SailPoint API - Retrieving Identities with SailPoint's Admin Role

Hey,
I would like to get all the user permissions only in Sailpoint - like Org Admin, Cert Admin, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN, etc…

Is there a way to get it?
Thanks.

Hi,

You can use this search query: @access(source.name.exact:IdentityNow)

Or

You can use the V3/Search API with the same query to get detailed report.
POST {{baseUrl}}/v3/search
Body:

{
  "indices": [
    "identities"
  ],
  "query": {
    "query": "@access(source.name.exact:IdentityNow)"
  }
}
3 Likes

Hello @atarodia

Would this work in case users from other sources are given any admin access?

Thanks for replying

Yes, this will work for all sources.

1 Like

Thanks @atarodia

Just a small correction in your post…

needs to be {{baseUrl}}/v3/search

2 Likes

Thanks @iamnithesh . I edited the original post.

2 Likes

I get a 403 error:
detailCode":"403 Forbidden","localeOrigin":"DEFAULT","text":"The server understood the request but refuses to authorize it."},{"locale":"und","localeOrigin":"REQUEST","text":"The server understood the request but refuses to authorize it

What are the scopes to grant using search API?
Doesn’t mention in the API reference.

image

Not all endpoints have scopes yet, which appears to be the case with the search API. Scopes are an ongoing process and being rolled out slowly. In lieu of using scopes, you can instead apply the Report Admin user level to the user that is authenticating to the API to restrict their API access. You can learn more about user levels here: User Level Matrix - SailPoint Identity Services

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.