Finalize Identity Certification Decisions
POST/certifications/:id/sign-off
This API finalizes all decisions made on an identity campaign certification and initiates any remediations required. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
Request
Path Parameters
The identity campaign certification ID
Responses
- 200
- 400
- 401
- 403
- 404
- 429
- 500
An identity campaign certification object
- application/json
- Schema
- Example (from schema)
Schema
STAGED
: The campaign is waiting to be activated.ACTIVE
: The campaign is active.SIGNED
: The reviewer has signed off on the campaign, and it is considered complete.
id of the certification
name of the certification
campaign
object
The unique ID of the campaign.
The name of the campaign.
Possible values: [CAMPAIGN
]
The type of object that is being referenced.
Possible values: [MANAGER
, SOURCE_OWNER
, SEARCH
]
The type of the campaign.
The description of the campaign set by the admin who created it.
Possible values: [CORRELATED
, UNCORRELATED
]
The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
Possible values: [ALL_DECISIONS
, REVOKE_ONLY_DECISIONS
, NO_DECISIONS
]
Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.
Have all decisions been made?
The number of identities for whom all decisions have been made and are complete.
The total number of identities in the Certification, both complete and incomplete.
created date
modified date
The number of approve/revoke/acknowledge decisions that have been made.
The total number of approve/revoke/acknowledge decisions.
The due date of the certification.
The date the reviewer signed off on the Certification.
reviewer
object
The id of the reviewer.
The name of the reviewer.
The email of the reviewing identity.
Possible values: [IDENTITY
]
The type of the reviewing identity.
The created date of the reviewing identity.
The modified date of the reviewing identity.
reassignment
object
nullable
from
object
The id of the certification.
The name of the certification.
Possible values: [CERTIFICATION
]
reviewer
object
The id of the reviewer.
The name of the reviewer.
The email of the reviewing identity.
Possible values: [IDENTITY
]
The type of the reviewing identity.
The created date of the reviewing identity.
The modified date of the reviewing identity.
The comment entered when the Certification was reassigned
Identifies if the certification has an error
Description of the certification error
Possible values: [STAGED
, ACTIVE
, SIGNED
]
The current phase of the campaign.
{
"id": "2c9180835d2e5168015d32f890ca1581",
"name": "Source Owner Access Review for Employees [source]",
"campaign": {
"id": "ef38f94347e94562b5bb8424a56397d8",
"name": "Campaign Name",
"type": "CAMPAIGN",
"campaignType": "MANAGER",
"description": "A description of the campaign",
"correlatedStatus": "CORRELATED",
"mandatoryCommentRequirement": "NO_DECISIONS"
},
"completed": true,
"identitiesCompleted": 5,
"identitiesTotal": 10,
"created": "2018-06-25T20:22:28.104Z",
"modified": "2018-06-25T20:22:28.104Z",
"decisionsMade": 20,
"decisionsTotal": 40,
"due": "2018-10-19T13:49:37.385Z",
"signed": "2018-10-19T13:49:37.385Z",
"reviewer": {
"id": "ef38f94347e94562b5bb8424a56397d8",
"name": "Reviewer Name",
"email": "[email protected]",
"type": "IDENTITY",
"created": "2018-06-25T20:22:28.104Z",
"modified": "2018-06-25T20:22:28.104Z"
},
"reassignment": {
"from": {
"id": "ef38f94347e94562b5bb8424a56397d8",
"name": "Certification Name",
"type": "CERTIFICATION",
"reviewer": {
"id": "ef38f94347e94562b5bb8424a56397d8",
"name": "Reviewer Name",
"email": "[email protected]",
"type": "IDENTITY",
"created": "2018-06-25T20:22:28.104Z",
"modified": "2018-06-25T20:22:28.104Z"
}
},
"comment": "Reassigned for a reason"
},
"hasErrors": false,
"errorMessage": "The certification has an error",
"phase": "ACTIVE"
}
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Not Found - returned if the request URL refers to a resource or object that does not exist
- application/json
- Schema
- Example (from schema)
- 404
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 404 response object
{
"detailCode": "404 Not found",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server did not find a current representation for the target resource."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}