal": "temp"
}
],
"in_string": "role.name"
}
}
]
}
},
"entitlement": {"version": "v2",
"filter": {"and": [{"equals": {"left": "entitlement.name",
"right": {"literal": "Directory Admin"
}
}
}
]
}
}
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
},
"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d"
}

Get available scope entities.

Get the list of available entities on which a condition can be defined.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"entities": ["user",
"catalog"
]
}

Get schema for a given object.

Get the available schema for defining a condition on a given object. For example, 'user' will return the attributes available for defining a scope for users in IGA.

path Parameters

object

required

string

Type of object for which to return schema

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"schema": {"user.userName": {"class": "json",
"type": "string"
},
"user.description": {"class": "json",
"type": "string"
},
"user._id": {"class": "json",
"type": "string"
},
"user.givenName": {"class": "json",
"type": "string"
},
"user.sn": {"class": "json",
"type": "string"
}
}
}

Task

Task related endpoints.

Get tasks user has permissions to view.

Get the tasks for which the authenticated user has permissions to view.

path Parameters

userId

required

string

Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters

type	string Enum: "request" "violation" "fulfillment" The type of task to filter by
_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_sortType	string Enum: "date" "integer" Example: _sortType=date The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.
_queryFilter	string The search query filter

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"result": [{"id": "string",
"requester": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"requestType": "applicationGrant",
"request": {"common": {"startDate": "2023-09-11T12:00:00+00:00",
"endDate": "2023-12-11T12:00:00+00:00",
"justification": "I need this access to start working on a new project.",
"externalRequestId": "c926c10f-300a-4222-876f-348e0ca07d63",
"isDraft": false,
"requestIdPrefix": "REQ"
}
},
"application": {"authoritative": false,
"connectorId": "AzureAD",
"description": "AzureAD application",
"fr": {"realm": "alpha"
},
"icon": "https://example.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "a09030e6-f4d1-4442-9c7c-1a51ce4683c1",
"mappingNames": ["systemAzureadUser_managedAlpha_user",
"systemAzureadDirectoryrole_managedAlpha_assignment",
"systemAzuread__group___managedAlpha_assignment",
"managedAlpha_user_systemAzureadUser"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-08-31T21:23:35.809Z"
},
"name": "AzureAD",
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entitlementOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"roleOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"decision": {"status": "in-progress",
"decision": "approved",
"outcome": "provisioned",
"startDate": "2023-09-10T12:00:00+00:00",
"completionDate": "2023-09-10T12:00:00+00:00",
"comments": [{"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"comment": "I need to find out more information before approving.  Will check back later.",
"action": "comment",
"timeStamp": "2023-09-11T12:00:00+00:00",
"phase": "ManagerApproval"
}
],
"actors": {"active": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
],
"inactive": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
]
},
"phases": [{"phase": {"name": "ManagerApproval",
"type": "request",
"status": "in-progress",
"decision": "approve",
"startDate": "2023-09-10T12:00:00+00:00",
"events": {"assignment": {"notification": "requestAssigned"
},
"reassign": {"notification": "requestReassigned"
},
"expiration": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestExpired",
"action": "reassign",
"actors": [null
]
},
"escalation": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestEscalated",
"actors": [{ }
],
"frequency": 3
},
"reminder": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestReminder",
"frequency": 3
}
},
"justification": "string",
"workflowTaskId": 1025,
"completedBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"completionDate": "2023-09-10T12:00:00+00:00"
}
}
]
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}
],
"searchAfterKey": ["a321329c-a7e6-47ad-8349-99b6e38f9a59"
],
"totalCount": 0,
"resultCount": 0
}

Get tasks user has permissions to view.

Get the tasks for which the authenticated user has permissions to view. The targetFilter property in the API payload can be used to filter the requests based on the desired criteria.

path Parameters

userId

required

string

Example: 3f9aeffb-dec7-484d-9031-a9e28646d284

Unique identifier of the user.

query Parameters

_action required	string Value: "search" Action to be performed on user tasks endpoint.
type	string Enum: "request" "violation" "fulfillment" The type of task to filter by
_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_sortType	string Enum: "date" "integer" Example: _sortType=date The type of sort value. Special types of fields need to use this parameter in order to be sorted properly. Currently the supported special types are 'date' and 'integer'. This can be omitted for other fields.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: /

object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Response samples

Content type

application/json

{"result": [{"id": "string",
"requester": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"requestType": "applicationGrant",
"request": {"common": {"startDate": "2023-09-11T12:00:00+00:00",
"endDate": "2023-12-11T12:00:00+00:00",
"justification": "I need this access to start working on a new project.",
"externalRequestId": "c926c10f-300a-4222-876f-348e0ca07d63",
"isDraft": false,
"requestIdPrefix": "REQ"
}
},
"application": {"authoritative": false,
"connectorId": "AzureAD",
"description": "AzureAD application",
"fr": {"realm": "alpha"
},
"icon": "https://example.forgeblocks.com/platform/img/microsoft.8a785075.svg",
"id": "a09030e6-f4d1-4442-9c7c-1a51ce4683c1",
"mappingNames": ["systemAzureadUser_managedAlpha_user",
"systemAzureadDirectoryrole_managedAlpha_assignment",
"systemAzuread__group___managedAlpha_assignment",
"managedAlpha_user_systemAzureadUser"
],
"metadata": {"entityType": "/openidm/managed/application",
"created": "2023-08-31T21:23:35.809Z"
},
"name": "AzureAD",
"templateName": "azure.ad",
"templateVersion": "2.0"
},
"applicationOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"entitlementOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"roleOwner": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
}
],
"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"decision": {"status": "in-progress",
"decision": "approved",
"outcome": "provisioned",
"startDate": "2023-09-10T12:00:00+00:00",
"completionDate": "2023-09-10T12:00:00+00:00",
"comments": [{"user": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"comment": "I need to find out more information before approving.  Will check back later.",
"action": "comment",
"timeStamp": "2023-09-11T12:00:00+00:00",
"phase": "ManagerApproval"
}
],
"actors": {"active": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
],
"inactive": [{"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith",
"permissions": {"approve": true,
"comment": true,
"modify": true,
"reassign": true,
"reject": true
},
"phase": "ManagerApproval"
}
]
},
"phases": [{"phase": {"name": "ManagerApproval",
"type": "request",
"status": "in-progress",
"decision": "approve",
"startDate": "2023-09-10T12:00:00+00:00",
"events": {"assignment": {"notification": "requestAssigned"
},
"reassign": {"notification": "requestReassigned"
},
"expiration": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestExpired",
"action": "reassign",
"actors": [null
]
},
"escalation": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestEscalated",
"actors": [{ }
],
"frequency": 3
},
"reminder": {"date": "2023-09-04T12:00:00+00:00",
"notification": "requestReminder",
"frequency": 3
}
},
"justification": "string",
"workflowTaskId": 1025,
"completedBy": {"id": "a3ad098f-93b1-47dc-a31d-f37bbb4c15d1-160761",
"userName": "asmith",
"mail": "asmith01@forgerock.com",
"givenName": "Aaron",
"sn": "Smith"
},
"completionDate": "2023-09-10T12:00:00+00:00"
}
}
]
},
"metadata": {"createdDate": "2024-01-11T12:00:00+00:00",
"modifiedDate": "2024-04-24T12:00:00+00:00"
}
}
],
"searchAfterKey": ["a321329c-a7e6-47ad-8349-99b6e38f9a59"
],
"totalCount": 0,
"resultCount": 0
}

Evolving

Evolving APIs. These APIs might get deprecated in future with improved alternatives.

Get entitlement by ID

The endpoint will return the entitlement with the provided ID.

path Parameters

required

string

ID of the entitlement

Responses

Response samples

Content type

application/json

{"id": "system_TargetADApp___GROUP___8989f1f4-1518-49bf-8a45-7a84d3c6b17f",
"descriptor": {"idx": {"/entitlement": {"displayName": "Zoran Entitlement Owner"
}
}
},
"entitlement": {"__NAME__": "Zoran Entitlement Owner",
"_id": "8989f1f4-1518-49bf-8a45-7a84d3c6b17f",
"description": "Zoran Entitlement Owner",
"displayName": "Zoran Entitlement Owner",
"id": "8989f1f4-1518-49bf-8a45-7a84d3c6b17f",
"mailEnabled": false,
"proxyAddresses": [ ],
"securityEnabled": true
},
"application": {"id": "26523063-6d77-49b1-b0b6-e56db1ff59cf",
"name": "TargetADApp",
"description": "Test",
"icon": "",
"templateName": "azure.ad"
},
"applicationOwner": [{"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d",
"userName": "iga-admin",
"givenName": "iga",
"sn": "admin",
"mail": "sandesh.more+sm-acc-api-1010@forgerock.com"
}
],
"entitlementOwner": [{"_rev": "8baa49a4-2c22-40e1-a2b9-5cbe4930f8da-46357",
"accountStatus": "active",
"cn": "iga admin",
"fr": {"realm": "alpha"
},
"givenName": "iga",
"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d",
"mail": "sandesh.more+sm-acc-api-1010@forgerock.com",
"metadata": {"entityType": "/openidm/managed/user",
"created": "2023-10-11T14:07:19.02Z"
},
"sn": "admin",
"userName": "iga-admin"
}
],
"metadata": {"firstCreated": "2024-01-11T12:00:00+00:00",
"created": "2024-04-24T12:00:00+00:00"
}
}

Searches for entitlements that match query.

Searches for all entitlements that match the target filter.

query Parameters

pageSize	string Number of results per page
pageNumber	string Page number of results to show
fields	string Properties to be returned
sortBy	string The property to be sorted by
sortDir	string The direction of sort, asc or desc
sortType	string The type of sort value, leave blank for normal sorting, or use 'date' or 'integer' for numeric
searchAfter	string The sort property values of the last entry to continue searching from. Comma separated.

Request Body schema: application/json

object (TargetFilterNode)

A targetFilter object, used to build a custom search filter to retrieve desired results.

Responses

Request samples

Payload

Content type

application/json

{"targetFilter": {"operator": "AND",
"operand": [{"operator": "EQUALS",
"operand": {"targetName": "user.userName",
"targetValue": "ljones"
}
},
{"operator": "CONTAINS",
"operand": {"targetName": "application.name",
"targetValue": "Active Directory"
}
}
]
}
}

Response samples

Content type

application/json

{"result": [{"id": "system_TargetADApp___GROUP___8989f1f4-1518-49bf-8a45-7a84d3c6b17f",
"descriptor": {"idx": {"/entitlement": {"displayName": "Zoran Entitlement Owner"
}
}
},
"entitlement": {"__NAME__": "Zoran Entitlement Owner",
"_id": "8989f1f4-1518-49bf-8a45-7a84d3c6b17f",
"description": "Zoran Entitlement Owner",
"displayName": "Zoran Entitlement Owner",
"id": "8989f1f4-1518-49bf-8a45-7a84d3c6b17f",
"mailEnabled": false,
"proxyAddresses": [ ],
"securityEnabled": true
},
"application": {"id": "26523063-6d77-49b1-b0b6-e56db1ff59cf",
"name": "TargetADApp",
"description": "Test",
"icon": "",
"templateName": "azure.ad"
},
"applicationOwner": [{"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d",
"userName": "iga-admin",
"givenName": "iga",
"sn": "admin",
"mail": "sandesh.more+sm-acc-api-1010@forgerock.com"
}
],
"entitlementOwner": [{"_rev": "8baa49a4-2c22-40e1-a2b9-5cbe4930f8da-46357",
"accountStatus": "active",
"cn": "iga admin",
"fr": {"realm": "alpha"
},
"givenName": "iga",
"id": "100a7fba-fd8b-47ca-bc6e-16fbec3a578d",
"mail": "sandesh.more+sm-acc-api-1010@forgerock.com",
"metadata": {"entityType": "/openidm/managed/user",
"created": "2023-10-11T14:07:19.02Z"
},
"sn": "admin",
"userName": "iga-admin"
}
],
"metadata": {"firstCreated": "2024-01-11T12:00:00+00:00",
"created": "2024-04-24T12:00:00+00:00"
}
}
],
"resultCount": 0,
"totalCount": 0,
"searchAfterKey": ["string"
]
}

Returns users assigned the given entitlement

This end point returns users assigned the given entitlement

path Parameters

required

string

The ID of the application

query Parameters

pageSize	string Number of results per page
pageNumber	string Page number of results to show
sortBy	string Field to sort by
sortDesc	string Sort order asc/desc
queryString	string Search term, searches against userName, givenName, sn

Responses

Response samples

Content type

application/json

{"result": [{"user": {"id": "string",
"userName": "string",
"givenName": "string",
"sn": "string",
"mail": "string"
},
"account": { },
"item": { },
"relationship": { }
}
],
"resultCount": 0,
"totalCount": 0,
"searchAfterKey": ["string"
]
}

Access Grant

Get an entitlement grant's glossary metadata by account and entitlement ID.

Retrieve the glossary specific details of a single entitlement grant using the ids of the account and entitlement.

query Parameters

accountId required	string Example: accountId=system/TargetADApp/User/8df77c8b-dac0-4cc5-9f38-b4a467983609 ID of account
entitlementId required	string Example: entitlementId=system/TargetADApp/__GROUP__/0fcfd73c-6c0a-4ad3-a580-95795af493c5 ID of entitlement

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

Content type

application/json

{"confidenceScore": 85
}

Create an entitlement grant's glossary metadata by account and entitlement ID.

Create glossary entry for a single entitlement grant using the ids of the account and entitlement.

query Parameters

accountId required	string Example: accountId=system/TargetADApp/User/8df77c8b-dac0-4cc5-9f38-b4a467983609 ID of account
entitlementId required	string Example: entitlementId=system/TargetADApp/__GROUP__/0fcfd73c-6c0a-4ad3-a580-95795af493c5 ID of entitlement
_action required	string Value: "create" Action to be performed for account endpoint.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Any of

object (EntitlementGrantGlossaryDetail)

This is an object of arbitrary key-value pairs for entitlement grant glossary metadata that has been stored for a given grant of an entitlement to an account.

Responses

Request samples

Payload

Content type

application/json

{"confidenceScore": 85
}

Response samples

Content type

application/json

{"confidenceScore": 85
}

Create or update an entitlement grant's glossary metadata by account and entitlement ID.

Create or update a glossary entry for a single entitlement grant object using the ids of the account and entitlement.

query Parameters

accountId required	string Example: accountId=system/TargetADApp/User/8df77c8b-dac0-4cc5-9f38-b4a467983609 ID of account
entitlementId required	string Example: entitlementId=system/TargetADApp/__GROUP__/0fcfd73c-6c0a-4ad3-a580-95795af493c5 ID of entitlement
_action required	string Value: "create" Action to be performed for account endpoint.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Any of

object (EntitlementGrantGlossaryDetail)

This is an object of arbitrary key-value pairs for entitlement grant glossary metadata that has been stored for a given grant of an entitlement to an account.

Responses

Request samples

Payload

Content type

application/json

{"confidenceScore": 85
}

Response samples

Content type

application/json

{"confidenceScore": 85
}

PingOne Advanced Identity Cloud - Identity Governance (IGA) (1.0.0)

Request Type

Get list of supported request type

query Parameters

Responses

Response samples

Create new custom request type

Request Body schema: application/json

Responses

Request samples

Response samples

Get the request type by ID

path Parameters

Responses

Response samples

Replace existing request type

path Parameters

Request Body schema: application/json

Responses

Request samples

Response samples

Update request type

path Parameters

Request Body schema: application/json

Responses

Request samples

Response samples

Delete request type

path Parameters

Responses

Access Request

Create or validate new access request for list of users.

query Parameters

header Parameters

Request Body schema: application/json

Responses

Request samples

Response samples

Create request of the given request type.

path Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Get access request by ID.

path Parameters

header Parameters

Responses

Response samples

Replace the content of a request. The only properties that it can be changed are properties that are defined in the request schema, and not in the notModifiableProperties.

path Parameters

header Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Update the content of a request. The only properties that it can be updated are properties that are defined in the request schema, and not in the notModifiableProperties.

path Parameters

header Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Take action on a request.

path Parameters

query Parameters

header Parameters

Request Body schema: application/json

Responses

Request samples

Get requests user has permissions to view.

path Parameters

query Parameters

header Parameters

Responses

Response samples

Get requests user has permissions to view.

path Parameters

query Parameters

header Parameters

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: /

Request Body schema: /

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required

Request Body schema: application/json
required