Accounts
Use this API to implement and customize account functionality. With this functionality in place, administrators can manage users' access across sources in Identity Security Cloud.
In Identity Security Cloud, an account refers to a user's account on a supported source. This typically includes a unique identifier for the user, a unique password, a set of permissions associated with the source and a set of attributes. Identity Security Cloud loads accounts through the creation of sources in Identity Security Cloud.
Administrators can correlate users' identities with the users' accounts on the different sources they use. This allows Identity Security Cloud to govern the access of identities and all their correlated accounts securely and cohesively.
To view the accounts on a source and their correlated identities, administrators can use the Connections drop-down menu, select Sources, select the relevant source, and select its Account tab.
To view and edit source account statuses for an identity in Identity Security Cloud, administrators can use the Identities drop-down menu, select Identity List, select the relevant identity, and select its Accounts tab. Administrators can toggle an account's Actions to aggregate the account, enable/disable it, unlock it, or remove it from the identity.
Accounts can have the following statuses:
-
Enabled: The account is enabled. The user can access it.
-
Disabled: The account is disabled, and the user cannot access it, but the identity is not disabled in Identity Security Cloud. This can occur when an administrator disables the account or when the user's lifecycle state changes.
-
Locked: The account is locked. This may occur when someone has entered an incorrect password for the account too many times.
-
Pending: The account is currently updating. This status typically lasts seconds.
Administrators can select the source account to view its attributes, entitlements, and the last time the account's password was changed.
Refer to Managing User Accounts for more information about accounts.
All URIs are relative to https://sailpoint.api.identitynow.com/beta
| Method | HTTP request | Description |
|---|---|---|
| New-BetaAccount | POST /accounts | Create Account |
| Remove-BetaAccount | DELETE /accounts/{id} | Delete Account |
| Remove-BetaAccountAsync | POST /accounts/{id}/remove | Remove Account |
| Disable-BetaAccount | POST /accounts/{id}/disable | Disable Account |
| Disable-BetaAccountForIdentity | POST /identities-accounts/{id}/disable | Disable IDN Account for Identity |
| Disable-BetaAccountsForIdentities | POST /identities-accounts/disable | Disable IDN Accounts for Identities |
| Enable-BetaAccount | POST /accounts/{id}/enable | Enable Account |
| Enable-BetaAccountForIdentity | POST /identities-accounts/{id}/enable | Enable IDN Account for Identity |
| Enable-BetaAccountsForIdentities | POST /identities-accounts/enable | Enable IDN Accounts for Identities |
| Get-BetaAccount | GET /accounts/{id} | Account Details |
| Get-BetaAccountEntitlements | GET /accounts/{id}/entitlements | Account Entitlements |
| Get-BetaAccounts | GET /accounts | Accounts List |
| Send-BetaAccount | PUT /accounts/{id} | Update Account |
| Submit-BetaReloadAccount | POST /accounts/{id}/reload | Reload Account |
| Unlock-BetaAccount | POST /accounts/{id}/unlock | Unlock Account |
| Update-BetaAccount | PATCH /accounts/{id} | Update Account |
create-account
Submits an account creation task - the API then returns the task ID.
The sourceId where this account will be created must be included in the attributes object.
This endpoint creates an account on the source record in your ISC tenant.
This is useful for Flat File (DelimitedFile) type sources because it allows you to aggregate new accounts without needing to import a new CSV file every time.
However, if you use this endpoint to create an account for a Direct Connection type source, you must ensure that the account also exists on the target source. The endpoint doesn't actually provision the account on the target source, which means that if the account doesn't also exist on the target source, an aggregation between the source and your tenant will remove it from your tenant.
By providing the account ID of an existing account in the request body, this API will function as a PATCH operation and update the account.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | AccountAttributesCreate | AccountAttributesCreate | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 202 | Async task details. | AccountsAsyncResult |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$AccountAttributesCreate = @"{
"attributes" : {
"sourceId" : "34bfcbe116c9407464af37acbaf7a4dc",
"city" : "Austin",
"displayName" : "John Doe",
"userName" : "jdoe",
"sAMAccountName" : "jDoe",
"mail" : "john.doe@sailpoint.com"
}
}"@
# Create Account
try {
$Result = ConvertFrom-JsonToAccountAttributesCreate -Json $AccountAttributesCreate
New-BetaAccount -BetaAccountAttributesCreate $Result
# Below is a request that includes all optional parameters
# New-BetaAccount -BetaAccountAttributesCreate $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling New-BetaAccount"
Write-Host $_.ErrorDetails
}
delete-account
Use this API to delete an account. This endpoint submits an account delete task and returns the task ID. This endpoint only deletes the account from IdentityNow, not the source itself, which can result in the account's returning with the next aggregation between the source and IdentityNow. To avoid this scenario, it is recommended that you disable accounts rather than delete them. This will also allow you to reenable the accounts in the future. A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
NOTE: You can only delete accounts from sources of the "DelimitedFile" type.**
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Id | String | True | Account ID. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 202 | Async task details. | AccountsAsyncResult |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Id = "ef38f94347e94562b5bb8424a56397d8" # String | Account ID.
# Delete Account
try {
Remove-BetaAccount -Id $Id
# Below is a request that includes all optional parameters
# Remove-BetaAccount -Id $Id
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Remove-BetaAccount"
Write-Host $_.ErrorDetails
}
delete-account-async
Use this endpoint to remove accounts from the system without provisioning changes to the source. Accounts that are removed could be re-created during the next aggregation.
This endpoint is good for:
- Removing accounts that no longer exist on the source.
- Removing accounts that won't be aggregated following updates to the source configuration.
- Forcing accounts to be re-created following the next aggregation to re-run account processing, support testing, etc.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Id | String | True | The account id |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 202 | Accepted. Returns task result details of removal request. | TaskResultDto |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Id = "c350d6aa4f104c61b062cb632421ad10" # String | The account id
# Remove Account
try {
Remove-BetaAccountAsync -Id $Id
# Below is a request that includes all optional parameters
# Remove-BetaAccountAsync -Id $Id
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Remove-BetaAccountAsync"
Write-Host $_.ErrorDetails
}
disable-account
This API submits a task to disable the account and returns the task ID.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Id | String | True | The account id |
| Body | AccountToggleRequest | AccountToggleRequest | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 202 | Async task details | AccountsAsyncResult |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$Id = "ef38f94347e94562b5bb8424a56397d8" # String | The account id
$AccountToggleRequest = @"{
"forceProvisioning" : false,
"externalVerificationId" : "3f9180835d2e5168015d32f890ca1581"
}"@
# Disable Account
try {
$Result = ConvertFrom-JsonToAccountToggleRequest -Json $AccountToggleRequest
Disable-BetaAccount -Id $Id -BetaAccountToggleRequest $Result
# Below is a request that includes all optional parameters
# Disable-BetaAccount -Id $Id -BetaAccountToggleRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Disable-BetaAccount"
Write-Host $_.ErrorDetails
}
disable-account-for-identity
This API submits a task to disable IDN account for a single identity.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Id | String | True | The identity id. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 202 | Accepted - Returned if the request was successfully accepted into the system. | SystemCollectionsHashtable |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Id = "2c91808384203c2d018437e631158309" # String | The identity id.
# Disable IDN Account for Identity
try {
Disable-BetaAccountForIdentity -Id $Id
# Below is a request that includes all optional parameters
# Disable-BetaAccountForIdentity -Id $Id
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Disable-BetaAccountForIdentity"
Write-Host $_.ErrorDetails
}
disable-accounts-for-identities
This API submits tasks to disable IDN account for each identity provided in the request body.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | IdentitiesAccountsBulkRequest | IdentitiesAccountsBulkRequest | True |
Return type
BulkIdentitiesAccountsResponse[]
Responses
| Code | Description | Data Type |
|---|---|---|
| 207 | Bulk response details. | BulkIdentitiesAccountsResponse[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$IdentitiesAccountsBulkRequest = @"{
"identityIds" : [ "2c91808384203c2d018437e631158308", "2c9180858082150f0180893dbaf553fe" ]
}"@
# Disable IDN Accounts for Identities
try {
$Result = ConvertFrom-JsonToIdentitiesAccountsBulkRequest -Json $IdentitiesAccountsBulkRequest
Disable-BetaAccountsForIdentities -BetaIdentitiesAccountsBulkRequest $Result
# Below is a request that includes all optional parameters
# Disable-BetaAccountsForIdentities -BetaIdentitiesAccountsBulkRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Disable-BetaAccountsForIdentities"
Write-Host $_.ErrorDetails
}
enable-account
This API submits a task to enable account and returns the task ID.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Id | String | True | The account id |
| Body | AccountToggleRequest | AccountToggleRequest | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 202 | Async task details | AccountsAsyncResult |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$Id = "ef38f94347e94562b5bb8424a56397d8" # String | The account id
$AccountToggleRequest = @"{
"forceProvisioning" : false,
"externalVerificationId" : "3f9180835d2e5168015d32f890ca1581"
}"@
# Enable Account
try {
$Result = ConvertFrom-JsonToAccountToggleRequest -Json $AccountToggleRequest
Enable-BetaAccount -Id $Id -BetaAccountToggleRequest $Result
# Below is a request that includes all optional parameters
# Enable-BetaAccount -Id $Id -BetaAccountToggleRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Enable-BetaAccount"
Write-Host $_.ErrorDetails
}
enable-account-for-identity
This API submits a task to enable IDN account for a single identity.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Id | String | True | The identity id. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 202 | Accepted - Returned if the request was successfully accepted into the system. | SystemCollectionsHashtable |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Id = "2c91808384203c2d018437e631158309" # String | The identity id.
# Enable IDN Account for Identity
try {
Enable-BetaAccountForIdentity -Id $Id
# Below is a request that includes all optional parameters
# Enable-BetaAccountForIdentity -Id $Id
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Enable-BetaAccountForIdentity"
Write-Host $_.ErrorDetails
}
enable-accounts-for-identities
This API submits tasks to enable IDN account for each identity provided in the request body.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | IdentitiesAccountsBulkRequest | IdentitiesAccountsBulkRequest | True |
Return type
BulkIdentitiesAccountsResponse[]
Responses
| Code | Description | Data Type |
|---|---|---|
| 207 | Bulk response details. | BulkIdentitiesAccountsResponse[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$IdentitiesAccountsBulkRequest = @"{
"identityIds" : [ "2c91808384203c2d018437e631158308", "2c9180858082150f0180893dbaf553fe" ]
}"@
# Enable IDN Accounts for Identities
try {
$Result = ConvertFrom-JsonToIdentitiesAccountsBulkRequest -Json $IdentitiesAccountsBulkRequest
Enable-BetaAccountsForIdentities -BetaIdentitiesAccountsBulkRequest $Result
# Below is a request that includes all optional parameters
# Enable-BetaAccountsForIdentities -BetaIdentitiesAccountsBulkRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Enable-BetaAccountsForIdentities"
Write-Host $_.ErrorDetails
}
get-account
Use this API to return the details for a single account by its ID.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Id | String | True | Account ID. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | Account object. | Account |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Id = "ef38f94347e94562b5bb8424a56397d8" # String | Account ID.
# Account Details
try {
Get-BetaAccount -Id $Id
# Below is a request that includes all optional parameters
# Get-BetaAccount -Id $Id
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaAccount"
Write-Host $_.ErrorDetails
}
get-account-entitlements
This API returns entitlements of the account.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Id | String | True | The account id |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | An array of account entitlements | Entitlement[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Id = "ef38f94347e94562b5bb8424a56397d8" # String | The account id
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
# Account Entitlements
try {
Get-BetaAccountEntitlements -Id $Id
# Below is a request that includes all optional parameters
# Get-BetaAccountEntitlements -Id $Id -Offset $Offset -Limit $Limit -Count $Count
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaAccountEntitlements"
Write-Host $_.ErrorDetails
}
list-accounts
List accounts.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Query | DetailLevel | String | (optional) | This value determines whether the API provides SLIM or increased level of detail (FULL) for each account in the returned list. FULL is the default behavior. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: id: eq, in, sw identityId: eq, in, sw name: eq, in, sw nativeIdentity: eq, in, sw sourceId: eq, in, sw uncorrelated: eq entitlements: eq origin: eq, in manuallyCorrelated: eq identity.name: eq, in, sw identity.correlated: eq identity.identityState: eq, in source.displayableName: eq, in source.authoritative: eq source.connectionType: eq, in recommendation.method: eq, in, isnull |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: id, name, created, modified, sourceId, identityId, identity.id, nativeIdentity, uuid, manuallyCorrelated, entitlements, origin, identity.name, identity.identityState, identity.correlated, source.displayableName, source.authoritative, source.connectionType |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | List of account objects. | Account[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$DetailLevel = "SLIM" # String | This value determines whether the API provides `SLIM` or increased level of detail (`FULL`) for each account in the returned list. `FULL` is the default behavior. (optional)
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
$Filters = 'identityId eq "2c9180858082150f0180893dbaf44201"' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in, sw* **identityId**: *eq, in, sw* **name**: *eq, in, sw* **nativeIdentity**: *eq, in, sw* **sourceId**: *eq, in, sw* **uncorrelated**: *eq* **entitlements**: *eq* **origin**: *eq, in* **manuallyCorrelated**: *eq* **identity.name**: *eq, in, sw* **identity.correlated**: *eq* **identity.identityState**: *eq, in* **source.displayableName**: *eq, in* **source.authoritative**: *eq* **source.connectionType**: *eq, in* **recommendation.method**: *eq, in, isnull* (optional)
$Sorters = "id,name" # String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, sourceId, identityId, identity.id, nativeIdentity, uuid, manuallyCorrelated, entitlements, origin, identity.name, identity.identityState, identity.correlated, source.displayableName, source.authoritative, source.connectionType** (optional)
# Accounts List
try {
Get-BetaAccounts
# Below is a request that includes all optional parameters
# Get-BetaAccounts -DetailLevel $DetailLevel -Limit $Limit -Offset $Offset -Count $Count -Filters $Filters -Sorters $Sorters
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaAccounts"
Write-Host $_.ErrorDetails
}
put-account
Use this API to update an account with a PUT request.
This endpoint submits an account update task and returns the task ID.
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
Note: You can only use this PUT endpoint to update accounts from flat file sources.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Id | String | True | Account ID. |
| Body | AccountAttributes | AccountAttributes | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 202 | Async task details. | AccountsAsyncResult |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$Id = "ef38f94347e94562b5bb8424a56397d8" # String | Account ID.
$AccountAttributes = @"{
"attributes" : {
"city" : "Austin",
"displayName" : "John Doe",
"userName" : "jdoe",
"sAMAccountName" : "jDoe",
"mail" : "john.doe@sailpoint.com"
}
}"@
# Update Account
try {
$Result = ConvertFrom-JsonToAccountAttributes -Json $AccountAttributes
Send-BetaAccount -Id $Id -BetaAccountAttributes $Result
# Below is a request that includes all optional parameters
# Send-BetaAccount -Id $Id -BetaAccountAttributes $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-BetaAccount"
Write-Host $_.ErrorDetails
}
submit-reload-account
This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Id | String | True | The account id |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 202 | Async task details | AccountsAsyncResult |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Id = "ef38f94347e94562b5bb8424a56397d8" # String | The account id
# Reload Account
try {
Submit-BetaReloadAccount -Id $Id
# Below is a request that includes all optional parameters
# Submit-BetaReloadAccount -Id $Id
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Submit-BetaReloadAccount"
Write-Host $_.ErrorDetails
}
unlock-account
This API submits a task to unlock an account and returns the task ID.
To use this endpoint to unlock an account that has the forceProvisioning option set to true, the idn:accounts-provisioning:manage scope is required.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Id | String | True | The account ID. |
| Body | AccountUnlockRequest | AccountUnlockRequest | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 202 | Async task details | AccountsAsyncResult |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$Id = "ef38f94347e94562b5bb8424a56397d8" # String | The account ID.
$AccountUnlockRequest = @"{
"forceProvisioning" : false,
"externalVerificationId" : "3f9180835d2e5168015d32f890ca1581",
"unlockIDNAccount" : false
}"@
# Unlock Account
try {
$Result = ConvertFrom-JsonToAccountUnlockRequest -Json $AccountUnlockRequest
Unlock-BetaAccount -Id $Id -BetaAccountUnlockRequest $Result
# Below is a request that includes all optional parameters
# Unlock-BetaAccount -Id $Id -BetaAccountUnlockRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Unlock-BetaAccount"
Write-Host $_.ErrorDetails
}
update-account
Use this API to update account details. A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
This API supports updating an account's correlation by modifying the identityId and manuallyCorrelated fields.
To reassign an account from one identity to another, replace the current identityId with a new value.
If the account you're assigning was provisioned by Identity Security Cloud (ISC), it's possible for ISC to create a new account
for the previous identity as soon as the account is moved. If the account you're assigning is authoritative,
this causes the previous identity to become uncorrelated and can even result in its deletion.
All accounts that are reassigned will be set to manuallyCorrelated: true unless you specify otherwise.
Note: The
attributesfield can only be modified for flat file accounts.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Id | String | True | Account ID. |
| Body | RequestBody | []SystemCollectionsHashtable | True | A list of account update operations according to the JSON Patch standard. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 202 | Accepted - Returned if the request was successfully accepted into the system. | SystemCollectionsHashtable |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json-patch+json
- Accept: application/json
Example
$Id = "ef38f94347e94562b5bb8424a56397d8" # String | Account ID.
$RequestBody = # SystemCollectionsHashtable[] | A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
$RequestBody = @"{Uncorrelate account={description=Remove account from Identity, value=[{op=remove, path=/identityId}]}, Reassign account={description=Move account from one Identity to another Identity, value=[{op=replace, path=/identityId, value=2c9180857725c14301772a93bb77242d}]}, Add account attribute={description=Add flat file account's attribute, value=[{op=add, path=/attributes/familyName, value=Smith}]}, Replace account attribute={description=Replace flat file account's attribute, value=[{op=replace, path=/attributes/familyName, value=Smith}]}, Remove account attribute={description=Remove flat file account's attribute, value=[{op=remove, path=/attributes/familyName}]}}"@ # SystemCollectionsHashtable[] | A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
# Update Account
try {
$Result = ConvertFrom-JsonToRequestBody -Json $RequestBody
Update-BetaAccount -Id $Id -RequestBody $Result
# Below is a request that includes all optional parameters
# Update-BetaAccount -Id $Id -RequestBody $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-BetaAccount"
Write-Host $_.ErrorDetails
}