Skip to main content

Gets a list of entitlements.

GET 

https://sailpoint.api.identitynow.com/v2024/entitlements

experimental

This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.

This API returns a list of entitlements.

This API can be used in one of the two following ways: either getting entitlements for a specific account-id, or getting via use of filters (those two options are exclusive).

Any authenticated token can call this API.

Request

Query Parameters

    account-id string

    The account ID. If specified, returns only entitlements associated with the given Account. Cannot be specified with the filters, segmented-for-identity, for-segment-ids, or include-unsegmented param(s).

    Example: ef38f94347e94562b5bb8424a56397d8
    segmented-for-identity string

    If present and not empty, additionally filters Entitlements to those which are assigned to the Segment(s) which are visible to the Identity with the specified ID. By convention, the value me can stand in for the current user's Identity ID. Cannot be specified with the account-id or for-segment-ids param(s). It is also illegal to specify a value that refers to a different user's Identity.

    Example: me
    for-segment-ids comma-separated

    If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs. Cannot be specified with the account-id or segmented-for-identity param(s).

    Example: 041727d4-7d95-4779-b891-93cf41e98249,a378c9fa-bae5-494c-804e-a1e30f69f649
    include-unsegmented boolean

    Whether or not the response list should contain unsegmented Entitlements. If for-segment-ids and segmented-for-identity are both absent or empty, specifying include-unsegmented=false results in an error.

    Default value: true
    Example: true
    offset int32

    Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

    Default value: 0
    Example: 0
    limit int32

    Possible values: <= 250

    Max number of results to return. See V3 API Standard Collection Parameters for more information.

    Default value: 250
    Example: 250
    count boolean

    If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

    Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

    See V3 API Standard Collection Parameters for more information.

    Default value: false
    Example: true
    sorters comma-separated

    Sort results using the standard syntax described in V3 API Standard Collection Parameters

    Sorting is supported for the following fields: id, name, created, modified, type, attribute, value, source.id, requestable

    Example: name,-modified
    filters string

    Filter results using the standard syntax described in V3 API Standard Collection Parameters

    Filtering is supported for the following fields and operators:

    id: eq, in

    name: eq, in, sw

    type: eq, in

    attribute: eq, in

    value: eq, in, sw

    source.id: eq, in

    requestable: eq

    created: gt, lt, ge, le

    modified: gt, lt, ge, le

    owner.id: eq, in

    Example: attribute eq "memberOf"

Header Parameters

    X-SailPoint-Experimental stringrequired

    Use this header to enable this experimental API.

    Default value: true
    Example: true

Responses

List of entitlements
Schema
  • Array [
  • idstring

    The entitlement id

    Example: 2c91808874ff91550175097daaec161c
    namestring

    The entitlement name

    Example: LauncherTest2
    createddate-time

    Time when the entitlement was created

    Example: 2020-10-08T18:33:52.029Z
    modifieddate-time

    Time when the entitlement was last modified

    Example: 2020-10-08T18:33:52.029Z
    attributestringnullable

    The entitlement attribute name

    Example: memberOf
    valuestring

    The value of the entitlement

    Example: CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local
    sourceSchemaObjectTypestring

    The object type of the entitlement from the source schema

    Example: group
    privilegedboolean

    True if the entitlement is privileged

    Default value: false
    Example: true
    cloudGovernedboolean

    True if the entitlement is cloud governed

    Default value: false
    Example: true
    descriptionstringnullable

    The description of the entitlement

    Example: CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local
    requestableboolean

    True if the entitlement is requestable

    Default value: false
    Example: true
    attributes object

    A map of free-form key-value pairs from the source system

    property name*any

    A map of free-form key-value pairs from the source system

    Example: {"fieldName":"fieldValue"}
    source object
    idstring

    The source ID

    Example: 2c9180827ca885d7017ca8ce28a000eb
    typestring

    The source type, will always be "SOURCE"

    Example: SOURCE
    namestringnullable

    The source name

    Example: ODS-AD-Source
    owner objectnullable

    Simplified DTO for the owner object of the entitlement

    idstring

    The owner id for the entitlement

    Example: 2a2fdacca5e345f18bf7970cfbb8fec2
    namestring

    The owner name for the entitlement

    Example: identity 1
    typestring

    The type of the owner. Initially only type IDENTITY is supported

    Possible values: [IDENTITY]

    Example: IDENTITY
    directPermissions object[]
  • Array [
  • rightsstring[]

    All the rights (e.g. actions) that this permission allows on the target

    targetstring

    The target the permission would grants rights on.

    Example: SYS.GV_$TRANSACTION
  • ]
  • segmentsstring[]nullable

    List of IDs of segments, if any, to which this Entitlement is assigned.

    Example: ["f7b1b8a3-5fed-4fd4-ad29-82014e137e19","29cb6c06-1da8-43ea-8be4-b3125f248f2a"]
    manuallyUpdatedFields objectnullable

    Object contains entitlement manually updated fields. Field value is true if is was updated manually via entitlement import csv or patch endpoint. Field value is false if that property value has not been changed after first entitlement aggregation. Values for all manually updatable fields must be specified. For now only two entitlement fields support this: DISPLAY_NAME and DESCRIPTION.

    DISPLAY_NAMEboolean

    True if the entitlements name was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation. Field refers to Entitlement response schema > name property.

    Default value: false
    Example: true
    DESCRIPTIONboolean

    True if the entitlement description was updated manually via entitlement import csv or patch endpoint. False means that property value has not been change after first entitlement aggregation. Field refers to Entitlement response schema > description property.

    Default value: false
    Example: true
    accessModelMetadata objectnullable

    Access Model Metadata (beta).

    attributes object[]nullable
  • Array [
  • keystring

    Technical name of the Attribute. This is unique and cannot be changed after creation.

    Example: iscPrivacy
    namestring

    The display name of the key.

    Example: Privacy
    multiselectboolean

    Indicates whether the attribute can have multiple values.

    Default value: false
    Example: false
    statusstring

    The status of the Attribute.

    Example: active
    typestring

    The type of the Attribute. This can be either "custom" or "governance".

    Example: governance
    objectTypesstring[]nullable

    An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.

    Example: ["entitlement"]
    descriptionstring

    The description of the Attribute.

    Example: Specifies the level of privacy associated with an access item.
    values object[]nullable
  • Array [
  • valuestring

    Technical name of the Attribute value. This is unique and cannot be changed after creation.

    Example: public
    namestring

    The display name of the Attribute value.

    Example: Public
    statusstring

    The status of the Attribute value.

    Example: active
  • ]
  • ]
  • ]

Authorization: oauth2

type: Personal Access Token
scopes: idn:entitlement:read, idn:entitlement:manage
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Get, "https://sailpoint.api.identitynow.com/v2024/entitlements");
request.Headers.Add("Accept", "application/json");
request.Headers.Add("Authorization", "Bearer <TOKEN>");
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());
Request Collapse all
Base URL
https://sailpoint.api.identitynow.com/v2024
Auth
Parameters
— headerrequired
— query
— query
— query
— query
— query
— query
— query
— query
— query
ResponseClear

Click the Send API Request button above and see the response here!