Update Access Request Configuration
PUT/access-request-config
This endpoint replaces the current access-request configuration. A token with ORG_ADMIN authority is required to call this API.
Request
- application/json
Body
required
If this is true, approvals must be processed by an external system. Also, if this is true, it blocks Request Center access requests and returns an error for any user who isn't an org admin.
If this is true and the requester and reviewer are the same, the request is automatically approved.
requestOnBehalfOfConfig
object
Request On Behalf Of configuration.
If this is true, anyone can request access for anyone.
If this is true, a manager can request access for his or her direct reports.
approvalReminderAndEscalationConfig
object
Approval reminder and escalation configuration.
Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.
Number of days to wait between reminder notifications.
Possible values: >= 1
Maximum number of reminder notification to send to the reviewer before approval escalation.
fallbackApproverRef
object
nullable
The type can only be IDENTITY. This is read-only.
Identity ID.
Identity's human-readable display name. This is read-only.
Identity's email address. This is read-only.
entitlementRequestConfig
object
Entitlement request configuration.
If this is true, entitlement requests are allowed.
If this is true, comments are required to submit entitlement requests.
If this is true, comments are required to reject entitlement requests.
Default value: sourceOwner
Approval schemes for granting entitlement request. This can be empty if no approval is needed. Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}". You can use multiple governance groups (workgroups).
Responses
- 200
- 400
- 401
- 403
- 429
- 500
Access Request Configuration Details.
- application/json
- Schema
- Example (from schema)
Schema
If this is true, approvals must be processed by an external system. Also, if this is true, it blocks Request Center access requests and returns an error for any user who isn't an org admin.
If this is true and the requester and reviewer are the same, the request is automatically approved.
requestOnBehalfOfConfig
object
Request On Behalf Of configuration.
If this is true, anyone can request access for anyone.
If this is true, a manager can request access for his or her direct reports.
approvalReminderAndEscalationConfig
object
Approval reminder and escalation configuration.
Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.
Number of days to wait between reminder notifications.
Possible values: >= 1
Maximum number of reminder notification to send to the reviewer before approval escalation.
fallbackApproverRef
object
nullable
The type can only be IDENTITY. This is read-only.
Identity ID.
Identity's human-readable display name. This is read-only.
Identity's email address. This is read-only.
entitlementRequestConfig
object
Entitlement request configuration.
If this is true, entitlement requests are allowed.
If this is true, comments are required to submit entitlement requests.
If this is true, comments are required to reject entitlement requests.
Default value: sourceOwner
Approval schemes for granting entitlement request. This can be empty if no approval is needed. Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}". You can use multiple governance groups (workgroups).
{
"approvalsMustBeExternal": true,
"autoApprovalEnabled": true,
"requestOnBehalfOfConfig": {
"allowRequestOnBehalfOfAnyoneByAnyone": true,
"allowRequestOnBehalfOfEmployeeByManager": true
},
"approvalReminderAndEscalationConfig": {
"daysUntilEscalation": 0,
"daysBetweenReminders": 0,
"maxReminders": 1,
"fallbackApproverRef": {
"type": "IDENTITY",
"id": "5168015d32f890ca15812c9180835d2e",
"name": "Alison Ferguso",
"email": "[email protected]"
}
},
"entitlementRequestConfig": {
"allowEntitlementRequest": true,
"requestCommentsRequired": false,
"deniedCommentsRequired": false,
"grantRequestApprovalSchemes": "entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584"
}
}
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}