IdentityProfiles
Use this API to implement and customize identity profile functionality. With this functionality in place, administrators can manage identity profiles and configure them for use by identities throughout Identity Security Cloud.
Identity profiles represent the configurations that can be applied to identities as a way of granting them a set of security and access, as well as defining the mappings between their identity attributes and their source attributes. This allows administrators to save time by applying identity profiles to any number of similar identities rather than configuring each one individually.
In Identity Security Cloud, administrators can use the Identities drop-down menu and select Identity Profiles to view the list of identity profiles. This list shows some details about each identity profile, along with its status. They can select an identity profile to view and modify its settings, its mappings between identity attributes and correlating source account attributes, and its provisioning settings. Administrators can also use this page to create new identity profiles or delete existing ones.
Refer to Creating Identity Profiles for more information about identity profiles.
All URIs are relative to https://sailpoint.api.identitynow.com/beta
| Method | HTTP request | Description |
|---|---|---|
| New-BetaIdentityProfile | POST /identity-profiles | Create an Identity Profile |
| Remove-BetaIdentityProfile | DELETE /identity-profiles/{identity-profile-id} | Delete an Identity Profile |
| Remove-BetaIdentityProfiles | POST /identity-profiles/bulk-delete | Delete Identity Profiles |
| Export-BetaIdentityProfiles | GET /identity-profiles/export | Export Identity Profiles |
| Get-BetaDefaultIdentityAttributeConfig | GET /identity-profiles/{identity-profile-id}/default-identity-attribute-config | Default identity attribute config |
| Get-BetaIdentityProfile | GET /identity-profiles/{identity-profile-id} | Gets a single Identity Profile |
| Import-BetaIdentityProfiles | POST /identity-profiles/import | Import Identity Profiles |
| Get-BetaIdentityProfiles | GET /identity-profiles | Identity Profiles List |
| Show-BetaGenerateIdentityPreview | POST /identity-profiles/identity-preview | Generate Identity Profile Preview |
| Sync-BetaIdentityProfile | POST /identity-profiles/{identity-profile-id}/process-identities | Process identities under profile |
| Update-BetaIdentityProfile | PATCH /identity-profiles/{identity-profile-id} | Update the Identity Profile |
create-identity-profile
This creates an Identity Profile.
A token with ORG_ADMIN authority is required to call this API to create an Identity Profile.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | IdentityProfile | IdentityProfile | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 201 | The created Identity Profile | IdentityProfile |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$IdentityProfile = @"{
"owner" : {
"name" : "William Wilson",
"id" : "2c9180835d191a86015d28455b4b232a",
"type" : "IDENTITY"
},
"identityExceptionReportReference" : {
"reportName" : "My annual report",
"taskResultId" : "046b6c7f-0b8a-43b9-b35d-6489e6daee91"
},
"authoritativeSource" : {
"name" : "HR Active Directory",
"id" : "2c9180835d191a86015d28455b4b232a",
"type" : "SOURCE"
},
"hasTimeBasedAttr" : true,
"created" : "2023-01-03T21:16:22.432Z",
"description" : "My custom flat file profile",
"identityRefreshRequired" : true,
"identityCount" : 8,
"priority" : 10,
"identityAttributeConfig" : {
"attributeTransforms" : [ {
"transformDefinition" : {
"attributes" : {
"attributeName" : "e-mail",
"sourceName" : "MySource",
"sourceId" : "2c9180877a826e68017a8c0b03da1a53"
},
"type" : "accountAttribute"
},
"identityAttributeName" : "email"
}, {
"transformDefinition" : {
"attributes" : {
"attributeName" : "e-mail",
"sourceName" : "MySource",
"sourceId" : "2c9180877a826e68017a8c0b03da1a53"
},
"type" : "accountAttribute"
},
"identityAttributeName" : "email"
} ],
"enabled" : true
},
"name" : "aName",
"modified" : "2023-01-03T21:16:22.432Z",
"id" : "id12345"
}"@
# Create an Identity Profile
try {
$Result = ConvertFrom-JsonToIdentityProfile -Json $IdentityProfile
New-BetaIdentityProfile -BetaIdentityProfile $Result
# Below is a request that includes all optional parameters
# New-BetaIdentityProfile -BetaIdentityProfile $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling New-BetaIdentityProfile"
Write-Host $_.ErrorDetails
}
delete-identity-profile
This deletes an Identity Profile based on ID.
On success, this endpoint will return a reference to the bulk delete task result.
A token with ORG_ADMIN authority is required to call this API.
The following rights are required to access this endpoint: idn:identity-profile:delete
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | IdentityProfileId | String | True | The Identity Profile ID. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 202 | Accepted - Returns a TaskResult object referencing the bulk delete job created. | TaskResultSimplified |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$IdentityProfileId = "ef38f94347e94562b5bb8424a56397d8" # String | The Identity Profile ID.
# Delete an Identity Profile
try {
Remove-BetaIdentityProfile -IdentityProfileId $IdentityProfileId
# Below is a request that includes all optional parameters
# Remove-BetaIdentityProfile -IdentityProfileId $IdentityProfileId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Remove-BetaIdentityProfile"
Write-Host $_.ErrorDetails
}
delete-identity-profiles
This deletes multiple Identity Profiles via a list of supplied IDs.
On success, this endpoint will return a reference to the bulk delete task result.
A token with ORG_ADMIN authority is required to call this API.
The following rights are required to access this endpoint: idn:identity-profile:delete
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | RequestBody | []String | True | Identity Profile bulk delete request body. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 202 | Accepted - Returns a TaskResult object referencing the bulk delete job created. | TaskResultSimplified |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$RequestBody = "MyRequestBody" # String[] | Identity Profile bulk delete request body.
$RequestBody = @""@ # String[] | Identity Profile bulk delete request body.
# Delete Identity Profiles
try {
$Result = ConvertFrom-JsonToRequestBody -Json $RequestBody
Remove-BetaIdentityProfiles -RequestBody $Result
# Below is a request that includes all optional parameters
# Remove-BetaIdentityProfiles -RequestBody $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Remove-BetaIdentityProfiles"
Write-Host $_.ErrorDetails
}
export-identity-profiles
This exports existing identity profiles in the format specified by the sp-config service.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: id: eq, ne name: eq, ne priority: eq, ne |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: id, name, priority |
Return type
IdentityProfileExportedObject[]
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | List of export objects with identity profiles. | IdentityProfileExportedObject[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
$Filters = 'id eq 8c190e6787aa4ed9a90bd9d5344523fb' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, ne* **name**: *eq, ne* **priority**: *eq, ne* (optional)
$Sorters = "name,-priority" # String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, priority** (optional)
# Export Identity Profiles
try {
Export-BetaIdentityProfiles
# Below is a request that includes all optional parameters
# Export-BetaIdentityProfiles -Limit $Limit -Offset $Offset -Count $Count -Filters $Filters -Sorters $Sorters
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Export-BetaIdentityProfiles"
Write-Host $_.ErrorDetails
}
get-default-identity-attribute-config
This returns the default identity attribute config A token with ORG_ADMIN authority is required to call this API to get the default identity attribute config.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | IdentityProfileId | String | True | The Identity Profile ID |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | An Identity Attribute Config object | IdentityAttributeConfig |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$IdentityProfileId = "ef38f94347e94562b5bb8424a56397d8" # String | The Identity Profile ID
# Default identity attribute config
try {
Get-BetaDefaultIdentityAttributeConfig -IdentityProfileId $IdentityProfileId
# Below is a request that includes all optional parameters
# Get-BetaDefaultIdentityAttributeConfig -IdentityProfileId $IdentityProfileId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaDefaultIdentityAttributeConfig"
Write-Host $_.ErrorDetails
}
get-identity-profile
This returns a single Identity Profile based on ID.
A token with ORG_ADMIN or API authority is required to call this API.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | IdentityProfileId | String | True | The Identity Profile ID |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | An Identity Profile object | IdentityProfile |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$IdentityProfileId = "ef38f94347e94562b5bb8424a56397d8" # String | The Identity Profile ID
# Gets a single Identity Profile
try {
Get-BetaIdentityProfile -IdentityProfileId $IdentityProfileId
# Below is a request that includes all optional parameters
# Get-BetaIdentityProfile -IdentityProfileId $IdentityProfileId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaIdentityProfile"
Write-Host $_.ErrorDetails
}
import-identity-profiles
This imports previously exported identity profiles.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | IdentityProfileExportedObject | []IdentityProfileExportedObject | True | Previously exported Identity Profiles. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | The result of importing Identity Profiles. | ObjectImportResult |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$IdentityProfileExportedObject = @"{
"self" : {
"name" : "HR Active Directory",
"id" : "2c9180835d191a86015d28455b4b232a",
"type" : "SOURCE"
},
"version" : 1,
"object" : {
"owner" : {
"name" : "William Wilson",
"id" : "2c9180835d191a86015d28455b4b232a",
"type" : "IDENTITY"
},
"identityExceptionReportReference" : {
"reportName" : "My annual report",
"taskResultId" : "2b838de9-db9b-abcf-e646-d4f274ad4238"
},
"authoritativeSource" : {
"name" : "HR Active Directory",
"id" : "2c9180835d191a86015d28455b4b232a",
"type" : "SOURCE"
},
"hasTimeBasedAttr" : true,
"created" : "2015-05-28T14:07:17Z",
"description" : "My custom flat file profile",
"identityRefreshRequired" : true,
"identityCount" : 8,
"priority" : 10,
"identityAttributeConfig" : {
"attributeTransforms" : [ {
"transformDefinition" : {
"attributes" : {
"attributeName" : "e-mail",
"sourceName" : "MySource",
"sourceId" : "2c9180877a826e68017a8c0b03da1a53"
},
"type" : "accountAttribute"
},
"identityAttributeName" : "email"
}, {
"transformDefinition" : {
"attributes" : {
"attributeName" : "e-mail",
"sourceName" : "MySource",
"sourceId" : "2c9180877a826e68017a8c0b03da1a53"
},
"type" : "accountAttribute"
},
"identityAttributeName" : "email"
} ],
"enabled" : true
},
"name" : "aName",
"modified" : "2015-05-28T14:07:17Z",
"id" : "id12345"
}
}"@ # IdentityProfileExportedObject[] | Previously exported Identity Profiles.
# Import Identity Profiles
try {
$Result = ConvertFrom-JsonToIdentityProfileExportedObject -Json $IdentityProfileExportedObject
Import-BetaIdentityProfiles -BetaIdentityProfileExportedObject $Result
# Below is a request that includes all optional parameters
# Import-BetaIdentityProfiles -BetaIdentityProfileExportedObject $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Import-BetaIdentityProfiles"
Write-Host $_.ErrorDetails
}
list-identity-profiles
This returns a list of Identity Profiles based on the specified query parameters. A token with ORG_ADMIN or API authority is required to call this API to get a list of Identity Profiles.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: id: eq, ne, ge, gt, in, le, lt, isnull, sw name: eq, ne, in, le, lt, isnull, sw priority: eq, ne |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: id, name, priority, created, modified, owner.id, owner.name |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | List of identityProfiles. | IdentityProfile[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
$Filters = 'id eq 8c190e6787aa4ed9a90bd9d5344523fb' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, ne, ge, gt, in, le, lt, isnull, sw* **name**: *eq, ne, in, le, lt, isnull, sw* **priority**: *eq, ne* (optional)
$Sorters = "name,-priority" # String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, priority, created, modified, owner.id, owner.name** (optional)
# Identity Profiles List
try {
Get-BetaIdentityProfiles
# Below is a request that includes all optional parameters
# Get-BetaIdentityProfiles -Limit $Limit -Offset $Offset -Count $Count -Filters $Filters -Sorters $Sorters
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaIdentityProfiles"
Write-Host $_.ErrorDetails
}
show-generate-identity-preview
Use this API to generate a non-persisted preview of the identity object after applying IdentityAttributeConfig sent in request body.
This API only allows accountAttribute, reference and rule transform types in the IdentityAttributeConfig sent in the request body.
A token with ORG_ADMIN authority is required to call this API to generate an identity preview.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | IdentityPreviewRequest | IdentityPreviewRequest | True | Identity Preview request body. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | A preview of the identity attributes after applying identity attributes config sent in request body. | IdentityPreviewResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$IdentityPreviewRequest = @"{
"identityId" : "046b6c7f-0b8a-43b9-b35d-6489e6daee91",
"identityAttributeConfig" : {
"attributeTransforms" : [ {
"transformDefinition" : {
"attributes" : {
"attributeName" : "e-mail",
"sourceName" : "MySource",
"sourceId" : "2c9180877a826e68017a8c0b03da1a53"
},
"type" : "accountAttribute"
},
"identityAttributeName" : "email"
}, {
"transformDefinition" : {
"attributes" : {
"attributeName" : "e-mail",
"sourceName" : "MySource",
"sourceId" : "2c9180877a826e68017a8c0b03da1a53"
},
"type" : "accountAttribute"
},
"identityAttributeName" : "email"
} ],
"enabled" : true
}
}"@
# Generate Identity Profile Preview
try {
$Result = ConvertFrom-JsonToIdentityPreviewRequest -Json $IdentityPreviewRequest
Show-BetaGenerateIdentityPreview -BetaIdentityPreviewRequest $Result
# Below is a request that includes all optional parameters
# Show-BetaGenerateIdentityPreview -BetaIdentityPreviewRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Show-BetaGenerateIdentityPreview"
Write-Host $_.ErrorDetails
}
sync-identity-profile
Process identities under the profile
This operation should not be used to schedule your own identity processing or to perform system wide identity refreshes. The system will use a combination of event-based processing and scheduled processing that runs every day at 8:00 AM and 8:00 PM in the tenant's timezone to keep your identities synchronized.
This should only be run on identity profiles that have the identityRefreshRequired attribute set to true. If identityRefreshRequired is false, then there is no benefit to running this operation. Typically, this operation is performed when a change is made to the identity profile or its related lifecycle states that requires a refresh.
This operation will perform the following activities on all identities under the identity profile.
- Updates identity attribute according to the identity profile mappings. 2. Determines the identity's correct manager through manager correlation. 3. Updates the identity's access according to their assigned lifecycle state. 4. Updates the identity's access based on role assignment criteria. A token with ORG_ADMIN authority is required to call this API.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | IdentityProfileId | String | True | The Identity Profile ID to be processed |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 202 | Accepted - Returned if the request was successfully accepted into the system. | SystemCollectionsHashtable |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$IdentityProfileId = "ef38f94347e94562b5bb8424a56397d8" # String | The Identity Profile ID to be processed
# Process identities under profile
try {
Sync-BetaIdentityProfile -IdentityProfileId $IdentityProfileId
# Below is a request that includes all optional parameters
# Sync-BetaIdentityProfile -IdentityProfileId $IdentityProfileId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Sync-BetaIdentityProfile"
Write-Host $_.ErrorDetails
}
update-identity-profile
This updates the specified Identity Profile.
A token with ORG_ADMIN authority is required to call this API to update the Identity Profile.
Some fields of the Schema cannot be updated. These fields are listed below:
- id
- name
- created
- modified
- identityCount
- identityRefreshRequired
- Authoritative Source and Identity Attribute Configuration cannot be modified at once.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | IdentityProfileId | String | True | The Identity Profile ID |
| Body | JsonPatchOperation | []JsonPatchOperation | True | A list of Identity Profile update operations according to the JSON Patch standard. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | The updated Identity Profile. | IdentityProfile |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json-patch+json
- Accept: application/json
Example
$IdentityProfileId = "ef38f94347e94562b5bb8424a56397d8" # String | The Identity Profile ID
$JsonPatchOperation = @"{
"op" : "replace",
"path" : "/description",
"value" : "New description"
}"@ # JsonPatchOperation[] | A list of Identity Profile update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
# Update the Identity Profile
try {
$Result = ConvertFrom-JsonToJsonPatchOperation -Json $JsonPatchOperation
Update-BetaIdentityProfile -IdentityProfileId $IdentityProfileId -BetaJsonPatchOperation $Result
# Below is a request that includes all optional parameters
# Update-BetaIdentityProfile -IdentityProfileId $IdentityProfileId -BetaJsonPatchOperation $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-BetaIdentityProfile"
Write-Host $_.ErrorDetails
}