PingOne Advanced Identity Cloud - Identity Governance (IGA) (1.0.0)

Download OpenAPI specification:Download

This is the API specification for the Access Request related endpoints and data model for Identity Governance (IGA).

Segregation of Duty

SoD and Policy endpoints.

Query policies

The endpoint will return policies stored within the IGA store, based on a set of query parameters.

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.
_queryFilter	string query filter with expression

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
"name": "string",
"description": "string",
"policyOwner": {"id": "string"
},
"policyRuleIds": ["string"
]
}
]

Create a new policy

The end point will allow for creation of a new policy object within IGA.

query Parameters

_action

required

string

Enum: "create" "duplicate"

Action to be performed for requests endpoint.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

The contents of the new policy

name required	string The name of the policy
description	string A description of the policy
required	object The policy owner object
policyRuleIds required	Array of strings The list of policy rule IDs that this policy contains.
	object The contents of the schedule on which this policy is scanned. Contents TBD

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"description": "string",
"policyOwner": {"id": "string"
},
"policyRuleIds": ["string"
],
"schedule": {"type": "simple",
"scheduled": true,
"schedule": "string",
"repeatInterval": 864000000,
"repeatCount": -1,
"startTime": "2023-12-21T22:41:00.000Z",
"endTime": "2024-01-01T22:41:00.000Z"
}
}

Response samples

201

Content type

application/json

{"id": "string",
"scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
"name": "string",
"description": "string",
"policyOwner": {"id": "string"
},
"policyRuleIds": ["string"
]
}

Search policy objects

Query the policy objects using a targeted search filter

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.
_queryFilter	string query filter with expression

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

object (TargetFilterNode)

Responses

Request samples

Payload

Content type

application/json

{"targetFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
}

Response samples

200

Content type

application/json

[{"id": "string",
"scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
"name": "string",
"description": "string",
"policyOwner": {"id": "string"
},
"policyRuleIds": ["string"
]
}
]

Get policy by ID

The endpoint will return the policy with the provided ID.

path Parameters

id

required

string

Id of the policy

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

{"id": "string",
"scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
"name": "string",
"description": "string",
"policyOwner": {"id": "string"
},
"policyRuleIds": ["string"
]
}

Update an existing policy object

The end point will allow for updating an existing policy object within IGA.

path Parameters

id

required

string

ID of the policy to update

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
optional

The contents of the updated policy

name required	string The name of the policy
description	string A description of the policy
required	object The policy owner object
policyRuleIds required	Array of strings The list of policy rule IDs that this policy contains.

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"description": "string",
"policyOwner": {"id": "string"
},
"policyRuleIds": ["string"
]
}

Response samples

200

Content type

application/json

{"id": "string",
"scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
"name": "string",
"description": "string",
"policyOwner": {"id": "string"
},
"policyRuleIds": ["string"
]
}

Delete an existing policy

The end point will allow for deleting an existing policy object within IDM.

path Parameters

id

required

string

ID of the policy to delete

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

{"id": "string",
"scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
"name": "string",
"description": "string",
"policyOwner": {"id": "string"
},
"policyRuleIds": ["string"
]
}

Scan the given policy for violations

The end point will run a scan on all of the given rules of a policy, and create violations if desired.

path Parameters

id

required

string

ID of the policy to scan

query Parameters

simulate	string Whether or not this scan is a simulation, true means no violation tasks will be created, false or not present will create violations.
waitForCompletion	string Whether or not to await the completion of the scan before returning, true will wait, false or not present will return after scan creation.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
optional

object

Responses

Request samples

Payload

Content type

application/json

{ }

Response samples

201

Content type

application/json

{"id": "string",
"policy": {"id": "string",
"scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
"name": "string",
"description": "string",
"policyOwner": {"id": "string"
},
"policyRuleIds": ["string"
]
},
"policyRule": {"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user",
"id": "string",
"ruleDefinitionTags": ["targetName=entitlement.displayName&targetValue=IT%20Admin",
"targetValue=IT%20Admin&targetName=entitlement.displayName"
]
},
"isSimulation": true,
"status": "string",
"startDate": "string",
"completionDate": "string",
"scanTarget": "string",
"results": [{ }
]
}

Get policy rules

Given Policy Id, retrieve the policy rules associated with it.

path Parameters

id

required

string

ID of the policy

query Parameters

_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

{"result": [{"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user",
"id": "string",
"ruleDefinitionTags": ["targetName=entitlement.displayName&targetValue=IT%20Admin",
"targetValue=IT%20Admin&targetName=entitlement.displayName"
]
}
]
}

Query policy rules

The endpoint will return policy rules stored within the IGA store, based on a set of query parameters.

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_queryFilter	string query filter with expression

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

[{"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user",
"id": "string",
"ruleDefinitionTags": ["targetName=entitlement.displayName&targetValue=IT%20Admin",
"targetValue=IT%20Admin&targetName=entitlement.displayName"
]
}
]

Create a new policy rule

The end point will allow for creation of a new policy rule object within IGA.

query Parameters

_action

required

string

Enum: "create" "duplicate"

Action to be performed for requests endpoint.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

The contents of the new policy rule

name required	string The name of the policy rule
description	string A description of the policy rule
documentationUrl	string A URL pointing towards any supporting documentation on the policy rule
required	object The policy rule owner object
required	object The violation owner object
active required	boolean Whether the policy rule is currently enabled.
required	object Lists the types of scan for which this policy rule is eligible to be included in
maxExceptionDuration required	integer Maximum duration in days that exceptions are allowed on violations
required	object Decisions that are available for the remediation actors to take
required	object The defined remediation options for this policy rule
required	object (TargetFilterNode)
required	Array of objects (TargetFilterNode) An array of conditions that define the policy rule's targeted combination of access
required	object Drives the lifecycle of the violations that are created.
violationOwnerType required	string Enum: "user" "role" Violation owner type

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user"
}

Response samples

201

Content type

application/json

{"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user",
"id": "string",
"ruleDefinitionTags": ["targetName=entitlement.displayName&targetValue=IT%20Admin",
"targetValue=IT%20Admin&targetName=entitlement.displayName"
]
}

Search policy rules

Query the policy rule objects using a targeted search filter

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.
_queryFilter	string query filter with expression

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

object (TargetFilterNode)

Responses

Request samples

Payload

Content type

application/json

{"targetFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
}

Response samples

200

Content type

application/json

[{"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user",
"id": "string",
"ruleDefinitionTags": ["targetName=entitlement.displayName&targetValue=IT%20Admin",
"targetValue=IT%20Admin&targetName=entitlement.displayName"
]
}
]

Get policy rule by ID

The endpoint will return the policy rule with the provided ID.

path Parameters

id

required

string

Id of the policy rule

query Parameters

resolveSchemas

string

When 'true', enrich the remediation.schemas property with the full schema objects rather than just the IDs

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

{"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user",
"id": "string",
"ruleDefinitionTags": ["targetName=entitlement.displayName&targetValue=IT%20Admin",
"targetValue=IT%20Admin&targetName=entitlement.displayName"
]
}

Duplicate the given policy rule

Creates a duplicate of the selected policy rule.

path Parameters

id

required

string

Id of the policy rule

query Parameters

_action

required

string

Enum: "create" "duplicate"

Action to be performed for requests endpoint.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
optional

The contents of the duplicate request (empty body)

object

Responses

Request samples

Payload

Content type

application/json

{ }

Response samples

201

Content type

application/json

{"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user"
}

Update an existing policy rule object

The end point will allow for updating an existing policy rule object within IGA.

path Parameters

id

required

string

ID of the policy rule to update

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
optional

The contents of the updated policy rule

name required	string The name of the policy rule
description	string A description of the policy rule
documentationUrl	string A URL pointing towards any supporting documentation on the policy rule
required	object The policy rule owner object
required	object The violation owner object
active required	boolean Whether the policy rule is currently enabled.
required	object Lists the types of scan for which this policy rule is eligible to be included in
maxExceptionDuration required	integer Maximum duration in days that exceptions are allowed on violations
required	object Decisions that are available for the remediation actors to take
required	object The defined remediation options for this policy rule
required	object (TargetFilterNode)
required	Array of objects (TargetFilterNode) An array of conditions that define the policy rule's targeted combination of access
required	object Drives the lifecycle of the violations that are created.
violationOwnerType required	string Enum: "user" "role" Violation owner type

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user"
}

Response samples

200

Content type

application/json

{"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user",
"id": "string",
"ruleDefinitionTags": ["targetName=entitlement.displayName&targetValue=IT%20Admin",
"targetValue=IT%20Admin&targetName=entitlement.displayName"
]
}

Delete an existing policy rule

The end point will allow for deleting an existing policy rule object within IDM.

path Parameters

id

required

string

ID of the policy rule to delete

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

{"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user",
"id": "string",
"ruleDefinitionTags": ["targetName=entitlement.displayName&targetValue=IT%20Admin",
"targetValue=IT%20Admin&targetName=entitlement.displayName"
]
}

Scan the given policy for violations

The end point will run a scan on the given policy rule, and create violations if desired.

path Parameters

id

required

string

ID of the policy rule to scan

query Parameters

simulate	string Whether or not this scan is a simulation, true means no violation tasks will be created, false or not present will create violations.
waitForCompletion	string Whether or not to await the completion of the scan before returning, true will wait, false or not present will return after scan creation.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

201

Content type

application/json

{"id": "string",
"policy": {"id": "string",
"scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
"name": "string",
"description": "string",
"policyOwner": {"id": "string"
},
"policyRuleIds": ["string"
]
},
"policyRule": {"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user",
"id": "string",
"ruleDefinitionTags": ["targetName=entitlement.displayName&targetValue=IT%20Admin",
"targetValue=IT%20Admin&targetName=entitlement.displayName"
]
},
"isSimulation": true,
"status": "string",
"startDate": "string",
"completionDate": "string",
"scanTarget": "string",
"results": [{ }
]
}

Run a scan for violations on the given single user

The end point will run a scan on the given user rule, and return potential violations

path Parameters

id

required

string

ID of the user to scan

query Parameters

simulate

string

Whether or not this scan is a simulation, true means no violation tasks will be created, false or not present will create violations.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
optional

If running a preventative scan, additional access may be provided to simulate access not yet granted to user

	Array of objects Additional access to mock on user
	object (TargetFilterNode)

Responses

Request samples

Payload

Content type

application/json

{"additionalAccess": [{"type": "string",
"entitlementId": "string",
"accountId": "string"
}
],
"policyRuleFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
}

Response samples

201

Content type

application/json

{"id": "string",
"policy": {"id": "string",
"scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
"name": "string",
"description": "string",
"policyOwner": {"id": "string"
},
"policyRuleIds": ["string"
]
},
"policyRule": {"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user",
"id": "string",
"ruleDefinitionTags": ["targetName=entitlement.displayName&targetValue=IT%20Admin",
"targetValue=IT%20Admin&targetName=entitlement.displayName"
]
},
"isSimulation": true,
"status": "string",
"startDate": "string",
"completionDate": "string",
"scanTarget": "string",
"results": [{ }
]
}

Query policy scans

The endpoint will return policy scans stored within the IGA store, based on a set of query parameters.

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.
_queryFilter	string query filter with expression

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"policy": {"id": "string",
"scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
"name": "string",
"description": "string",
"policyOwner": {"id": "string"
},
"policyRuleIds": ["string"
]
},
"policyRule": {"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user",
"id": "string",
"ruleDefinitionTags": ["targetName=entitlement.displayName&targetValue=IT%20Admin",
"targetValue=IT%20Admin&targetName=entitlement.displayName"
]
},
"isSimulation": true,
"status": "string",
"startDate": "string",
"completionDate": "string",
"scanTarget": "string",
"results": [{ }
]
}
]

Search policy scans

Query the policy scan objects using a targeted search filter

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.
_queryFilter	string query filter with expression

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

object (TargetFilterNode)

Responses

Request samples

Payload

Content type

application/json

{"targetFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
}

Response samples

200

Content type

application/json

[{"id": "string",
"policy": {"id": "string",
"scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
"name": "string",
"description": "string",
"policyOwner": {"id": "string"
},
"policyRuleIds": ["string"
]
},
"policyRule": {"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user",
"id": "string",
"ruleDefinitionTags": ["targetName=entitlement.displayName&targetValue=IT%20Admin",
"targetValue=IT%20Admin&targetName=entitlement.displayName"
]
},
"isSimulation": true,
"status": "string",
"startDate": "string",
"completionDate": "string",
"scanTarget": "string",
"results": [{ }
]
}
]

Get policy scan by ID

The endpoint will return the policy scan with the provided ID.

path Parameters

id

required

string

Id of the policy scan

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

{"id": "string",
"policy": {"id": "string",
"scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
"name": "string",
"description": "string",
"policyOwner": {"id": "string"
},
"policyRuleIds": ["string"
]
},
"policyRule": {"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user",
"id": "string",
"ruleDefinitionTags": ["targetName=entitlement.displayName&targetValue=IT%20Admin",
"targetValue=IT%20Admin&targetName=entitlement.displayName"
]
},
"isSimulation": true,
"status": "string",
"startDate": "string",
"completionDate": "string",
"scanTarget": "string",
"results": [{ }
]
}

Delete an existing policy scan

The end point will allow for deleting an existing policy scan object within IGA.

path Parameters

id

required

string

ID of the policy scan to delete

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

{"id": "string",
"policy": {"id": "string",
"scheduleId": "policySchedule1a5cefd6a67f4303b16f1b5d5740cfd1",
"name": "string",
"description": "string",
"policyOwner": {"id": "string"
},
"policyRuleIds": ["string"
]
},
"policyRule": {"name": "string",
"description": "string",
"documentationUrl": "string",
"policyRuleOwner": {"id": "string"
},
"violationOwner": {"id": "string"
},
"active": true,
"scanTypes": {"preventative": true,
"detective": true
},
"maxExceptionDuration": 0,
"decisionOptions": {"allow": true,
"exception": true,
"remediate": true
},
"remediation": {"type": "string",
"id": "string",
"schemas": ["string"
]
},
"userFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
},
"ruleDefinition": [{"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
],
"workflow": {"type": "bpmn",
"id": "BasicViolationProcess"
},
"violationOwnerType": "user",
"id": "string",
"ruleDefinitionTags": ["targetName=entitlement.displayName&targetValue=IT%20Admin",
"targetValue=IT%20Admin&targetName=entitlement.displayName"
]
},
"isSimulation": true,
"status": "string",
"startDate": "string",
"completionDate": "string",
"scanTarget": "string",
"results": [{ }
]
}

Get violations the logged in user has access too.

Query the logged in user's violation objects.

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.
_queryFilter	string query filter with expression

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}
]

Get violations

Query the violation objects

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.
_queryFilter	string query filter with expression

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}
]

Creates a violation

creates a violation with the given body

query Parameters

_action

required

string

Enum: "create" "duplicate"

Action to be performed for requests endpoint.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

object (Violation)

A violation is a single object representing a segregation of duty violation between a single policy rule and a single violating entity (user).

Responses

Request samples

Payload

Content type

application/json

{"targetFilter": {"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}
}

Response samples

200

Content type

application/json

[{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}
]

Bulk API to close entire violations, allowing access to remain indefinitely

Once a phase (or phases) have chosen to allow, this endpoint can be used to close and complete the violations with an outcome of allow

query Parameters

waitForCompletion

string

Whether or not to await the completion of violations before returning, true will wait, false or not present will return after phase completion.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Array of violations to act on and additional properties for the action.

ids required	Array of strings An array of all violation ids to act on.
comment	string Comment or justification for this action.

Responses

Request samples

Payload

Content type

application/json

{"ids": ["e9e4d260-1b55-4331-8468-5824344b8bc3",
"01d8ccf0-e132-49f1-9c82-c52a6fea0154"
],
"comment": "Justification for this action."
}

Response samples

200

Content type

application/json

{"message": "Action 'allow' complete.",
"idsNotActedOn": [{"id": "09e01632-b22f-407b-bacb-aa1e2cac8214",
"errorMessage": "This violation is not eligible to be allowed.",
"errorCode": 400
}
]
}

Bulk API to cancel exception on a group of violations.

As an actor on violations, cancel existing exceptions, reverting the violations back to in-progress.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Array of violations to act on and additional properties for the action.

ids required	Array of strings An array of all violation ids to act on.
comment	string Comment or justification for this action.

Responses

Request samples

Payload

Content type

application/json

{"ids": ["e9e4d260-1b55-4331-8468-5824344b8bc3",
"01d8ccf0-e132-49f1-9c82-c52a6fea0154"
],
"comment": "Justification for this action."
}

Response samples

200

Content type

application/json

{"message": "Action 'allow' complete.",
"idsNotActedOn": [{"id": "09e01632-b22f-407b-bacb-aa1e2cac8214",
"errorMessage": "This violation is not eligible to be allowed.",
"errorCode": 400
}
]
}

Bulk API to allow actors to add a comment to the violations.

As an actor on violations, add a comment to the violation objects.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Array of violations to act on and additional properties for the action.

ids required	Array of strings An array of all violation ids to act on.
comment required	string Comment or justification for this action.

Responses

Request samples

Payload

Content type

application/json

{"ids": ["e9e4d260-1b55-4331-8468-5824344b8bc3",
"01d8ccf0-e132-49f1-9c82-c52a6fea0154"
],
"comment": "Justification for this action."
}

Response samples

200

Content type

application/json

{"message": "Action 'allow' complete.",
"idsNotActedOn": [{"id": "09e01632-b22f-407b-bacb-aa1e2cac8214",
"errorMessage": "This violation is not eligible to be allowed.",
"errorCode": 400
}
]
}

Bulk API to allow access to remain for a defined period of time.

As an actor on violations, grant an exception to the violating access.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Array of violations to act on and additional properties for the action.

exceptionExpirationDate required	string Date that exception will expire
ids required	Array of strings An array of all violation ids to act on.
comment	string Comment or justification for this action.

Responses

Request samples

Payload

Content type

application/json

{"exceptionExpirationDate": "2024-04-24T20:36:14+00:00",
"ids": ["e9e4d260-1b55-4331-8468-5824344b8bc3",
"01d8ccf0-e132-49f1-9c82-c52a6fea0154"
],
"comment": "Justification for this action."
}

Response samples

200

Content type

application/json

{"message": "Action 'allow' complete.",
"idsNotActedOn": [{"id": "09e01632-b22f-407b-bacb-aa1e2cac8214",
"errorMessage": "This violation is not eligible to be allowed.",
"errorCode": 400
}
]
}

Bulk API to edit the actors and permissions on the violations.

As a violation actor, edit the list of active actors on the violation tasks.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Array of violations to act on and additional properties for the action.

required	Array of objects (ViolationActor)
ids required	Array of strings An array of all violation ids to act on.
comment	string Comment or justification for this action.

Responses

Request samples

Payload

Content type

application/json

{"updatedActors": [{"id": "string",
"userName": "string",
"mail": "string",
"givenName": "string",
"sn": "string",
"name": "string",
"permissions": {"allow": true,
"comment": true,
"exception": true,
"reassign": true,
"remediate": true
}
}
],
"ids": ["e9e4d260-1b55-4331-8468-5824344b8bc3",
"01d8ccf0-e132-49f1-9c82-c52a6fea0154"
],
"comment": "Justification for this action."
}

Response samples

200

Content type

application/json

{"message": "Action 'allow' complete.",
"idsNotActedOn": [{"id": "09e01632-b22f-407b-bacb-aa1e2cac8214",
"errorMessage": "This violation is not eligible to be allowed.",
"errorCode": 400
}
]
}

Search violations

Query the violation objects using a targeted search filter

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.
_queryFilter	string query filter with expression

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

object (TargetFilterNode)

Responses

Request samples

Payload

Content type

application/json

{"targetFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
}

Response samples

200

Content type

application/json

[{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}
]

Search violations the logged in user is associated with.

Query the logged in user's violation objects using a targeted search filter

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.
_queryFilter	string query filter with expression
actorStatus	string Actor status to search, comma-separated for multiple, e.g. "active", "inactive", or "active,inactive"

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

object (TargetFilterNode)

Responses

Request samples

Payload

Content type

application/json

{"targetFilter": {"operator": "EQUALS",
"operand": {"targetName": "name",
"targetValue": "string"
}
}
}

Response samples

200

Content type

application/json

[{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}
]

Get a violation by id

Query the contents of a single violation object

path Parameters

id

required

string

Id of the violation

query Parameters

resolveSchemas

string

When 'true', enrich the policyRule remediation schemas property with the full schema objects rather than just the IDs

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}

Updates a given violation

Updates a given violation with the given body

path Parameters

id

required

string

Id of the violation

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

object (Violation)

A violation is a single object representing a segregation of duty violation between a single policy rule and a single violating entity (user).

Responses

Request samples

Payload

Content type

application/json

{"targetFilter": {"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}
}

Response samples

200

Content type

application/json

[{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}
]

Deletes a Violation

Deletes a violation from the given id

path Parameters

id

required

string

Id of the violation

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

"string"

Close entire violation, allowing access to remain indefinitely

Once a phase (or phases) have chosen to allow, this endpoint can be used to close and complete the violation with an outcome of allow

path Parameters

id

required

string

ID of the violation

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Contents of the action

object

Responses

Request samples

Payload

Content type

application/json

{ }

Response samples

200

Content type

application/json

{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}

Comment on violation

As an actor on a violation, add a comment to the violation object.

path Parameters

id

required

string

ID of the violation

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Contents of the action

comment

required

string

Comment to leave on violation

Responses

Request samples

Payload

Content type

application/json

{"comment": "string"
}

Response samples

201

Content type

application/json

{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}

Complete a violation with an outcome of remediate

Once a phase (or phases) have chosen to remediate the violation, this endpoint can be used to complete the violation with an outcome of remediate, and continue the workflow on to either the automated or manual process for fulfilling the remediation.

path Parameters

id

required

string

ID of the violation

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Contents of the action. Properties will be determined by the requirements of the remediation schema chosen by the id provided in the body.

id	string ID of the remediation schema user has chosen

Responses

Request samples

Payload

Content type

application/json

{"id": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}

Update the remediationStatus of a violation that is currently being remediated

For violations that have been given an outcome of 'remediate', this endpoint will allow the remediationStatus key to be updated, e.g. from in-progress to complete, and will finalize the violation when appropriate.

path Parameters

id required	string ID of the violation
status required	string Status to update remediationStatus to

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Contents of the action

object

Responses

Request samples

Payload

Content type

application/json

{ }

Response samples

200

Content type

application/json

{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}

Add phase to violation

path Parameters

violationId

required

string

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

	object (TaskPhase) This is represent the stage that require user to make decision before the workflow can continue to next stage
	Array of objects (ViolationActor)

Responses

Request samples

Payload

Content type

application/json

{"phase": {"phase": {"name": "string",
"workflowTaskId": "string",
"events": { },
"type": "string"
},
"actors": [{"id": "/managed/user/kpanduri",
"permissions": {"approve": true,
"reject": true,
"comment": true
}
}
]
},
"actors": [{"id": "string",
"userName": "string",
"mail": "string",
"givenName": "string",
"sn": "string",
"name": "string",
"permissions": {"allow": true,
"comment": true,
"exception": true,
"reassign": true,
"remediate": true
}
}
]
}

Make a decision to allow access to remain

As an actor on a violation, allow the user to continue to violate the defined rule in perpetuity

path Parameters

id required	string ID of the violation
phaseName required	string Name of the phase

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Contents of the action

comment

string

Comment justifying allow

Responses

Request samples

Payload

Content type

application/json

{"comment": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}

Cancel an exception on a violation

As an actor on a violation, cancel an existing exception, reverting the violation back to in-progress.

path Parameters

id required	string ID of the violation
phaseName required	string Name of the phase

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Contents of the action

comment

string

Comment describing the reason for exception being canceled.

Responses

Request samples

Payload

Content type

application/json

{"comment": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}

Comment on violation

As an actor on a violation, add a comment to the violation object.

path Parameters

id required	string ID of the violation
phaseName required	string Name of the phase

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Contents of the action

comment

required

string

Comment to leave on violation

Responses

Request samples

Payload

Content type

application/json

{"comment": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}

Allow access to remain for a defined period of time

As an actor on a violation, grant an exception to the violating access.

path Parameters

id required	string ID of the violation
phaseName required	string Name of the phase

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Contents of the action

exceptionExpirationDate required	string Date that exception will expire
comment	string Comment to leave on exception

Responses

Request samples

Payload

Content type

application/json

{"exceptionExpirationDate": "string",
"comment": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}

Edit the actors and permissions on the violation

As a violation actor, edit the list of active actors on a violation task

path Parameters

id required	string ID of the violation
phaseName required	string Name of the phase

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Contents of the action

required

Array of objects (ViolationActor)

Responses

Request samples

Payload

Content type

application/json

{"updatedActors": [{"id": "string",
"userName": "string",
"mail": "string",
"givenName": "string",
"sn": "string",
"name": "string",
"permissions": {"allow": true,
"comment": true,
"exception": true,
"reassign": true,
"remediate": true
}
}
]
}

Response samples

200

Content type

application/json

{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}

Make a decision to remediate access

As an actor on a violation, choose to remediate the access, kicking off the remediation workflow assigned to the violation. Request body will depend on remediation schema chosen by user

path Parameters

id required	string ID of the violation
phaseName required	string Name of the phase

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json
required

Contents of the action. Properties will be determined by the requirements of the remediation schema chosen by the id provided in the body.

id	string ID of the remediation schema user has chosen

Responses

Request samples

Payload

Content type

application/json

{"id": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}

Mark a violation provisioning task as complete

As an actor on a manual provisioning task to handle violation remediation, mark the action as completed

path Parameters

id required	string ID of the violation
phaseName required	string Name of the phase

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Contents of the action

comment

string

Comment for the complete action

Responses

Request samples

Payload

Content type

application/json

{"comment": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}

Mark a violation provisioning task as canceled (a.k.a not completed)

As an actor on a manual provisioning task to handle violation remediation, mark the action as canceled (not completed)

path Parameters

id required	string ID of the violation
phaseName required	string Name of the phase

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

Contents of the action

comment

string

Comment reason for cancel

Responses

Request samples

Payload

Content type

application/json

{"comment": "string"
}

Response samples

200

Content type

application/json

{"id": "string",
"user": { },
"policyRule": { },
"decision": {"status": "pending",
"decision": "exception",
"comments": [{ }
],
"events": {"assignment": { },
"expiration": { },
"escalation": { },
"reminder": { }
},
"actors": {"active": [{ }
],
"inactive": [{ }
]
},
"completionDate": "string",
"completedBy": { }
}
}

Get list of supported violation remediation schema

Get list of supported violation remediation schemas

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_queryFilter	string query filter with expression

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

[{"id": "string",
"schema": {"_meta": {"type": "system",
"properties": { }
},
"properties": { }
}
}
]

Create new violation remediation schema

query Parameters

_action

required

string

Enum: "create" "duplicate"

Action to be performed for requests endpoint.

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

id	string The identifier of the request schema
	object

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"schema": {"_meta": {"type": "system",
"properties": { }
},
"properties": { }
}
}

Response samples

201

Content type

application/json

{"id": "string",
"schema": {"_meta": {"type": "system",
"properties": { }
},
"properties": { }
}
}

Search remediation schema

query Parameters

_fields	string Example: _fields=user.userName,application.name,id The list of fields to return for each entry in the response result. Comma-separated for multiple values.
_pageSize	integer Example: _pageSize=10 Number of response result objects to return.
_pagedResultsOffset	integer Example: _pagedResultsOffset=10 Offset number of the record from which to start the paginated results.
_sortKeys	string Example: _sortKeys=application.name The property on which to sort the results.
_sortDir	string Enum: "asc" "desc" Example: _sortDir=asc The direction of sort, asc or desc.
_searchAfter	string Example: _searchAfter=a321329c-a7e6-47ad-8349-99b6e38f9a59 The sort property values of the last entry to continue searching from. Comma-separated for multiple values.
_queryFilter	string query filter with expression

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

id	string The identifier of the request schema
	object

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"schema": {"_meta": {"type": "system",
"properties": { }
},
"properties": { }
}
}

Response samples

200

Content type

application/json

{"id": "string",
"schema": {"_meta": {"type": "system",
"properties": { }
},
"properties": { }
}
}

Get the violation remediation schema by ID

path Parameters

violationRemediationSchemaId

required

string

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

{"id": "string",
"schema": {"_meta": {"type": "system",
"properties": { }
},
"properties": { }
}
}

Update existing violation remediation schema

path Parameters

violationRemediationSchemaId

required

string

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Request Body schema: application/json

id	string The identifier of the request schema
	object

Responses

Request samples

Payload

Content type

application/json

{"id": "string",
"schema": {"_meta": {"type": "system",
"properties": { }
},
"properties": { }
}
}

Response samples

200

Content type

application/json

{"id": "string",
"schema": {"_meta": {"type": "system",
"properties": { }
},
"properties": { }
}
}

Delete violation remediation schema

path Parameters

violationRemediationSchemaId

required

string

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Check violation objects for certain criteria.

This endpoint executes checks on active violation objects for things like reminder notifications, expiration, creation status, etc.

path Parameters

scanType

required

string

Enum: "reminder" "expiration" "escalation" "exception"

Type of scan check to run

header Parameters

Accept-API-Version

string

Example: resource=1.0

API version to use for the request. If no value is provided, latest version of API is used to process the request.

Responses

Response samples

200

Content type

application/json

{ }

PingOne Advanced Identity Cloud - Identity Governance (IGA) (1.0.0)

Segregation of Duty

Query policies

query Parameters

header Parameters

Responses

Response samples

Create a new policy

query Parameters

header Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Search policy objects

query Parameters

header Parameters

Request Body schema: application/json

Responses

Request samples

Response samples

Get policy by ID

path Parameters

header Parameters

Responses

Response samples

Update an existing policy object

path Parameters

header Parameters

Request Body schema: application/jsonoptional

Responses

Request samples

Response samples

Delete an existing policy

path Parameters

header Parameters

Responses

Response samples

Scan the given policy for violations

path Parameters

query Parameters

header Parameters

Request Body schema: application/jsonoptional

Responses

Request samples

Response samples

Get policy rules

path Parameters

query Parameters

header Parameters

Responses

Response samples

Query policy rules

query Parameters

header Parameters

Responses

Response samples

Create a new policy rule

query Parameters

header Parameters

Request Body schema: application/jsonrequired

Responses

Request samples

Response samples

Search policy rules

query Parameters

header Parameters

Request Body schema: application/json

Responses

Request samples

Response samples

Get policy rule by ID

path Parameters

query Parameters

header Parameters

Responses

Response samples

Duplicate the given policy rule

path Parameters

query Parameters

Request Body schema: application/json
required

Request Body schema: application/json
optional

Request Body schema: application/json
optional

Request Body schema: application/json
required

Request Body schema: application/json
optional

Request Body schema: application/json
optional

Request Body schema: application/json
optional