Hi All,
We are using a powershell script to trigger account aggregations. For this, I have generated the personal access token (with sp:scopes:all and admin privileges) and is able to execute this trigger. We would like to minimize the permission or scope for the token which we use. What is the minimum scope/permission to execute the aggregation?
Thanks,
Jishnu
Most of the accounts API require a token with ORG_ADMIN authority. Please check the documentation for your specific API here to make sure the scope it needs.
2 Likes
Building off of what Sharvari said, you’ll need to identify which API endpoints you need to call before we can figure out the scopes needed. For example, if you are calling the reload-account | SailPoint Developer Community endpoint, then you’ll need the idn:accounts-state:manage scope, as shown in the API spec. You have to click on “Authorization” for each endpoint to see the scope it requires.
2 Likes
Thanks Colin and Sharvari for the prompt responses. Will check this.
Thanks,
Jishnu
1 Like
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.