Perform Search
POST/search
Performs a search with the provided query and returns a matching result collection. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to Paginating Search Queries for more information about how to implement searchAfter paging.
Request
Query Parameters
Default value: 0
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
Possible values: <= 10000
Default value: 10000
Max number of results to return. See V3 API Standard Collection Parameters for more information.
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.
See V3 API Standard Collection Parameters for more information.
- application/json
Body
required
Possible values: [accessprofiles
, accountactivities
, entitlements
, events
, identities
, roles
, *
]
The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.
Possible values: [DSL
, SAILPOINT
, TEXT
, TYPEAHEAD
]
Default value: SAILPOINT
The type of query to use. By default, the SAILPOINT
query type is used, which requires the query
object to be defined in the request body.
To use the queryDsl
or typeAheadQuery
objects in the request, you must set the type to DSL
or TYPEAHEAD
accordingly.
Additional values may be added in the future without notice.
Default value: 5.2
The current Elasticserver version.
query
object
Query parameters used to construct an Elasticsearch query object.
The query using the Elasticsearch Query String Query syntax from the Query DSL extended by SailPoint to support Nested queries.
The fields the query will be applied to. Fields provide you with a simple way to add additional fields to search, without making the query too complicated. For example, you can use the fields to specify that you want your query of "a*" to be applied to "name", "firstName", and the "source.name". The response will include all results matching the "a*" query found in those three fields. A field's availability depends on the indices being searched. For example, if you are searching "identities", you can apply your search to the "firstName" field, but you couldn't use "firstName" with a search on "access profiles". Refer to the response schema for the respective lists of available fields.
The time zone to be applied to any range query related to dates.
innerHit
object
The innerHit query object returns a flattened list of results for the specified nested type.
The search query using the Elasticsearch Query String Query syntax from the Query DSL extended by SailPoint to support Nested queries.
The nested type to use in the inner hits query. The nested type Nested Type refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.
The search query using the Elasticsearch Query DSL syntax.
textQuery
object
Query parameters used to construct an Elasticsearch text query object.
Words or characters that specify a particular thing to be searched for.
The fields to be searched.
Indicates that at least one of the terms must be found in the specified fields; otherwise, all terms must be found.
Indicates that the terms can be located anywhere in the specified fields; otherwise, the fields must begin with the terms.
typeAheadQuery
object
Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job."
The type ahead query string used to construct a phrase prefix match query.
The field on which to perform the type ahead search.
The nested type.
Possible values: >= 1
and <= 1000
Default value: 10
The number of suffixes the last term will be expanded into. Influences the performance of the query and the number results returned. Valid values: 1 to 1000.
Possible values: >= 1
Default value: 100
The max amount of records the search will return.
Default value: desc
The sort order of the returned records.
The flag that defines the sort type, by count or value.
Default value: true
Indicates whether nested objects from returned search results should be included.
queryResultFilter
object
Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.
The list of field names to include in the result documents.
The list of field names to exclude from the result documents.
Possible values: [DSL
, SAILPOINT
]
Default value: DSL
Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.
Additional values may be added in the future without notice.
Default value: 5.2
The current Elasticserver version.
The aggregation search query using Elasticsearch Aggregations syntax.
aggregations
object
nested
object
The nested aggregation object.
The name of the nested aggregate to be included in the result.
The type of the nested object.
metric
object
The calculation done on the results of the query
The name of the metric aggregate to be included in the result. If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
Possible values: [COUNT
, UNIQUE_COUNT
, AVG
, SUM
, MEDIAN
, MIN
, MAX
]
Default value: UNIQUE_COUNT
Enum representing the currently supported metric aggregation types. Additional values may be added in the future without notice.
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
filter
object
An additional filter to constrain the results of the search query.
The name of the filter aggregate to be included in the result.
Possible values: [TERM
]
Default value: TERM
Enum representing the currently supported filter aggregation types. Additional values may be added in the future without notice.
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
The value to filter on.
bucket
object
The bucket to group the results of the aggregation query by.
The name of the bucket aggregate to be included in the result.
Possible values: [TERMS
]
Default value: TERMS
Enum representing the currently supported bucket aggregation types. Additional values may be added in the future without notice.
The field to bucket on. Prefix the field name with '@' to reference a nested object.
Maximum number of buckets to include.
Minimum number of documents a bucket should have.
subAggregation
object
Aggregation to be performed on the result of the parent bucket aggregation.
nested
object
The nested aggregation object.
The name of the nested aggregate to be included in the result.
The type of the nested object.
metric
object
The calculation done on the results of the query
The name of the metric aggregate to be included in the result. If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
Possible values: [COUNT
, UNIQUE_COUNT
, AVG
, SUM
, MEDIAN
, MIN
, MAX
]
Default value: UNIQUE_COUNT
Enum representing the currently supported metric aggregation types. Additional values may be added in the future without notice.
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
filter
object
An additional filter to constrain the results of the search query.
The name of the filter aggregate to be included in the result.
Possible values: [TERM
]
Default value: TERM
Enum representing the currently supported filter aggregation types. Additional values may be added in the future without notice.
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
The value to filter on.
bucket
object
The bucket to group the results of the aggregation query by.
The name of the bucket aggregate to be included in the result.
Possible values: [TERMS
]
Default value: TERMS
Enum representing the currently supported bucket aggregation types. Additional values may be added in the future without notice.
The field to bucket on. Prefix the field name with '@' to reference a nested object.
Maximum number of buckets to include.
Minimum number of documents a bucket should have.
subAggregation
object
Aggregation to be performed on the result of the parent bucket aggregation.
nested
object
The nested aggregation object.
The name of the nested aggregate to be included in the result.
The type of the nested object.
metric
object
The calculation done on the results of the query
The name of the metric aggregate to be included in the result. If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.
Possible values: [COUNT
, UNIQUE_COUNT
, AVG
, SUM
, MEDIAN
, MIN
, MAX
]
Default value: UNIQUE_COUNT
Enum representing the currently supported metric aggregation types. Additional values may be added in the future without notice.
The field the calculation is performed on.
Prefix the field name with '@' to reference a nested object.
filter
object
An additional filter to constrain the results of the search query.
The name of the filter aggregate to be included in the result.
Possible values: [TERM
]
Default value: TERM
Enum representing the currently supported filter aggregation types. Additional values may be added in the future without notice.
The search field to apply the filter to.
Prefix the field name with '@' to reference a nested object.
The value to filter on.
bucket
object
The bucket to group the results of the aggregation query by.
The name of the bucket aggregate to be included in the result.
Possible values: [TERMS
]
Default value: TERMS
Enum representing the currently supported bucket aggregation types. Additional values may be added in the future without notice.
The field to bucket on. Prefix the field name with '@' to reference a nested object.
Maximum number of buckets to include.
Minimum number of documents a bucket should have.
The fields to be used to sort the search results. Use + or - to specify the sort direction.
Used to begin the search window at the values specified. This parameter consists of the last values of the sorted fields in the current record set. This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value. It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging. For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"]. If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity. The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"]
filters
object
The filters to be applied for each filtered field name.
property name*
Filter
Possible values: [EXISTS
, RANGE
, TERMS
]
Enum representing the currently supported filter types. Additional values may be added in the future without notice.
range
object
The range of values to be filtered.
lower
object
The lower bound of the range.
The value of the range's endpoint.
Indicates if the endpoint is included in the range.
upper
object
The upper bound of the range.
The value of the range's endpoint.
Indicates if the endpoint is included in the range.
The terms to be filtered.
Indicates if the filter excludes results.
Responses
- 200
- 400
- 401
- 403
- 429
- 500
List of matching documents.
Response Headers
X-Total-Count
integer
Example: 30
The total result count (returned only if the count parameter is specified as true).
- application/json
- Schema
- Example (from schema)
- accessProfiles
- entitlements
- events
- identities
- roles
Schema
Array [
- AccessProfileDocument
- AccountActivityDocument
- EntitlementDocument
- EventDocument
- IdentityDocument
- RoleDocument
Array [
]
Array [
Array [
]
]
Array [
Array [
]
]
Array [
Array [
]
]
Array [
Array [
]
]
Array [
]
Array [
]
Array [
]
Array [
- AccessProfileSummary
- AccessProfileEntitlement
- AccessProfileRole
]
Array [
Array [
]
Array [
]
Array [
]
Array [
]
Array [
]
Array [
]
]
Array [
]
Array [
]
Array [
]
]
oneOf
More complete representation of an access profile.
The unique ID of the referenced object.
The human readable name of the referenced object.
Access item's description.
ISO-8601 date-time referring to the time when the object was created.
ISO-8601 date-time referring to the time when the object was last modified.
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the synced
time and the time when the updated data is actually available in the search API.
Indicates whether the access item is currently enabled.
Default value: true
Indicates whether the access item can be requested.
Indicates whether comments are required for requests to access the item.
owner
object
Owner's identity.
Possible values: [IDENTITY
]
Owner's DTO type.
Owner's identity ID.
Owner's display name.
Owner's email.
Possible values: [accessprofile
, accountactivity
, account
, aggregation
, entitlement
, event
, identity
, role
]
Access profile's document type. This enum represents the currently supported document types. Additional values may be added in the future without notice.
source
object
Access profile's source.
Source's ID.
Source's name.
entitlements
object[]
Entitlements the access profile has access to.
Indicates whether the entitlement has permissions.
Entitlement's description.
Entitlement attribute's name.
Entitlement's value.
Entitlement's schema.
Indicates whether the entitlement is privileged.
Entitlement's ID.
Entitlement's name.
Number of entitlements.
Tags that have been applied to the object.
AccountActivity
Possible values: [accessprofile
, accountactivity
, account
, aggregation
, entitlement
, event
, identity
, role
]
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
Type of action performed in the activity.
ISO-8601 date-time referring to the time when the object was created.
ISO-8601 date-time referring to the time when the object was last modified.
Activity's current stage.
Activity's origin.
Activity's current status.
requester
object
The unique ID of the referenced object.
The human readable name of the referenced object.
Type of source returned.
recipient
object
The unique ID of the referenced object.
The human readable name of the referenced object.
Type of source returned.
Account activity's tracking number.
Errors provided by the source while completing account actions.
Warnings provided by the source while completing account actions.
approvals
object[]
Approvals performed on an item during activity.
comments
object[]
The comment text
The name of the commenter
A date-time in ISO-8601 format
A date-time in ISO-8601 format
A date-time in ISO-8601 format
owner
object
The unique ID of the referenced object.
The human readable name of the referenced object.
Type of source returned.
The result of the approval
originalRequests
object[]
Original actions that triggered all individual source actions related to the account action.
Account ID.
attributeRequests
object[]
Attribute changes requested for account.
Attribute name.
Operation to perform on attribute.
Value of attribute.
Operation used.
source
object
Account's source.
The unique ID of the referenced object.
The human readable name of the referenced object.
Type of source returned.
expansionItems
object[]
Controls that translated the attribute requests into actual provisioning actions on the source.
The ID of the account
The name of the item
attributeRequests
object[]
Attribute name.
Operation to perform on attribute.
Value of attribute.
source
object
The unique ID of the referenced object.
The human readable name of the referenced object.
Type of source returned.
accountRequests
object[]
Account data for each individual source action triggered by the original requests.
Unique ID of the account
attributeRequests
object[]
Attribute name.
Operation to perform on attribute.
Value of attribute.
The operation that was performed
provisioningTarget
object
The unique ID of the referenced object.
The human readable name of the referenced object.
Type of source returned.
result
object
The status of the account request
source
object
The unique ID of the referenced object.
The human readable name of the referenced object.
Type of source returned.
Sources involved in the account activity.
Entitlement
Possible values: [accessprofile
, accountactivity
, account
, aggregation
, entitlement
, event
, identity
, role
]
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
ISO-8601 date-time referring to the time when the object was last modified.
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the synced
time and the time when the updated data is actually available in the search API.
Entitlement's display name.
source
object
Entitlement's source.
ID of entitlement's source.
Display name of entitlement's source.
segments
object[]
Segments with the role.
Segment's unique ID.
Segment's display name.
Number of segments with the role.
Indicates whether the entitlement is requestable.
Indicates whether the entitlement is cloud governed.
ISO-8601 date-time referring to the time when the object was created.
Indicates whether the entitlement is privileged.
Number of identities who have access to the entitlement.
Tags that have been applied to the object.
Event
Possible values: [accessprofile
, accountactivity
, account
, aggregation
, entitlement
, event
, identity
, role
]
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
ISO-8601 date-time referring to the time when the object was created.
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the synced
time and the time when the updated data is actually available in the search API.
Name of the event as it's displayed in audit reports.
Event type. Refer to Event Types for a list of event types and their meanings.
Name of the actor that generated the event.
Name of the target, or recipient, of the event.
The event's stack.
ID of the group of events.
Target system's IP address.
ID of event's details.
attributes
object
Attributes involved in the event.
Attributes involved in the event.
Objects the event is happening to.
Operation, or action, performed during the event.
Event status. Refer to Event Statuses for a list of event statuses and their meanings.
Event's normalized name. This normalized name always follows the pattern of 'objects_operation_status'.
Identity
The unique ID of the referenced object.
The human readable name of the referenced object.
Possible values: [accessprofile
, accountactivity
, account
, aggregation
, entitlement
, event
, identity
, role
]
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
Identity's display name.
Identity's first name.
Identity's last name.
Identity's primary email address.
ISO-8601 date-time referring to the time when the object was created.
ISO-8601 date-time referring to the time when the object was last modified.
Identity's phone number.
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the synced
time and the time when the updated data is actually available in the search API.
Indicates whether the identity is inactive.
Indicates whether the identity is protected.
Identity's status in SailPoint.
Identity's employee number.
manager
object
nullable
Identity's manager.
ID of identity's manager.
Name of identity's manager.
Display name of identity's manager.
Indicates whether the identity is a manager of other identities.
identityProfile
object
Identity's identity profile.
Identity profile's ID.
Identity profile's name.
source
object
Identity's source.
ID of identity's source.
Display name of identity's source.
attributes
object
Map or dictionary of key/value pairs.
Map or dictionary of key/value pairs.
Identity's processing state.
processingDetails
object
nullable
Identity's processing details.
A date-time in ISO-8601 format
accounts
object[]
List of accounts associated with the identity.
The unique ID of the referenced object.
The human readable name of the referenced object.
Account ID.
source
object
The unique ID of the referenced object.
The human readable name of the referenced object.
Type of source returned.
Indicates whether the account is disabled.
Indicates whether the account is locked.
Indicates whether the account is privileged.
Indicates whether the account has been manually correlated to an identity.
A date-time in ISO-8601 format
entitlementAttributes
object
nullable
Map or dictionary of key/value pairs.
Map or dictionary of key/value pairs.
ISO-8601 date-time referring to the time when the object was created.
Number of accounts associated with the identity.
apps
object[]
List of applications the identity has access to.
The unique ID of the referenced object.
The human readable name of the referenced object.
source
object
The unique ID of the referenced object.
The human readable name of the referenced object.
account
object
The SailPoint generated unique ID
The account ID generated by the source
Number of applications the identity has access to.
access
object[]
List of access items assigned to the identity.
oneOf
This is a summary representation of an access profile.
The unique ID of the referenced object.
The human readable name of the referenced object.
Possible values: [ACCOUNT_CORRELATION_CONFIG
, ACCESS_PROFILE
, ACCESS_REQUEST_APPROVAL
, ACCOUNT
, APPLICATION
, CAMPAIGN
, CAMPAIGN_FILTER
, CERTIFICATION
, CLUSTER
, CONNECTOR_SCHEMA
, ENTITLEMENT
, GOVERNANCE_GROUP
, IDENTITY
, IDENTITY_PROFILE
, IDENTITY_REQUEST
, MACHINE_IDENTITY
, LIFECYCLE_STATE
, PASSWORD_POLICY
, ROLE
, RULE
, SOD_POLICY
, SOURCE
, TAG
, TAG_CATEGORY
, TASK_RESULT
, REPORT_RESULT
, SOD_VIOLATION
, ACCOUNT_ACTIVITY
, WORKGROUP
]
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
source
object
The unique ID of the referenced object.
The human readable name of the referenced object.
owner
object
The unique ID of the referenced object.
The human readable name of the referenced object.
EntitlementReference
The unique ID of the referenced object.
The human readable name of the referenced object.
Possible values: [ACCOUNT_CORRELATION_CONFIG
, ACCESS_PROFILE
, ACCESS_REQUEST_APPROVAL
, ACCOUNT
, APPLICATION
, CAMPAIGN
, CAMPAIGN_FILTER
, CERTIFICATION
, CLUSTER
, CONNECTOR_SCHEMA
, ENTITLEMENT
, GOVERNANCE_GROUP
, IDENTITY
, IDENTITY_PROFILE
, IDENTITY_REQUEST
, MACHINE_IDENTITY
, LIFECYCLE_STATE
, PASSWORD_POLICY
, ROLE
, RULE
, SOD_POLICY
, SOURCE
, TAG
, TAG_CATEGORY
, TASK_RESULT
, REPORT_RESULT
, SOD_VIOLATION
, ACCOUNT_ACTIVITY
, WORKGROUP
]
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
source
object
The unique ID of the referenced object.
The human readable name of the referenced object.
Role
The unique ID of the referenced object.
The human readable name of the referenced object.
Possible values: [ACCOUNT_CORRELATION_CONFIG
, ACCESS_PROFILE
, ACCESS_REQUEST_APPROVAL
, ACCOUNT
, APPLICATION
, CAMPAIGN
, CAMPAIGN_FILTER
, CERTIFICATION
, CLUSTER
, CONNECTOR_SCHEMA
, ENTITLEMENT
, GOVERNANCE_GROUP
, IDENTITY
, IDENTITY_PROFILE
, IDENTITY_REQUEST
, MACHINE_IDENTITY
, LIFECYCLE_STATE
, PASSWORD_POLICY
, ROLE
, RULE
, SOD_POLICY
, SOURCE
, TAG
, TAG_CATEGORY
, TASK_RESULT
, REPORT_RESULT
, SOD_VIOLATION
, ACCOUNT_ACTIVITY
, WORKGROUP
]
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
owner
object
The unique ID of the referenced object.
The human readable name of the referenced object.
Number of access items assigned to the identity.
Number of entitlements assigned to the identity.
Number of roles assigned to the identity.
Number of access profiles assigned to the identity.
owns
object[]
Access items the identity owns.
sources
object[]
The unique ID of the referenced object.
The human readable name of the referenced object.
entitlements
object[]
The unique ID of the referenced object.
The human readable name of the referenced object.
accessProfiles
object[]
The unique ID of the referenced object.
The human readable name of the referenced object.
roles
object[]
The unique ID of the referenced object.
The human readable name of the referenced object.
apps
object[]
The unique ID of the referenced object.
The human readable name of the referenced object.
governanceGroups
object[]
The unique ID of the referenced object.
The human readable name of the referenced object.
Number of access items the identity owns.
Tags that have been applied to the object.
Role
The unique ID of the referenced object.
The human readable name of the referenced object.
Possible values: [accessprofile
, accountactivity
, account
, aggregation
, entitlement
, event
, identity
, role
]
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
Access item's description.
ISO-8601 date-time referring to the time when the object was created.
ISO-8601 date-time referring to the time when the object was last modified.
ISO-8601 date-time referring to the date-time when object was queued to be synced into search database for use in the search API.
This date-time changes anytime there is an update to the object, which triggers a synchronization event being sent to the search database.
There may be some delay between the synced
time and the time when the updated data is actually available in the search API.
Indicates whether the access item is currently enabled.
Default value: true
Indicates whether the access item can be requested.
Indicates whether comments are required for requests to access the item.
owner
object
Owner's identity.
Possible values: [IDENTITY
]
Owner's DTO type.
Owner's identity ID.
Owner's display name.
Owner's email.
accessProfiles
object[]
Access profiles included with the role.
Access profile's unique ID.
Access profile's display name.
Number of access profiles included with the role.
Tags that have been applied to the object.
segments
object[]
Segments with the role.
Segment's unique ID.
Segment's display name.
Number of segments with the role.
entitlements
object[]
Entitlements included with the role.
Indicates whether the entitlement has permissions.
Entitlement's description.
Entitlement attribute's name.
Entitlement's value.
Entitlement's schema.
Indicates whether the entitlement is privileged.
Entitlement's ID.
Entitlement's name.
Number of entitlements included with the role.
[
null,
null,
null,
null,
null,
null
]
A collection of AccessProfiles
[
{
"id": "2c9180825a6c1adc015a71c9023f0818",
"name": "Cloud Eng",
"_type": "accessprofile",
"description": "Cloud Eng",
"created": "2017-02-24T20:21:23.145Z",
"modified": "2019-05-24T20:36:04.312Z",
"synced": "2020-02-18T05:30:20.414Z",
"enabled": true,
"requestable": true,
"requestCommentsRequired": false,
"owner": {
"id": "ff8081815757d36a015757d42e56031e",
"name": "SailPoint Support",
"type": "IDENTITY",
"email": "[email protected]"
},
"source": {
"id": "ff8081815757d4fb0157588f3d9d008f",
"name": "Employees"
},
"entitlements": [
{
"id": "2c918084575812550157589064f33b89",
"name": "CN=Cloud Engineering,DC=sailpoint,DC=COM",
"description": "mull",
"attribute": "memberOf",
"value": "CN=Cloud Engineering,DC=sailpoint,DC=COM"
}
],
"entitlementCount": 1,
"tags": [
"TAG_1",
"TAG_2"
]
}
]
A collection of Entitlements
[
{
"id": "2c9180946ed0c43d016eec1a80892fbd",
"name": "entitlement.aa415ae7",
"_type": "entitlement",
"description": "null",
"attribute": "groups",
"value": "entitlement.aa415ae7",
"modified": "2019-12-09T19:19:50.154Z",
"synced": "2020-02-19T04:30:32.906Z",
"displayName": "entitlement.aa415ae7",
"source": {
"id": "2c91808b6e9e6fb8016eec1a2b6f7b5f",
"name": "ODS-HR-Employees"
},
"privileged": false,
"identityCount": 68,
"tags": [
"TAG_1",
"TAG_2"
]
}
]
A collection of Events
[
{
"id": "e092842f-c904-4b59-aac8-2544abeeef4b",
"name": "Update Task Schedule Passed",
"_type": "event",
"created": "2020-02-17T16:23:18.327Z",
"synced": "2020-02-17T16:23:18.388Z",
"action": "TASK_SCHEDULE_UPDATE_PASSED",
"type": "SYSTEM_CONFIG",
"actor": {
"name": "MantisTaskScheduler"
},
"target": {
"name": "Perform provisioning activity search delete synchronization"
},
"stack": "tpe",
"trackingNumber": "c6b98bc39ece48b080826d16c76b166c",
"ipAddress": "207.189.160.158",
"details": "null",
"attributes": {
"sourceName": "SailPoint"
},
"objects": [
"TASK",
"SCHEDULE"
],
"operation": "UPDATE",
"status": "PASSED",
"technicalName": "TASK_SCHEDULE_UPDATE_PASSED"
}
]
A collection of Identities
[
{
"id": "2c9180865c45e7e3015c46c434a80622",
"name": "ad.admin",
"_type": "identity",
"firstName": "AD",
"lastName": "Admin",
"displayName": "AD Admin",
"email": "[email protected]",
"created": "2018-08-22T19:54:54.302Z",
"modified": "2018-08-22T19:54:54.302Z",
"synced": "2018-08-22T19:54:54.302Z",
"phone": "512-942-7578",
"inactive": false,
"protected": false,
"status": "UNREGISTERED",
"employeeNumber": "O349804",
"manager": null,
"isManager": false,
"identityProfile": {
"id": "2c918085605c8d0601606f357cb231e6",
"name": "E2E AD"
},
"source": {
"id": "2c9180855c45b230015c46c19b9c0202",
"name": "EndToEnd-ADSource"
},
"attributes": {
"uid": "ad.admin",
"firstname": "AD",
"cloudAuthoritativeSource": "2c9180855c45b230015c46c19b9c0202",
"cloudStatus": "UNREGISTERED",
"iplanet-am-user-alias-list": null,
"displayName": "AD Admin",
"internalCloudStatus": "UNREGISTERED",
"workPhone": "512-942-7578",
"email": "[email protected]",
"lastname": "Admin"
},
"processingState": null,
"processingDetails": null,
"accounts": [
{
"id": "2c9180865c45e7e3015c46c434a80623",
"name": "ad.admin",
"accountId": "CN=AD Admin,OU=slpt-automation,DC=TestAutomationAD,DC=local",
"source": {
"id": "2c9180855c45b230015c46c19b9c0202",
"name": "EndToEnd-ADSource",
"type": "Active Directory - Direct"
},
"disabled": false,
"locked": false,
"privileged": false,
"manuallyCorrelated": false,
"passwordLastSet": "2018-08-22T19:54:54.302Z",
"entitlementAttributes": {
"memberOf": [
"CN=Group Policy Creator Owners,CN=Users,DC=TestAutomationAD,DC=local",
"CN=Domain Guests,CN=Users,DC=TestAutomationAD,DC=local",
"CN=Domain Admins,CN=Users,DC=TestAutomationAD,DC=local",
"CN=Enterprise Admins,CN=Users,DC=TestAutomationAD,DC=local",
"CN=Schema Admins,CN=Users,DC=TestAutomationAD,DC=local",
"CN=Guests,CN=Builtin,DC=TestAutomationAD,DC=local",
"CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local"
]
},
"created": "2018-08-22T19:54:54.302Z"
},
{
"id": "2c918083606d670c01606f35a30a0349",
"name": "ad.admin",
"accountId": "ad.admin",
"source": {
"id": "ff8081815c46b85b015c46b90c7c02a6",
"name": "IdentityNow",
"type": "IdentityNowConnector"
},
"disabled": false,
"locked": false,
"privileged": false,
"manuallyCorrelated": false,
"passwordLastSet": null,
"entitlementAttributes": null,
"created": "2018-08-22T19:54:54.302Z"
}
],
"accountCount": 2,
"apps": [
{
"id": "22751",
"name": "ADP Workforce Now",
"source": {
"id": "2c9180855c45b230015c46e2f6a8026a",
"name": "Corporate Active Directory"
},
"account": {
"id": "2c9180865c45efa4015c470be0de1606",
"accountId": "CN=Bob Wilson,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com"
}
}
],
"appCount": 1,
"access": [
{
"id": "2c918083634bc6cb01639808d40270ba",
"name": "test [AccessProfile-1527264105448]",
"displayName": "test",
"type": "ACCESS_PROFILE",
"description": "test",
"source": {
"id": "2c9180855c45b230015c46c19b9c0202",
"name": "EndToEnd-ADSource"
},
"owner": {
"id": "2c9180865c45e7e3015c46c434a80622",
"name": "ad.admin",
"displayName": "AD Admin"
}
},
{
"id": "2c9180865c45e7e3015c46c457c50755",
"name": "Administrators",
"displayName": "Administrators",
"type": "ENTITLEMENT",
"description": null,
"source": {
"id": "2c9180855c45b230015c46c19b9c0202",
"name": "EndToEnd-ADSource"
},
"privileged": false,
"attribute": "memberOf",
"value": "CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local",
"standalone": false
},
{
"id": "2c9180865decdaa5015e06598b293108",
"name": "test [cloudRole-1503345085223]",
"displayName": "test",
"type": "ROLE",
"description": "test",
"owner": {
"id": "2c9180865c45e7e3015c46c5030707a0",
"name": "will.albin",
"displayName": "Albin Will"
},
"disabled": false
}
],
"accessCount": 3,
"accessProfileCount": 1,
"entitlementCount": 1,
"roleCount": 1,
"tags": [
"TAG_1",
"TAG_2"
]
}
]
A collection of Roles
[
{
"id": "2c91808c6faadea6016fb4f2bc69077b",
"name": "IT Role",
"_type": "role",
"description": "IT role",
"created": "2020-01-17T19:20:15.040Z",
"modified": null,
"synced": "2020-02-18T05:30:20.145Z",
"enabled": true,
"requestable": false,
"requestCommentsRequired": false,
"owner": {
"id": "2c9180a46faadee4016fb4e018c20639",
"name": "Cloud Support",
"type": "IDENTITY",
"email": "[email protected]"
},
"accessProfiles": [
{
"id": "2c91809c6faade77016fb4f0b63407ae",
"name": "Admin Access"
}
],
"accessProfileCount": 1,
"tags": [
"TAG_1",
"TAG_2"
]
}
]
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}