I’m asking because for a large number of internal reasons we currently use API calls to create certification campaigns. We have used the ‘SEARCH’ type when creating these with success.
However I’ve been having trouble getting the search API to return machine identities. I see there’s an API specifically for creating machine identity owner campaigns but there’s a few reasons I would like to avoid using that if possible.
Can machine identities be returned from the search API or will they only ever be returned via the list machine identities API?
In Identity Security Cloud, machine identities are not returned by the /v3/search API.
The Search API only returns results for the object types it indexes. Per the Search API documentation, searchable objects include identities, roles, access profiles, entitlements, events, and account activities — and machine identities are not currently listed.
So:
Can machine identities be returned from /v3/search?
No — not as machine identity objects.
How do I retrieve machine identities via REST?
Use the Machine Identities endpoints (currently experimental), for example:
GET /v2024/machine-identities
X-SailPoint-Experimental: true
I’ve done a similar search, and come to the same conclusion as you. Looks like the basic Search doesn’t work because it doesn’t seem to include Machine Identities in the results.
If you have a specific use case for why you don’t want to do the Machine Identity Owner campaign that comes out of the box, I’m sure the community can help brainstorm some ideas to meet your needs