Get Source Connections by ID
GET/sources/:sourceId/connections
Use this API to get all dependent Profiles, Attributes, Applications and Custom Transforms for a source by a specified ID in Identity Security Cloud (ISC). A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
Request
Path Parameters
Source ID.
Responses
- 200
- 400
- 401
- 403
- 404
- 429
- 500
Source Connections object.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
- accountAttribute
- base64Decode
- base64Encode
- concat
- conditional
- dateCompare
- dateFormat
- dateMath
- decomposeDiacriticalMarks
- e164phone
- firstValid
- identityAttribute
- indexOf
- iso3166
- leftPad
- lookup
- lower
- nameNormalizer
- randomAlphaNumeric
- randomNumeric
- reference
- replaceAll
- replace
- rightPad
- split
- static
- substring
- trim
- upper
- uuid
- accountAttribute
- dateFormat
- Named Construct
- Java Simple Date Format
- Named Construct
- Java Simple Date Format
- accountAttribute
- dateFormat
- Named Construct
- Java Simple Date Format
- Named Construct
- Java Simple Date Format
- Named Construct
- Java Simple Date Format
- Named Construct
- Java Simple Date Format
-
This value must be a positive number and cannot be blank
-
If no length is provided, the transform will default to a value of
32
-
Due to identity attribute data constraints, the maximum allowable value is
450
characters -
This value must be a positive number and cannot be blank
-
If no length is provided, the transform will default to a value of
32
-
Due to identity attribute data constraints, the maximum allowable value is
450
characters ]
Array [
Array [
]
Array [
]
]
Array [
]
identityProfiles
object[]
The IdentityProfile attached to this source
ID of the IdentityProfile this reference applies
Human-readable display name of the IdentityProfile to which this reference applies
The Number of Identities managed by this IdentityProfile
Name of the CredentialProfile attached to this source
The attributes attached to this source
The profiles attached to this source
dependentCustomTransforms
object[]
Possible values: non-empty
and <= 50 characters
Unique name of this transform
Possible values: [accountAttribute
, base64Decode
, base64Encode
, concat
, conditional
, dateCompare
, dateFormat
, dateMath
, decomposeDiacriticalMarks
, e164phone
, firstValid
, rule
, identityAttribute
, indexOf
, iso3166
, lastIndexOf
, leftPad
, lookup
, lower
, normalizeNames
, randomAlphaNumeric
, randomNumeric
, reference
, replaceAll
, replace
, rightPad
, split
, static
, substring
, trim
, upper
, usernameGenerator
, uuid
, displayName
, rfc5646
]
The type of transform operation
attributes
object
nullable
required
Meta-data about the transform. Values in this list are specific to the type of transform to be executed.
oneOf
A reference to the source to search for the account
The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.
Default value: created
The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)
The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - nativeIdentity
- the Account ID - displayName
- the Account Name - entitlements
- a boolean value to determine if the account has entitlements
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
An array of items to join together
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
A comparison statement that follows the structure of ValueA eq ValueB
where ValueA
and ValueB
are static strings or outputs of other transforms.
The eq
operator is the only valid comparison
The output of the transform if the expression evalutes to true
The output of the transform if the expression evalutes to false
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
firstDate
object
required
This is the first date to consider (The date that would be on the left hand side of the comparison operation).
oneOf
A reference to the source to search for the account
The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.
Default value: created
The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)
The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - nativeIdentity
- the Account ID - displayName
- the Account Name - entitlements
- a boolean value to determine if the account has entitlements
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
inputFormat
object
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
If no inputFormat is provided, the transform assumes that it is in ISO8601 format
oneOf
Construct | Date Time Pattern | Description |
---|---|---|
ISO8601 | yyyy-MM-dd'T'HH:mm:ss.SSSX | The ISO8601 standard. |
LDAP | yyyyMMddHHmmss.Z | The LDAP standard. |
PEOPLE_SOFT | MM/dd/yyyy | The date format People Soft uses. |
EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
EPOCH_TIME_WIN32 | # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
string
Possible values: [ISO8601
, LDAP
, PEOPLE_SOFT
, EPOCH_TIME_JAVA
, EPOCH_TIME_WIN32
]
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. (This table is from the SimpleDateFormat page.)
Date Time Pattern | Result |
---|---|
yyyy.MM.dd G 'at' HH:mm:ss z | 2001.07.04 AD at 12:08:56 PDT |
EEE, MMM d, ''yy | Wed, Jul 4, '01 |
h:mm a | 12:08 PM |
hh 'o''clock' a, zzzz | 12 o'clock PM, Pacific Daylight Time |
K:mm a, z | 0:08 PM, PDT |
yyyyy.MMMMM.dd GGG hh:mm aaa | 02001.July.04 AD 12:08 PM |
EEE, d MMM yyyy HH:mm:ss Z | Wed, 4 Jul 2001 12:08:56 -0700 |
yyMMddHHmmssZ | 010704120856-0700 |
yyyy-MM-dd'T'HH:mm:ss.SSSZ | 2001-07-04T12:08:56.235-0700 |
yyyy-MM-dd'T'HH:mm:ss.SSSXXX | 2001-07-04T12:08:56.235-07:00 |
YYYY-'W'ww-u | 2001-W27-3 |
string
outputFormat
object
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
If no inputFormat is provided, the transform assumes that it is in ISO8601 format
oneOf
Construct | Date Time Pattern | Description |
---|---|---|
ISO8601 | yyyy-MM-dd'T'HH:mm:ss.SSSX | The ISO8601 standard. |
LDAP | yyyyMMddHHmmss.Z | The LDAP standard. |
PEOPLE_SOFT | MM/dd/yyyy | The date format People Soft uses. |
EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
EPOCH_TIME_WIN32 | # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
string
Possible values: [ISO8601
, LDAP
, PEOPLE_SOFT
, EPOCH_TIME_JAVA
, EPOCH_TIME_WIN32
]
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. (This table is from the SimpleDateFormat page.)
Date Time Pattern | Result |
---|---|
yyyy.MM.dd G 'at' HH:mm:ss z | 2001.07.04 AD at 12:08:56 PDT |
EEE, MMM d, ''yy | Wed, Jul 4, '01 |
h:mm a | 12:08 PM |
hh 'o''clock' a, zzzz | 12 o'clock PM, Pacific Daylight Time |
K:mm a, z | 0:08 PM, PDT |
yyyyy.MMMMM.dd GGG hh:mm aaa | 02001.July.04 AD 12:08 PM |
EEE, d MMM yyyy HH:mm:ss Z | Wed, 4 Jul 2001 12:08:56 -0700 |
yyMMddHHmmssZ | 010704120856-0700 |
yyyy-MM-dd'T'HH:mm:ss.SSSZ | 2001-07-04T12:08:56.235-0700 |
yyyy-MM-dd'T'HH:mm:ss.SSSXXX | 2001-07-04T12:08:56.235-07:00 |
YYYY-'W'ww-u | 2001-W27-3 |
string
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
secondDate
object
required
This is the second date to consider (The date that would be on the right hand side of the comparison operation).
oneOf
A reference to the source to search for the account
The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.
Default value: created
The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries
The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)
The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false
This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria.
Only certain searchable attributes are available: - nativeIdentity
- the Account ID - displayName
- the Account Name - entitlements
- a boolean value to determine if the account has entitlements
This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset.
All account attributes are available for filtering as this operation is performed in memory.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
inputFormat
object
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
If no inputFormat is provided, the transform assumes that it is in ISO8601 format
oneOf
Construct | Date Time Pattern | Description |
---|---|---|
ISO8601 | yyyy-MM-dd'T'HH:mm:ss.SSSX | The ISO8601 standard. |
LDAP | yyyyMMddHHmmss.Z | The LDAP standard. |
PEOPLE_SOFT | MM/dd/yyyy | The date format People Soft uses. |
EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
EPOCH_TIME_WIN32 | # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
string
Possible values: [ISO8601
, LDAP
, PEOPLE_SOFT
, EPOCH_TIME_JAVA
, EPOCH_TIME_WIN32
]
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. (This table is from the SimpleDateFormat page.)
Date Time Pattern | Result |
---|---|
yyyy.MM.dd G 'at' HH:mm:ss z | 2001.07.04 AD at 12:08:56 PDT |
EEE, MMM d, ''yy | Wed, Jul 4, '01 |
h:mm a | 12:08 PM |
hh 'o''clock' a, zzzz | 12 o'clock PM, Pacific Daylight Time |
K:mm a, z | 0:08 PM, PDT |
yyyyy.MMMMM.dd GGG hh:mm aaa | 02001.July.04 AD 12:08 PM |
EEE, d MMM yyyy HH:mm:ss Z | Wed, 4 Jul 2001 12:08:56 -0700 |
yyMMddHHmmssZ | 010704120856-0700 |
yyyy-MM-dd'T'HH:mm:ss.SSSZ | 2001-07-04T12:08:56.235-0700 |
yyyy-MM-dd'T'HH:mm:ss.SSSXXX | 2001-07-04T12:08:56.235-07:00 |
YYYY-'W'ww-u | 2001-W27-3 |
string
outputFormat
object
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
If no inputFormat is provided, the transform assumes that it is in ISO8601 format
oneOf
Construct | Date Time Pattern | Description |
---|---|---|
ISO8601 | yyyy-MM-dd'T'HH:mm:ss.SSSX | The ISO8601 standard. |
LDAP | yyyyMMddHHmmss.Z | The LDAP standard. |
PEOPLE_SOFT | MM/dd/yyyy | The date format People Soft uses. |
EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
EPOCH_TIME_WIN32 | # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
string
Possible values: [ISO8601
, LDAP
, PEOPLE_SOFT
, EPOCH_TIME_JAVA
, EPOCH_TIME_WIN32
]
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. (This table is from the SimpleDateFormat page.)
Date Time Pattern | Result |
---|---|
yyyy.MM.dd G 'at' HH:mm:ss z | 2001.07.04 AD at 12:08:56 PDT |
EEE, MMM d, ''yy | Wed, Jul 4, '01 |
h:mm a | 12:08 PM |
hh 'o''clock' a, zzzz | 12 o'clock PM, Pacific Daylight Time |
K:mm a, z | 0:08 PM, PDT |
yyyyy.MMMMM.dd GGG hh:mm aaa | 02001.July.04 AD 12:08 PM |
EEE, d MMM yyyy HH:mm:ss Z | Wed, 4 Jul 2001 12:08:56 -0700 |
yyMMddHHmmssZ | 010704120856-0700 |
yyyy-MM-dd'T'HH:mm:ss.SSSZ | 2001-07-04T12:08:56.235-0700 |
yyyy-MM-dd'T'HH:mm:ss.SSSXXX | 2001-07-04T12:08:56.235-07:00 |
YYYY-'W'ww-u | 2001-W27-3 |
string
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
Possible values: [LT
, LTE
, GT
, GTE
]
This is the comparison to perform. | Operation | Description | | --------- | ------- | | LT | Strictly less than: firstDate < secondDate | | LTE | Less than or equal to: firstDate <= secondDate | | GT | Strictly greater than: firstDate > secondDate | | GTE | Greater than or equal to: firstDate >= secondDate |
The output of the transform if the expression evalutes to true
The output of the transform if the expression evalutes to false
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
inputFormat
object
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as.
If no inputFormat is provided, the transform assumes that it is in ISO8601 format
oneOf
Construct | Date Time Pattern | Description |
---|---|---|
ISO8601 | yyyy-MM-dd'T'HH:mm:ss.SSSX | The ISO8601 standard. |
LDAP | yyyyMMddHHmmss.Z | The LDAP standard. |
PEOPLE_SOFT | MM/dd/yyyy | The date format People Soft uses. |
EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
EPOCH_TIME_WIN32 | # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
string
Possible values: [ISO8601
, LDAP
, PEOPLE_SOFT
, EPOCH_TIME_JAVA
, EPOCH_TIME_WIN32
]
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. (This table is from the SimpleDateFormat page.)
Date Time Pattern | Result |
---|---|
yyyy.MM.dd G 'at' HH:mm:ss z | 2001.07.04 AD at 12:08:56 PDT |
EEE, MMM d, ''yy | Wed, Jul 4, '01 |
h:mm a | 12:08 PM |
hh 'o''clock' a, zzzz | 12 o'clock PM, Pacific Daylight Time |
K:mm a, z | 0:08 PM, PDT |
yyyyy.MMMMM.dd GGG hh:mm aaa | 02001.July.04 AD 12:08 PM |
EEE, d MMM yyyy HH:mm:ss Z | Wed, 4 Jul 2001 12:08:56 -0700 |
yyMMddHHmmssZ | 010704120856-0700 |
yyyy-MM-dd'T'HH:mm:ss.SSSZ | 2001-07-04T12:08:56.235-0700 |
yyyy-MM-dd'T'HH:mm:ss.SSSXXX | 2001-07-04T12:08:56.235-07:00 |
YYYY-'W'ww-u | 2001-W27-3 |
string
outputFormat
object
A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into.
If no inputFormat is provided, the transform assumes that it is in ISO8601 format
oneOf
Construct | Date Time Pattern | Description |
---|---|---|
ISO8601 | yyyy-MM-dd'T'HH:mm:ss.SSSX | The ISO8601 standard. |
LDAP | yyyyMMddHHmmss.Z | The LDAP standard. |
PEOPLE_SOFT | MM/dd/yyyy | The date format People Soft uses. |
EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. |
EPOCH_TIME_WIN32 | # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. |
string
Possible values: [ISO8601
, LDAP
, PEOPLE_SOFT
, EPOCH_TIME_JAVA
, EPOCH_TIME_WIN32
]
There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information.
NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. (This table is from the SimpleDateFormat page.)
Date Time Pattern | Result |
---|---|
yyyy.MM.dd G 'at' HH:mm:ss z | 2001.07.04 AD at 12:08:56 PDT |
EEE, MMM d, ''yy | Wed, Jul 4, '01 |
h:mm a | 12:08 PM |
hh 'o''clock' a, zzzz | 12 o'clock PM, Pacific Daylight Time |
K:mm a, z | 0:08 PM, PDT |
yyyyy.MMMMM.dd GGG hh:mm aaa | 02001.July.04 AD 12:08 PM |
EEE, d MMM yyyy HH:mm:ss Z | Wed, 4 Jul 2001 12:08:56 -0700 |
yyMMddHHmmssZ | 010704120856-0700 |
yyyy-MM-dd'T'HH:mm:ss.SSSZ | 2001-07-04T12:08:56.235-0700 |
yyyy-MM-dd'T'HH:mm:ss.SSSXXX | 2001-07-04T12:08:56.235-07:00 |
YYYY-'W'ww-u | 2001-W27-3 |
string
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
A string value of the date and time components to operation on, along with the math operations to execute.
A boolean value to indicate whether the transform should round up or down when a rounding /
operation is defined in the expression.
If not provided, the transform will default to false
true
indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component)
false
indicates the transform should round down (i.e., truncate the fractional date/time component indicated)
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can be used to define the region of the phone number to format into.
If defaultRegion is not provided, it will take US as the default country.
The format of the country code should be in ISO 3166-1 alpha-2 format
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
An array of attributes to evaluate for existence.
a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
The system (camel-cased) name of the identity attribute to bring in
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
An optional value to denote which ISO 3166 format to return. Valid values are:
alpha2
- Two-character country code (e.g., "US"); this is the default value if no format is supplied
alpha3
- Three-character country code (e.g., "USA")
numeric
- The numeric country code (e.g., "840")
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
An integer value for the desired length of the final output string
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
table
object
required
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
Note the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched
Note the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an integer value specifying the size/number of characters the random string must contain
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an integer value specifying the size/number of characters the random string must contain
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This ID specifies the name of the pre-existing transform which you want to use within your current transform
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
table
object
required
An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.
An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This can be a string or a regex pattern in which you want to replace.
This is the replacement string that should be substituded wherever the string or pattern is found.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
An integer value for the desired length of the final output string
A string value representing the character that the incoming data should be padded with to get to the desired length
If not provided, the transform will default to a single space (" ") character for padding
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data
An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.
A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array)
true
- The transform should return "IndexOutOfBoundsException"
false
- The transform should return null
If not provided, the transform will default to false and return a null
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
The index of the first character to include in the returned substring.
If begin
is set to -1, the transform will begin at character 0 of the input data
This integer value is the number of characters to add to the begin attribute when returning a substring.
This attribute is only used if begin is not -1.
The index of the first character to exclude from the returned substring.
If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string.
This integer value is the number of characters to add to the end attribute when returning a substring.
This attribute is only used if end is provided and is not -1.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
input
object
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.
A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process
dependentApps
object[]
Id of the connected Application
Description of the connected Application
Default value: true
Is the Application enabled
Default value: true
Is Provisioning enabled for connected Application
accountSource
object
The Account Source of the connected Application
Use this Account Source for password management
passwordPolicies
object[]
A list of Password Policies for this Account Source
DTO type
ID of the object to which this reference applies
Human-readable display name of the object to which this reference applies
The amount of launchers for connected Application (long type)
Is Provisioning enabled for connected Application
owner
object[]
The owner of the connected Application
Possible values: [ACCOUNT_CORRELATION_CONFIG
, ACCESS_PROFILE
, ACCESS_REQUEST_APPROVAL
, ACCOUNT
, APPLICATION
, CAMPAIGN
, CAMPAIGN_FILTER
, CERTIFICATION
, CLUSTER
, CONNECTOR_SCHEMA
, ENTITLEMENT
, GOVERNANCE_GROUP
, IDENTITY
, IDENTITY_PROFILE
, IDENTITY_REQUEST
, LIFECYCLE_STATE
, PASSWORD_POLICY
, ROLE
, RULE
, SOD_POLICY
, SOURCE
, TAG
, TAG_CATEGORY
, TASK_RESULT
, REPORT_RESULT
, SOD_VIOLATION
, ACCOUNT_ACTIVITY
, WORKGROUP
]
DTO type
ID of the object to which this reference applies
Human-readable display name of the object to which this reference applies
Is App Center enabled for connected Application
missingDependents
object[]
Possible values: [identityProfiles
, credentialProfiles
, mappingProfiles
, sourceAttributes
, dependantCustomTransforms
, dependantApps
]
The type of dependency type that is missing in the SourceConnections
The reason why this dependency is missing
{
"identityProfiles": [
{
"id": "76cfddb62818416f816bc494410f46c4",
"name": "ODS-Identity-Profile",
"identityCount": 100
}
],
"credentialProfiles": [
[
"Profile ODS"
]
],
"sourceAttributes": [
[
"sAMAccountName",
"mail",
"sn",
"givenName",
"displayName",
"employeeNumber",
"manager",
"telephoneNumber"
]
],
"mappingProfiles": [
"ODS-AD-Profile",
"ODS-Profile2"
],
"dependentCustomTransforms": [
{
"name": "Timestamp To Date",
"type": "dateFormat",
"attributes": {}
}
],
"dependentApps": [
{
"cloudAppId": "9e3cdd80edf84f119327df8bbd5bb5ac",
"description": "This is a Sailpoint application",
"enabled": true,
"provisionRequestEnabled": true,
"accountSource": {
"useForPasswordManagement": false,
"passwordPolicies": [
{
"type": "PASSWORD_POLICY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "Policy ODS"
}
]
},
"launcherCount": 100,
"matchAllAccount": true,
"owner": [
{
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "William Wilson"
}
],
"appCenterEnabled": false
}
],
"missingDependents": [
{
"dependencyType": "dependantApps",
"reason": "If there was an error retrieving any dependencies, it would lbe listed here"
}
]
}
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Not Found - returned if the request URL refers to a resource or object that does not exist
- application/json
- Schema
- Example (from schema)
- 404
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 404 response object
{
"detailCode": "404 Not found",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server did not find a current representation for the target resource."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}