Use this API to implement work reassignment functionality.
Work Reassignment allows access request reviews, certifications, and manual provisioning tasks assigned to a user to be reassigned to a different user. This is primarily used for:
- Temporarily redirecting work for users who are out of office, such as on vacation or sick leave
- Permanently redirecting work for users who should not be assigned these tasks at all, such as senior executives or service identities
Users can define reassignments for themselves, managers can add them for their team members, and administrators can configure them on any user’s behalf. Work assigned during the specified reassignment timeframes will be automatically reassigned to the designated user as it is created.
Refer to Work Reassignment for more information about this topic.
All URIs are relative to https://sailpoint.api.identitynow.com/beta
create-reassignment-configuration
Creates a new Reassignment Configuration for the specified identity.
API Spec
Parameters
Return type
ConfigurationItemResponse
Responses
| Code | Description | Data Type |
|---|
| 201 | The newly created Reassignment Configuration object | ConfigurationItemResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: application/json
- Accept: application/json
Example
$ConfigurationItemRequest = @"{
"endDate" : "2022-07-30T17:00:00Z",
"reassignedFromId" : "2c91808781a71ddb0181b9090b5c504e",
"configType" : "ACCESS_REQUESTS",
"reassignedToId" : "2c91808781a71ddb0181b9090b53504a",
"startDate" : "2022-07-21T11:13:12.345Z"
}"@
try {
$Result = ConvertFrom-JsonToConfigurationItemRequest -Json $ConfigurationItemRequest
New-BetaReassignmentConfiguration -BetaConfigurationItemRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling New-BetaReassignmentConfiguration"
Write-Host $_.ErrorDetails
}
[Back to top]
delete-reassignment-configuration
Deletes a single reassignment configuration for the specified identity
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | IdentityId | String | True | unique identity id |
| Path | ConfigType | ConfigTypeEnum | True | |
Return type
(empty response body)
Responses
| Code | Description | Data Type |
|---|
| 204 | Reassignment Configuration deleted | |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$IdentityId = "2c91808781a71ddb0181b9090b5c504e"
$ConfigType = "ACCESS_REQUESTS"
try {
Remove-BetaReassignmentConfiguration -IdentityId $IdentityId -ConfigType $ConfigType
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Remove-BetaReassignmentConfiguration"
Write-Host $_.ErrorDetails
}
[Back to top]
get-evaluate-reassignment-configuration
Evaluates the Reassignment Configuration for an Identity to determine if work items for the specified type should be reassigned. If a valid Reassignment Configuration is found for the identity & work type, then a lookup is initiated which recursively fetches the Reassignment Configuration for the next TargetIdentity until no more results are found or a max depth of 5. That lookup trail is provided in the response and the final reassigned identity in the lookup list is returned as the reassignToId property. If no Reassignment Configuration is found for the specified identity & config type then the requested Identity ID will be used as the reassignToId value and the lookupTrail node will be empty.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | IdentityId | String | True | unique identity id |
| Path | ConfigType | ConfigTypeEnum | True | Reassignment work type |
| Query | ExclusionFilters | []String | (optional) | Exclusion filters that disable parts of the reassignment evaluation. Possible values are listed below: - SELF_REVIEW_DELEGATION: This will exclude delegations of self-review reassignments |
Return type
EvaluateResponse[]
Responses
| Code | Description | Data Type |
|---|
| 200 | Evaluated Reassignment Configuration | EvaluateResponse[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$IdentityId = "2c91808781a71ddb0181b9090b5c504e"
$ConfigType = "ACCESS_REQUESTS"
$ExclusionFilters = "MyExclusionFilters"
$ExclusionFilters = @"SELF_REVIEW_DELEGATION"@
try {
Get-BetaEvaluateReassignmentConfiguration -IdentityId $IdentityId -ConfigType $ConfigType
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaEvaluateReassignmentConfiguration"
Write-Host $_.ErrorDetails
}
[Back to top]
get-reassignment-config-types
Gets a collection of types which are available in the Reassignment Configuration UI.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
Return type
ConfigType[]
Responses
| Code | Description | Data Type |
|---|
| 200 | List of Reassignment Configuration Types | ConfigType[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
try {
Get-BetaReassignmentConfigTypes
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaReassignmentConfigTypes"
Write-Host $_.ErrorDetails
}
[Back to top]
get-reassignment-configuration
Gets the Reassignment Configuration for an identity.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | IdentityId | String | True | unique identity id |
Return type
ConfigurationResponse
Responses
| Code | Description | Data Type |
|---|
| 200 | Reassignment Configuration for an identity | ConfigurationResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$IdentityId = "2c91808781a71ddb0181b9090b5c504f"
try {
Get-BetaReassignmentConfiguration -IdentityId $IdentityId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaReassignmentConfiguration"
Write-Host $_.ErrorDetails
}
[Back to top]
get-tenant-config-configuration
Gets the global Reassignment Configuration settings for the requestor's tenant.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
Return type
TenantConfigurationResponse
Responses
| Code | Description | Data Type |
|---|
| 200 | Tenant-wide Reassignment Configuration settings | TenantConfigurationResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
try {
Get-BetaTenantConfigConfiguration
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaTenantConfigConfiguration"
Write-Host $_.ErrorDetails
}
[Back to top]
list-reassignment-configurations
Gets all Reassignment configuration for the current org.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
Return type
ConfigurationResponse[]
Responses
| Code | Description | Data Type |
|---|
| 200 | A list of Reassignment Configurations for an org | ConfigurationResponse[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
try {
Get-BetaReassignmentConfigurations
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-BetaReassignmentConfigurations"
Write-Host $_.ErrorDetails
}
[Back to top]
put-reassignment-config
Replaces existing Reassignment configuration for an identity with the newly provided configuration.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | IdentityId | String | True | unique identity id |
| Body | ConfigurationItemRequest | ConfigurationItemRequest | True | |
Return type
ConfigurationItemResponse
Responses
| Code | Description | Data Type |
|---|
| 200 | Reassignment Configuration updated | ConfigurationItemResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: application/json
- Accept: application/json
Example
$IdentityId = "2c91808781a71ddb0181b9090b5c504e"
$ConfigurationItemRequest = @"{
"endDate" : "2022-07-30T17:00:00Z",
"reassignedFromId" : "2c91808781a71ddb0181b9090b5c504e",
"configType" : "ACCESS_REQUESTS",
"reassignedToId" : "2c91808781a71ddb0181b9090b53504a",
"startDate" : "2022-07-21T11:13:12.345Z"
}"@
try {
$Result = ConvertFrom-JsonToConfigurationItemRequest -Json $ConfigurationItemRequest
Send-BetaReassignmentConfig -IdentityId $IdentityId -BetaConfigurationItemRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-BetaReassignmentConfig"
Write-Host $_.ErrorDetails
}
[Back to top]
put-tenant-configuration
Replaces existing Tenant-wide Reassignment Configuration settings with the newly provided settings.
API Spec
Parameters
Return type
TenantConfigurationResponse
Responses
| Code | Description | Data Type |
|---|
| 200 | Tenant-wide Reassignment Configuration settings | TenantConfigurationResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: application/json
- Accept: application/json
Example
$TenantConfigurationRequest = @"{
"configDetails" : {
"disabled" : true
}
}"@
try {
$Result = ConvertFrom-JsonToTenantConfigurationRequest -Json $TenantConfigurationRequest
Send-BetaTenantConfiguration -BetaTenantConfigurationRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Send-BetaTenantConfiguration"
Write-Host $_.ErrorDetails
}
[Back to top]