All URIs are relative to https://sailpoint.api.identitynow.com/beta
create-role-insight-requests
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
Submits a create role insights request to the role insights application. At this time there are no parameters. All business roles will be processed for the customer.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
Return type
RoleInsightsResponse
Responses
| Code | Description | Data Type |
|---|
| 201 | Submitted a role insights generation request | RoleInsightsResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
try {
New-BetaRoleInsightRequests
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling New-BetaRoleInsightRequests"
Write-Host $_.ErrorDetails
}
[Back to top]
download-role-insights-entitlements-changes
This endpoint returns the entitlement insights for a role.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | InsightId | String | True | The role insight id |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: identitiesWithAccess The default sort is identitiesWithAccess in descending order. |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: name: sw description: sw |
Return type
String
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a csv file containing a list of entitlements to be added for a role. | String |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: text/csv, application/json
Example
$InsightId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$Sorters = "identitiesWithAccess"
$Filters = 'name sw "r"'
try {
Invoke-BetaDownloadRoleInsightsEntitlementsChanges -InsightId $InsightId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Invoke-BetaDownloadRoleInsightsEntitlementsChanges"
Write-Host $_.ErrorDetails
}
[Back to top]
get-entitlement-changes-identities
Role insights suggests entitlements to be added for a role. This endpoint returns a list of identities in the role, with or without the entitlements, for a suggested entitlement so that the user can see which identities would be affected if the suggested entitlement were to be added to the role.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | InsightId | String | True | The role insight id |
| Path | EntitlementId | String | True | The entitlement id |
| Query | HasEntitlement | Boolean | (optional) (default to $false) | Identity has this entitlement or not |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: name |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: name: sw |
Return type
RoleInsightsIdentities[]
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a list of identities with or without the entitlement. | RoleInsightsIdentities[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$InsightId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$EntitlementId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$HasEntitlement = $true
$Offset = 0
$Limit = 250
$Count = $true
$Sorters = "name"
$Filters = 'name sw "Jan"'
try {
Get-BetaEntitlementChangesIdentities -InsightId $InsightId -EntitlementId $EntitlementId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaEntitlementChangesIdentities"
Write-Host $_.ErrorDetails
}
[Back to top]
get-role-insight
This endpoint gets role insights information for a role.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | InsightId | String | True | The role insight id |
Return type
RoleInsight
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns information about insights for a single role. | RoleInsight |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$InsightId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
try {
Get-BetaRoleInsight -InsightId $InsightId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaRoleInsight"
Write-Host $_.ErrorDetails
}
[Back to top]
get-role-insights
This method returns detailed role insights for each role.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: numberOfUpdates, identitiesWithAccess, totalNumberOfIdentities |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: name: sw ownerName: sw description: sw |
Return type
RoleInsight[]
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a list of roles with information about insights for each role. | RoleInsight[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$Offset = 0
$Limit = 250
$Count = $true
$Sorters = "numberOfUpdates"
$Filters = 'name sw "John"'
try {
Get-BetaRoleInsights
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaRoleInsights"
Write-Host $_.ErrorDetails
}
[Back to top]
get-role-insights-current-entitlements
This endpoint gets the entitlements for a role. The term "current" is to distinguish from the entitlement(s) an insight might recommend adding.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | InsightId | String | True | The role insight id |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: name: sw description: sw |
Return type
RoleInsightsEntitlement[]
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a list of current or pre-existing entitlements for a role. | RoleInsightsEntitlement[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$InsightId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$Filters = 'name sw "r"'
try {
Get-BetaRoleInsightsCurrentEntitlements -InsightId $InsightId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaRoleInsightsCurrentEntitlements"
Write-Host $_.ErrorDetails
}
[Back to top]
get-role-insights-entitlements-changes
This endpoint returns entitlement insights for a role.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | InsightId | String | True | The role insight id |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: identitiesWithAccess, name |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: name: sw description: sw |
Return type
RoleInsightsEntitlementChanges[]
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns a list of entitlements to be added for a role. | RoleInsightsEntitlementChanges[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$InsightId = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
$Sorters = "MySorters"
$Filters = 'name sw "Admin"'
try {
Get-BetaRoleInsightsEntitlementsChanges -InsightId $InsightId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaRoleInsightsEntitlementsChanges"
Write-Host $_.ErrorDetails
}
[Back to top]
get-role-insights-requests
This endpoint has been deprecated and may be replaced or removed in future versions of the API.
This endpoint returns details of a prior role insights request.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | Id | String | True | The role insights request id |
Return type
RoleInsightsResponse
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns details of an earlier role insights request. | RoleInsightsResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$Id = "8c190e67-87aa-4ed9-a90b-d9d5344523fb"
try {
Get-BetaRoleInsightsRequests -Id $Id
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaRoleInsightsRequests"
Write-Host $_.ErrorDetails
}
[Back to top]
get-role-insights-summary
This method returns high level summary information for role insights for a customer.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
Return type
RoleInsightsSummary
Responses
| Code | Description | Data Type |
|---|
| 200 | Succeeded. Returns high level counts. | RoleInsightsSummary |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
try {
Get-BetaRoleInsightsSummary
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaRoleInsightsSummary"
Write-Host $_.ErrorDetails
}
[Back to top]