Create Campaign
POST/campaigns
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Use this API to create a certification campaign with the information provided in the request body. Though this Beta endpoint has been deprecated, you can find its V3 equivalent here.
A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API.
Request
- application/json
Body
required
Array [
]
The campaign name. If this object is part of a template, special formatting applies; see the /campaign-templates/{id}/generate
endpoint documentation for details.
The campaign description. If this object is part of a template, special formatting applies; see the /campaign-templates/{id}/generate
endpoint documentation for details.
The campaign's completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.
Possible values: [MANAGER
, SOURCE_OWNER
, SEARCH
, ROLE_COMPOSITION
, MACHINE_ACCOUNT
]
The type of campaign. Could be extended in the future.
Enables email notification for this campaign
Allows auto revoke for this campaign
Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
Possible values: [CORRELATED
, UNCORRELATED
]
The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
filter
object
Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
The ID of whatever type of filter is being used.
Possible values: [CAMPAIGN_FILTER
, RULE
]
Type of the filter
Name of the filter
Default value: true
Determines if comments on sunset date changes are required.
sourceOwnerCampaignInfo
object
Must be set only if the campaign type is SOURCE_OWNER.
The list of sources to be included in the campaign.
searchCampaignInfo
object
Must be set only if the campaign type is SEARCH.
Possible values: [IDENTITY
, ACCESS
]
The type of search campaign represented.
Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.
reviewer
object
If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.
Possible values: [GOVERNANCE_GROUP
, IDENTITY
]
The reviewer's DTO type.
The reviewer's ID.
The reviewer's name.
The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of query
or identityIds
must be set.
Possible values: <= 1000
A direct list of identities to include in this campaign. One of identityIds
or query
must be set.
accessConstraints
object[]
Possible values: <= 1000
Further reduces the scope of the campaign by excluding identities (from query
or identityIds
) that do not have this access.
Possible values: [ENTITLEMENT
, ACCESS_PROFILE
, ROLE
]
Type of Access
Must be set only if operator is SELECTED.
Possible values: [ALL
, SELECTED
]
Used to determine whether the scope of the campaign should be reduced for selected ids or all.
roleCompositionCampaignInfo
object
Optional configuration options for role composition campaigns.
reviewer
object
If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.
Possible values: [GOVERNANCE_GROUP
, IDENTITY
]
The reviewer's DTO type.
The reviewer's ID.
The reviewer's name.
Optional list of roles to include in this campaign. Only one of roleIds
and query
may be set; if neither are set, all roles are included.
remediatorRef
object
required
This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is 'IDENTITY', and the chosen identity must be a Role Admin or Org Admin.
Possible values: [IDENTITY
]
Legal Remediator Type
The ID of the remediator.
Optional search query to scope this campaign to a set of roles. Only one of roleIds
and query
may be set; if neither are set, all roles are included.
Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.
machineAccountCampaignInfo
object
Must be set only if the campaign type is MACHINE_ACCOUNT.
The list of sources to be included in the campaign.
Possible values: [ACCOUNT_OWNER
]
The reviewer's type.
Possible values: [ALL_DECISIONS
, REVOKE_ONLY_DECISIONS
, NO_DECISIONS
]
Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.
Responses
- 200
- 400
- 401
- 403
- 429
- 500
This response indicates that the requested campaign was successfully created, and the API returns its representation.
- application/json
- Schema
- Example (from schema)
- Manager
- Search
- Source Owner
- Role Composition
- Machine Account Owner
Schema
Array [
Array [
]
]
Array [
]
Array [
]
Id of the campaign
The campaign name. If this object is part of a template, special formatting applies; see the /campaign-templates/{id}/generate
endpoint documentation for details.
The campaign description. If this object is part of a template, special formatting applies; see the /campaign-templates/{id}/generate
endpoint documentation for details.
The campaign's completion deadline. This date must be in the future in order to activate the campaign. If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.
Possible values: [MANAGER
, SOURCE_OWNER
, SEARCH
, ROLE_COMPOSITION
, MACHINE_ACCOUNT
]
The type of campaign. Could be extended in the future.
Enables email notification for this campaign
Allows auto revoke for this campaign
Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
Possible values: [PENDING
, STAGED
, CANCELING
, ACTIVATING
, ACTIVE
, COMPLETING
, COMPLETED
, ERROR
, ARCHIVED
]
The campaign's current status.
Possible values: [CORRELATED
, UNCORRELATED
]
The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
Created time of the campaign
The total number of certifications in this campaign.
The number of completed certifications in this campaign.
alerts
object[]
A list of errors and warnings that have accumulated.
Possible values: [ERROR
, WARN
, INFO
]
Denotes the level of the message
localizations
object[]
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
Modified time of the campaign
filter
object
Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.
The ID of whatever type of filter is being used.
Possible values: [CAMPAIGN_FILTER
, RULE
]
Type of the filter
Name of the filter
Default value: true
Determines if comments on sunset date changes are required.
sourceOwnerCampaignInfo
object
Must be set only if the campaign type is SOURCE_OWNER.
The list of sources to be included in the campaign.
searchCampaignInfo
object
Must be set only if the campaign type is SEARCH.
Possible values: [IDENTITY
, ACCESS
]
The type of search campaign represented.
Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.
reviewer
object
If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.
Possible values: [GOVERNANCE_GROUP
, IDENTITY
]
The reviewer's DTO type.
The reviewer's ID.
The reviewer's name.
The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of query
or identityIds
must be set.
Possible values: <= 1000
A direct list of identities to include in this campaign. One of identityIds
or query
must be set.
accessConstraints
object[]
Possible values: <= 1000
Further reduces the scope of the campaign by excluding identities (from query
or identityIds
) that do not have this access.
Possible values: [ENTITLEMENT
, ACCESS_PROFILE
, ROLE
]
Type of Access
Must be set only if operator is SELECTED.
Possible values: [ALL
, SELECTED
]
Used to determine whether the scope of the campaign should be reduced for selected ids or all.
roleCompositionCampaignInfo
object
Optional configuration options for role composition campaigns.
reviewer
object
If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP.
Possible values: [GOVERNANCE_GROUP
, IDENTITY
]
The reviewer's DTO type.
The reviewer's ID.
The reviewer's name.
Optional list of roles to include in this campaign. Only one of roleIds
and query
may be set; if neither are set, all roles are included.
remediatorRef
object
required
This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is 'IDENTITY', and the chosen identity must be a Role Admin or Org Admin.
Possible values: [IDENTITY
]
Legal Remediator Type
The ID of the remediator.
The name of the remediator.
Optional search query to scope this campaign to a set of roles. Only one of roleIds
and query
may be set; if neither are set, all roles are included.
Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.
machineAccountCampaignInfo
object
Must be set only if the campaign type is MACHINE_ACCOUNT.
The list of sources to be included in the campaign.
Possible values: [ACCOUNT_OWNER
]
The reviewer's type.
sourcesWithOrphanEntitlements
object[]
A list of sources in the campaign that contain "orphan entitlements" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
Id of the source
Possible values: [SOURCE
]
Type
Name of the source
Possible values: [ALL_DECISIONS
, REVOKE_ONLY_DECISIONS
, NO_DECISIONS
]
Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.
{
"id": "2c9079b270a266a60170a2779fcb0007",
"name": "Manager Campaign",
"description": "Everyone needs to be reviewed by their manager",
"deadline": "2020-03-15T10:00:01.456Z",
"type": "MANAGER",
"emailNotificationEnabled": false,
"autoRevokeAllowed": false,
"recommendationsEnabled": true,
"status": "ACTIVE",
"correlatedStatus": "CORRELATED",
"created": "2020-03-03T22:15:13.611Z",
"totalCertifications": 100,
"completedCertifications": 10,
"alerts": [
{
"level": "ERROR",
"localizations": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
],
"modified": "2020-03-03T22:20:12.674Z",
"filter": {
"id": "0fbe863c063c4c88a35fd7f17e8a3df5",
"type": "CAMPAIGN_FILTER",
"name": "Test Filter"
},
"sunsetCommentsRequired": true,
"sourceOwnerCampaignInfo": {
"sourceIds": [
"0fbe863c063c4c88a35fd7f17e8a3df5"
]
},
"searchCampaignInfo": {
"type": "ACCESS",
"description": "Search Campaign description",
"reviewer": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "William Wilson"
},
"query": "Search Campaign query description",
"identityIds": [
"0fbe863c063c4c88a35fd7f17e8a3df5"
],
"accessConstraints": [
{
"type": "ENTITLEMENT",
"ids": [
"2c90ad2a70ace7d50170acf22ca90010"
],
"operator": "SELECTED"
}
]
},
"roleCompositionCampaignInfo": {
"reviewer": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "William Wilson"
},
"roleIds": [
"2c90ad2a70ace7d50170acf22ca90010"
],
"remediatorRef": {
"type": "IDENTITY",
"id": "2c90ad2a70ace7d50170acf22ca90010",
"name": "Role Admin"
},
"query": "Search Query",
"description": "Role Composition Description"
},
"machineAccountCampaignInfo": {
"sourceIds": [
"0fbe863c063c4c88a35fd7f17e8a3df5"
],
"reviewerType": "ACCOUNT_OWNER"
},
"sourcesWithOrphanEntitlements": [
{
"id": "2c90ad2a70ace7d50170acf22ca90010",
"type": "SOURCE",
"name": "Source with orphan entitlements"
}
],
"mandatoryCommentRequirement": "NO_DECISIONS"
}
{
"id": "5594f43b76804a6980ece5fdccf74be7",
"name": "Manager Review",
"description": "A review of everyone's access by their manager.",
"deadline": "2020-12-25T06:00:00.468Z",
"type": "MANAGER",
"status": "PENDING",
"emailNotificationEnabled": false,
"autoRevokeAllowed": false,
"recommendationsEnabled": false,
"created": "2022-08-02T20:21:18.421Z",
"modified": null,
"filter": {
"type": "CAMPAIGN_FILTER",
"id": "0fbe863c063c4c88a35fd7f17e8a3df5",
"name": "Test Manager Filter"
},
"sunsetCommentsRequired": true,
"sourceOwnerCampaignInfo": null,
"searchCampaignInfo": null,
"roleCompositionCampaignInfo": null,
"machineAccountCampaignInfo": null,
"alerts": null,
"totalCertifications": 0,
"completedCertifications": 0,
"sourcesWithOrphanEntitlements": null,
"mandatoryCommentRequirement": "NO_DECISIONS"
}
{
"id": "ec041831cb2147778b594feb9d8db44a",
"name": "Search Campaign",
"description": "Search Campaign",
"deadline": "2020-12-25T06:00:00.468Z",
"type": "SEARCH",
"status": "PENDING",
"emailNotificationEnabled": false,
"autoRevokeAllowed": false,
"recommendationsEnabled": false,
"created": "2022-08-03T13:54:34.344Z",
"modified": null,
"filter": {
"type": "CAMPAIGN_FILTER",
"id": "0fbe863c063c4c88a35fd7f17e8a3df5",
"name": "Test Search Filter"
},
"sunsetCommentsRequired": true,
"sourceOwnerCampaignInfo": null,
"searchCampaignInfo": {
"type": "ACCESS",
"description": "user",
"reviewer": {
"type": "IDENTITY",
"id": "7ec252acbd4245548bc25df22348cb75",
"name": null
},
"query": "user",
"identityIds": null,
"accessConstraints": []
},
"roleCompositionCampaignInfo": null,
"machineAccountCampaignInfo": null,
"alerts": null,
"totalCertifications": 0,
"completedCertifications": 0,
"sourcesWithOrphanEntitlements": null,
"mandatoryCommentRequirement": "NO_DECISIONS"
}
{
"id": "fd7b76ba4ea042de8a9414aa12fc977a",
"name": "Source Owner",
"description": "Source Owner Info",
"deadline": "2020-12-25T06:00:00.468Z",
"type": "SOURCE_OWNER",
"status": "PENDING",
"emailNotificationEnabled": false,
"autoRevokeAllowed": false,
"recommendationsEnabled": false,
"created": "2022-08-03T13:34:19.541Z",
"modified": null,
"filter": {
"type": "CAMPAIGN_FILTER",
"id": "0fbe863c063c4c88a35fd7f17e8a3df5",
"name": "Test Source Owner Filter"
},
"sunsetCommentsRequired": true,
"sourceOwnerCampaignInfo": null,
"sourceIds": [
"612b31b1a0f04aaf83123bdb80e70db6"
],
"searchCampaignInfo": null,
"roleCompositionCampaignInfo": null,
"machineAccountCampaignInfo": null,
"alerts": null,
"totalCertifications": 0,
"completedCertifications": 0,
"sourcesWithOrphanEntitlements": null,
"correlatedStatus": "CORRELATED",
"mandatoryCommentRequirement": "NO_DECISIONS"
}
{
"id": "3b2e2e5821e84127b6d693d41c40623b",
"name": "Role Composition Campaign",
"description": "A review done by a role owner.",
"deadline": "2020-12-25T06:00:00.468Z",
"type": "ROLE_COMPOSITION",
"status": "PENDING",
"emailNotificationEnabled": false,
"autoRevokeAllowed": false,
"recommendationsEnabled": false,
"created": "2022-08-02T20:30:46.083Z",
"modified": null,
"filter": {
"type": "CAMPAIGN_FILTER",
"id": "0fbe863c063c4c88a35fd7f17e8a3df5",
"name": "Test Role Composition Filter"
},
"sunsetCommentsRequired": true,
"sourceOwnerCampaignInfo": null,
"searchCampaignInfo": null,
"roleCompositionCampaignInfo": {
"remediatorRef": {
"type": "IDENTITY",
"id": "7ec252acbd4245548bc25df22348cb75",
"name": "SailPoint Support"
},
"reviewerId": null,
"reviewer": null,
"roleIds": [
"b15d609fc5c8434b865fe552315fda8f"
],
"query": null,
"description": null
},
"alerts": null,
"totalCertifications": 0,
"completedCertifications": 0,
"sourcesWithOrphanEntitlements": null,
"machineAccountCampaignInfo": null,
"mandatoryCommentRequirement": "NO_DECISIONS"
}
{
"id": "3e9ff3d6555e4721b74695d5b578e847",
"name": "Machine Account Owner Campaign",
"description": "A review done by a Machine Account's owner.",
"deadline": "2024-05-07T19:43:38.186Z",
"type": "MACHINE_ACCOUNT",
"status": "PENDING",
"emailNotificationEnabled": false,
"autoRevokeAllowed": false,
"recommendationsEnabled": false,
"created": "2024-04-23T19:43:38.355Z",
"modified": "2024-04-23T19:43:38.355Z",
"filter": null,
"sunsetCommentsRequired": true,
"mandatoryCommentRequirement": "NO_DECISIONS",
"sourceOwnerCampaignInfo": null,
"searchCampaignInfo": null,
"roleCompositionCampaignInfo": null,
"totalCertifications": 0,
"completedCertifications": 0,
"alerts": null,
"correlatedStatus": "CORRELATED",
"sourcesWithOrphanEntitlements": [],
"machineAccountCampaignInfo": {
"sourceIds": [
"d988f117b7624a16ab0b64c439d5dbb8"
],
"reviewerType": "ACCOUNT_OWNER"
}
}
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}