Skip to main content

Completed Access Request Approvals List

GET 

/access-request-approvals/completed

This endpoint returns list of completed approvals. See owner-id query parameter below for authorization info.

Request

Query Parameters

    owner-id string

    If present, the value returns only completed approvals for the specified identity.

    • ORG_ADMIN users can call this with any identity ID value.
    • ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.
    • Non-ORG_ADMIN users can only specify me or pass their own identity ID value.
    limit int32

    Possible values: <= 250

    Default value: 250

    Max number of results to return. See V3 API Standard Collection Parameters for more information.

    Example: 250
    offset int32

    Default value: 0

    Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

    Example: 0
    count boolean

    If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

    Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

    See V3 API Standard Collection Parameters for more information.

    Example: true
    filters string

    Filter results using the standard syntax described in V3 API Standard Collection Parameters

    Filtering is supported for the following fields and operators:

    id: eq, in, ge, gt, le, lt, ne, isnull, sw

    requestedFor.id: eq, in, ge, gt, le, lt, ne, isnull, sw

    modified: gt, lt, ge, le, eq, in, ne, sw

    sorters comma-separated

    Sort results using the standard syntax described in V3 API Standard Collection Parameters

    Sorting is supported for the following fields: created, modified

Responses

List of Completed Approvals.

Schema

  • Array [

  • id string

    The approval id.

    name string

    The name of the approval.

    created date-time

    When the approval was created.

    modified date-time

    When the approval was modified last time.

    requestCreated date-time

    When the access-request was created.

    requestType AccessRequestType (string)nullable

    Possible values: [GRANT_ACCESS, REVOKE_ACCESS, null]

    Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.

    requester

    object

    Access item requester's identity.

    type string

    Possible values: [IDENTITY]

    Access item requester's DTO type.

    id string

    Access item requester's identity ID.

    name string

    Access item owner's human-readable display name.

    requestedFor

    object

    Identity access was requested for.

    type string

    Possible values: [IDENTITY]

    Type of the object to which this reference applies

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    reviewedBy

    object

    Identity who reviewed the access item request.

    type string

    Possible values: [IDENTITY]

    DTO type of identity who reviewed the access item request.

    id string

    ID of identity who reviewed the access item request.

    name string

    Human-readable display name of identity who reviewed the access item request.

    owner

    object

    Access item owner's identity.

    type string

    Possible values: [IDENTITY]

    Access item owner's DTO type.

    id string

    Access item owner's identity ID.

    name string

    Access item owner's human-readable display name.

    requestedObject

    object

    The requested access item.

    id string

    Id of the object.

    name string

    Name of the object.

    description string

    Description of the object.

    type string

    Possible values: [ACCESS_PROFILE, ROLE, ENTITLEMENT]

    Type of the object.

    requesterComment

    object

    The requester's comment.

    comment stringnullable

    Comment content.

    created date-time

    Date and time comment was created.

    author

    object

    Author of the comment

    type string

    Possible values: [IDENTITY]

    The type of object

    id string

    The unique ID of the object

    name string

    The display name of the object

    reviewerComment

    object

    nullable

    comment stringnullable

    Comment content.

    author

    object

    type string

    Possible values: [IDENTITY]

    DTO type of the commenting identity.

    id string

    ID of the commenting identity.

    name string

    Display name of the commenting identity.

    created date-time

    Date and time comment was created.

    previousReviewersComments

    object[]

    The history of the previous reviewers comments.

  • Array [

  • comment stringnullable

    Comment content.

    created date-time

    Date and time comment was created.

    author

    object

    Author of the comment

    type string

    Possible values: [IDENTITY]

    The type of object

    id string

    The unique ID of the object

    name string

    The display name of the object

  • ]

  • forwardHistory

    object[]

    The history of approval forward action.

  • Array [

  • oldApproverName string

    Display name of approver from whom the approval was forwarded.

    newApproverName string

    Display name of approver to whom the approval was forwarded.

    comment stringnullable

    Comment made while forwarding.

    modified date-time

    Time at which approval was forwarded.

    forwarderName stringnullable

    Display name of forwarder who forwarded the approval.

    reassignmentType ReassignmentType (string)

    Possible values: [MANUAL_REASSIGNMENT, AUTOMATIC_REASSIGNMENT, AUTO_ESCALATION, SELF_REVIEW_DELEGATION]

    The approval reassignment type.

    • MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
    • AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
    • AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to Setting Global Reminders and Escalation Policies.
    • SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to Self-review Prevention and Preventing Self-approval.
  • ]

  • commentRequiredWhenRejected boolean

    When true the rejector has to provide comments when rejecting

    state CompletedApprovalState (string)

    Possible values: [APPROVED, REJECTED]

    The final state of the approval

    removeDate date-timenullable

    The date the role or access profile or entitlement is no longer assigned to the specified identity.

    removeDateUpdateRequested boolean

    If true, then the request was to change the remove date or sunset date.

    currentRemoveDate date-timenullable

    The remove date or sunset date that was assigned at the time of the request.

    sodViolationContext

    object

    nullable

    The details of the SOD violations for the associated approval.

    state string

    Possible values: [SUCCESS, ERROR]

    The status of SOD violation check

    uuid string

    The id of the Violation check event

    violationCheckResult

    object

    The inner object representing the completed SOD Violation check

    message

    object

    If the request failed, includes any error message that was generated.

    locale stringnullable

    The locale for the message text, a BCP 47 language tag.

    localeOrigin LocaleOrigin (string)nullable

    Possible values: [DEFAULT, REQUEST, null]

    An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

    text string

    Actual text of the error message in the indicated locale.

    clientMetadata

    object

    Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.

    property name* string

    violationContexts

    object[]

  • Array [

  • policy

    object

    SOD policy.

    type string

    Possible values: [SOD_POLICY]

    SOD policy DTO type.

    id string

    SOD policy ID.

    name string

    SOD policy display name.

    conflictingAccessCriteria

    object

    The object which contains the left and right hand side of the entitlements that got violated according to the policy.

    leftCriteria

    object

    criteriaList

    object[]

  • Array [

  • existing boolean

    If the entitlement already belonged to the user or not.

    type DtoType (string)

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, MACHINE_IDENTITY, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

    id string

    Entitlement ID

    name string

    Entitlement name

  • ]

  • rightCriteria

    object

    criteriaList

    object[]

  • Array [

  • existing boolean

    If the entitlement already belonged to the user or not.

    type DtoType (string)

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, MACHINE_IDENTITY, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

    id string

    Entitlement ID

    name string

    Entitlement name

  • ]

  • ]

  • violatedPolicies

    object[]

    A list of the Policies that were violated.

  • Array [

  • type string

    Possible values: [SOD_POLICY]

    SOD policy DTO type.

    id string

    SOD policy ID.

    name string

    SOD policy display name.

  • ]

  • preApprovalTriggerResult

    object

    nullable

    If the access request submitted event trigger is configured and this access request was intercepted by it, then this is the result of the trigger's decision to either approve or deny the request.

    comment string

    The comment from the trigger

    decision CompletedApprovalState (string)

    Possible values: [APPROVED, REJECTED]

    The approval decision of the trigger

    reviewer string

    The name of the approver

    date date-time

    The date and time the trigger decided on the request

    clientMetadata

    object

    Arbitrary key-value pairs provided during the request.

    property name* string
  • ]

Loading...