Lists all events for the given identity
GET/historical-identities/:id/events
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true
to use this endpoint.
This method retrieves all access events for the identity Requires authorization scope of 'idn:identity-history:read'
Request
Path Parameters
The identity id
Query Parameters
The optional instant until which access events are returned
An optional list of event types to return. If null or empty, all events are returned
An optional list of access item types (app, account, entitlement, etc...) to return. If null or empty, all access items types are returned
Possible values: <= 250
Default value: 250
Max number of results to return. See V3 API Standard Collection Parameters for more information.
Default value: 0
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.
See V3 API Standard Collection Parameters for more information.
Header Parameters
Default value: true
Use this header to enable this experimental API.
Responses
- 200
- 400
- 401
- 403
- 404
- 429
- 500
The list of events for the identity
- application/json
- Schema
- Example (from schema)
- AccessItemAssociated
- AccessItemRemoved
- AttributesChanged
- AccessRequested
- IdentityCertified
- AccountStatusChanged
Schema
Array [
- AccessItemAssociated
- AccessItemRemoved
- AttributesChanged
- AccessRequested
- IdentityCertified
- AccountStatusChanged
- AccessItemAccessProfileResponse
- AccessItemAccountResponse
- AccessItemAppResponse
- AccessItemEntitlementResponse
- AccessItemRoleResponse
Array [
]
Array [
]
- AccessItemAccessProfileResponse
- AccessItemAccountResponse
- AccessItemAppResponse
- AccessItemEntitlementResponse
- AccessItemRoleResponse
Array [
]
Array [
]
Array [
]
Array [
Array [
]
]
Array [
]
Array [
]
]
anyOf
accessItem
object
oneOf
the access item type. accessProfile in this case
the access item id
the access profile name
the name of the source
the id of the source
the description for the access profile
the display name of the identity
the number of entitlements the access profile will create
the name of
the date the access profile is no longer assigned to the specified identity
indicates whether the access profile is standalone
indicates whether the access profile is
the access item type. account in this case
the access item id
the native identifier used to uniquely identify an acccount
the name of the source
the id of the source
the number of entitlements the account will create
the display name of the identity
the access item type. entitlement in this case
the access item id
the access item display name
the associated source name if it exists
the app role id
the access item type. entitlement in this case
the access item id
the entitlement attribute
the associated value
the type of entitlement
the name of the source
the id of the source
the description for the entitlment
the display name of the identity
indicates whether the entitlement is standalone
indicates whether the entitlement is privileged
indicates whether the entitlement is cloud governed
the access item type. role in this case
the access item id
the role display name
the description for the role
the associated source name if it exists
the date the role is no longer assigned to the specified identity
indicates whether the role is revocable
the identity id
the event type
the date of event
governanceEvent
object
The name of the governance event, such as the certification name or access request ID.
The date that the certification or access request was completed.
Possible values: [certification
, accessRequest
]
The type of governance event.
The ID of the instance that caused the event - either the certification ID or access request ID.
owners
object[]
The owners of the governance event (the certifiers or approvers)
the id of the certifier
the name of the certifier
reviewers
object[]
The owners of the governance event (the certifiers or approvers), this field should be preferred over owners
the id of the certifier
the name of the certifier
decisionMaker
object
The decision maker
the id of the certifier
the name of the certifier
accessItem
object
oneOf
the access item type. accessProfile in this case
the access item id
the access profile name
the name of the source
the id of the source
the description for the access profile
the display name of the identity
the number of entitlements the access profile will create
the name of
the date the access profile is no longer assigned to the specified identity
indicates whether the access profile is standalone
indicates whether the access profile is
the access item type. account in this case
the access item id
the native identifier used to uniquely identify an acccount
the name of the source
the id of the source
the number of entitlements the account will create
the display name of the identity
the access item type. entitlement in this case
the access item id
the access item display name
the associated source name if it exists
the app role id
the access item type. entitlement in this case
the access item id
the entitlement attribute
the associated value
the type of entitlement
the name of the source
the id of the source
the description for the entitlment
the display name of the identity
indicates whether the entitlement is standalone
indicates whether the entitlement is privileged
indicates whether the entitlement is cloud governed
the access item type. role in this case
the access item id
the role display name
the description for the role
the associated source name if it exists
the date the role is no longer assigned to the specified identity
indicates whether the role is revocable
the identity id
the event type
the date of event
governanceEvent
object
The name of the governance event, such as the certification name or access request ID.
The date that the certification or access request was completed.
Possible values: [certification
, accessRequest
]
The type of governance event.
The ID of the instance that caused the event - either the certification ID or access request ID.
owners
object[]
The owners of the governance event (the certifiers or approvers)
the id of the certifier
the name of the certifier
reviewers
object[]
The owners of the governance event (the certifiers or approvers), this field should be preferred over owners
the id of the certifier
the name of the certifier
decisionMaker
object
The decision maker
the id of the certifier
the name of the certifier
changes
object[]
the attribute name
the old value of attribute
the new value of attribute
the event type
the identity id
the date of event
accessRequest
object
the access request details
the requester Id
the requesterName
items
object[]
the access request item operation
the access item type
the name of access request item
Possible values: [APPROVED
, REJECTED
]
the final decision for the access request
the description of access request item
the source id
the source Name
approvalInfos
object[]
the id of approver
the name of approver
the status of the approval request
the identity id
the event type
the date of event
the id of the certification item
the certification item name
the date ceritification was signed
certifiers
object[]
this field is deprecated and may go away
the id of the certifier
the name of the certifier
reviewers
object[]
The list of identities who review this certification
the id of the certifier
the name of the certifier
signer
object
Identity who signed off on the certification
the id of the certifier
the name of the certifier
the event type
the date of event
the event type
the identity id
the date of event
account
object
the ID of the account in the database
the native identifier of the account
the display name of the account
the ID of the source for this account
the name of the source for this account
the number of entitlements on this account
this value is always "account"
statusChange
object
Possible values: [enabled
, disabled
, locked
]
the previous status of the account
Possible values: [enabled
, disabled
, locked
]
the new status of the account
[
{},
{},
{
"attributeChanges": {
"name": "firstname",
"previousValue": "adam",
"newValue": "zampa"
},
"eventType": "AttributesChanged",
"identityId": "8a80828f643d484f01643e14202e206f",
"dt": "2019-03-08T22:37:33.901Z"
},
{},
{},
{
"account": {
"id": "2c91808a77ff216301782327a50f09bf",
"nativeIdentity": 127999,
"displayName": "Sample Name",
"sourceId": "8a80828f643d484f01643e14202e206f",
"sourceName": "JDBC Entitlements Source",
"entitlementCount": 0,
"accessType": "account"
},
"statusChange": {
"previousStatus": "enabled",
"newStatus": "disabled"
},
"eventType": "AccountStatusChanged",
"identityId": "8a80828f643d484f01643e14202e206f",
"date": "2019-03-08T22:37:33.901Z"
}
]
[
{
"accessItem": {
"id": "8c190e6787aa4ed9a90bd9d5344523fb",
"accessType": "account",
"nativeIdentity": 127999,
"sourceName": "JDBC Entitlements Source",
"entitlementCount": 0,
"displayName": "Sample Name"
},
"eventType": "AccessItemAssociated",
"identityId": "8a80828f643d484f01643e14202e206f",
"dt": "2019-03-08T22:37:33.901Z",
"governanceEvent": {
"name": "Access Request 58",
"dt": "2019-03-08T22:37:33.901Z",
"type": "accessRequest",
"governanceId": "2c91808a77ff216301782327a50f09e1",
"owners": [
{
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
],
"reviewers": [
{
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
],
"decisionMaker": {
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
}
}
]
[
{
"accessItem": {
"id": "8c190e6787aa4ed9a90bd9d5344523fb",
"accessType": "account",
"nativeIdentity": 127999,
"sourceName": "JDBC Entitlements Source",
"entitlementCount": 0,
"displayName": "Sample Name"
},
"eventType": "AccessItemRemoved",
"identityId": "8a80828f643d484f01643e14202e206f",
"dt": "2019-03-08T22:37:33.901Z",
"governanceEvent": {
"name": "Manager Certification for Jon Snow",
"dt": "2019-03-08T22:37:33.901Z",
"type": "certification",
"governanceId": "2c91808a77ff216301782327a50f09bf",
"owners": [
{
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
],
"reviewers": [
{
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
],
"decisionMaker": {
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
}
}
]
[
{
"attributeChanges": [
{
"name": "firstname",
"previousValue": "adam",
"newValue": "zampa"
}
],
"eventType": "AttributesChanged",
"identityId": "8a80828f643d484f01643e14202e206f",
"dt": "2019-03-08T22:37:33.901Z"
}
]
{
"accessRequest": {
"requesterId": "2c91808a77ff216301782327a50f09bf",
"requestName": "Bing C",
"items": [
{
"operation": "Add",
"accessItemType": "role",
"name": "Role-1",
"decision": "APPROVED",
"description": "The role descrition",
"sourceId": "8a80828f643d484f01643e14202e206f",
"sourceName": "Source1",
"approvalInfos": [
{
"name": "John Snow",
"id": "8a80828f643d484f01643e14202e2000",
"status": "Approved"
}
]
}
]
},
"eventType": "AccessRequested",
"identityId": "8a80828f643d484f01643e14202e206f",
"dt": "2019-03-08T22:37:33.901Z"
}
[
{
"certification": {
"id": "2c91808a77ff216301782327a50f09bf",
"name": "Cert name",
"signedDate": "2019-03-08T22:37:33.901Z",
"certifiers": [
{
"id": "8a80828f643d484f01643e14202e206f",
"displayName": "John Snow"
}
],
"reviewers": [
{
"id": "8a80828f643d484f01643e14202e206f",
"displayName": "Daenerys Targaryen"
}
],
"signer": {
"id": "8a80828f643d484f01643e14202e206f",
"displayName": "Tyrion Lannister"
}
},
"eventType": "IdentityCertified",
"identityId": "8a80828f643d484f01643e14202e206f",
"dt": "2019-03-08T22:37:33.901Z"
}
]
[
{
"account": {
"id": "2c91808a77ff216301782327a50f09bf",
"nativeIdentity": 127999,
"displayName": "Sample Name",
"sourceId": "8a80828f643d484f01643e14202e206f",
"sourceName": "JDBC Entitlements Source",
"entitlementCount": 0,
"accessType": "account"
},
"statusChange": {
"previousStatus": "ENABLED",
"newStatus": "DISABLED"
},
"eventType": "AccountStatusChanged",
"identityId": "8a80828f643d484f01643e14202e206f",
"dt": "2019-03-08T22:37:33.901Z"
}
]
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Not Found - returned if the request URL refers to a resource or object that does not exist
- application/json
- Schema
- Example (from schema)
- 404
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 404 response object
{
"detailCode": "404 Not found",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server did not find a current representation for the target resource."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}