Use this API to implement identity profile functionality.
With this functionality in place, administrators can view identity profiles and their configurations.
Identity profiles represent the configurations that can be applied to identities as a way of granting them a set of security and access, as well as defining the mappings between their identity attributes and their source attributes.
In Identity Security Cloud, administrators can use the Identities drop-down menu and select Identity Profiles to view the list of identity profiles.
This list shows some details about each identity profile, along with its status.
They can select an identity profile to view its settings, its mappings between identity attributes and correlating source account attributes, and its provisioning settings.
Refer to Creating Identity Profiles for more information about identity profiles.
All URIs are relative to https://sailpoint.api.identitynow.com/v2024
create-identity-profile
This creates an Identity Profile.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Body | IdentityProfile | IdentityProfile | True | |
Return type
IdentityProfile
Responses
| Code | Description | Data Type |
|---|
| 201 | The created Identity Profile | IdentityProfile |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: application/json
- Accept: application/json
Example
$IdentityProfile = @"{
"owner" : {
"name" : "William Wilson",
"id" : "2c9180835d191a86015d28455b4b232a",
"type" : "IDENTITY"
},
"identityExceptionReportReference" : {
"reportName" : "My annual report",
"taskResultId" : "2b838de9-db9b-abcf-e646-d4f274ad4238"
},
"authoritativeSource" : {
"name" : "HR Active Directory",
"id" : "2c9180835d191a86015d28455b4b232a",
"type" : "SOURCE"
},
"hasTimeBasedAttr" : true,
"created" : "2015-05-28T14:07:17Z",
"description" : "My custom flat file profile",
"identityRefreshRequired" : true,
"identityCount" : 8,
"priority" : 10,
"identityAttributeConfig" : {
"attributeTransforms" : [ {
"transformDefinition" : {
"attributes" : {
"attributeName" : "e-mail",
"sourceName" : "MySource",
"sourceId" : "2c9180877a826e68017a8c0b03da1a53"
},
"type" : "accountAttribute"
},
"identityAttributeName" : "email"
}, {
"transformDefinition" : {
"attributes" : {
"attributeName" : "e-mail",
"sourceName" : "MySource",
"sourceId" : "2c9180877a826e68017a8c0b03da1a53"
},
"type" : "accountAttribute"
},
"identityAttributeName" : "email"
} ],
"enabled" : true
},
"name" : "aName",
"modified" : "2015-05-28T14:07:17Z",
"id" : "id12345"
}"@
try {
$Result = ConvertFrom-JsonToIdentityProfile -Json $IdentityProfile
New-V2024IdentityProfile -V2024IdentityProfile $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling New-V2024IdentityProfile"
Write-Host $_.ErrorDetails
}
[Back to top]
delete-identity-profile
This deletes an Identity Profile based on ID.
On success, this endpoint will return a reference to the bulk delete task result.
The following rights are required to access this endpoint: idn:identity-profile:delete
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | IdentityProfileId | String | True | The Identity Profile ID. |
Return type
TaskResultSimplified
Responses
| Code | Description | Data Type |
|---|
| 202 | Accepted - Returns a TaskResult object referencing the bulk delete job created. | TaskResultSimplified |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$IdentityProfileId = "ef38f94347e94562b5bb8424a56397d8"
try {
Remove-V2024IdentityProfile -IdentityProfileId $IdentityProfileId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Remove-V2024IdentityProfile"
Write-Host $_.ErrorDetails
}
[Back to top]
delete-identity-profiles
This deletes multiple Identity Profiles via a list of supplied IDs.
On success, this endpoint will return a reference to the bulk delete task result.
The following rights are required to access this endpoint: idn:identity-profile:delete
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Body | RequestBody | []String | True | Identity Profile bulk delete request body. |
Return type
TaskResultSimplified
Responses
| Code | Description | Data Type |
|---|
| 202 | Accepted - Returns a TaskResult object referencing the bulk delete job created. | TaskResultSimplified |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: application/json
- Accept: application/json
Example
$RequestBody = "MyRequestBody"
$RequestBody = @""@
try {
$Result = ConvertFrom-JsonToRequestBody -Json $RequestBody
Remove-V2024IdentityProfiles -RequestBody $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Remove-V2024IdentityProfiles"
Write-Host $_.ErrorDetails
}
[Back to top]
export-identity-profiles
This exports existing identity profiles in the format specified by the sp-config service.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: id: eq, ne name: eq, ne priority: eq, ne |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: id, name, priority |
Return type
IdentityProfileExportedObject[]
Responses
| Code | Description | Data Type |
|---|
| 200 | List of export objects with identity profiles. | IdentityProfileExportedObject[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$Limit = 250
$Offset = 0
$Count = $true
$Filters = 'id eq "ef38f94347e94562b5bb8424a56397d8"'
$Sorters = "id,name"
try {
Export-V2024IdentityProfiles
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Export-V2024IdentityProfiles"
Write-Host $_.ErrorDetails
}
[Back to top]
get-default-identity-attribute-config
This returns the default identity attribute config.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | IdentityProfileId | String | True | The Identity Profile ID. |
Return type
IdentityAttributeConfig
Responses
| Code | Description | Data Type |
|---|
| 200 | An Identity Attribute Config object. | IdentityAttributeConfig |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$IdentityProfileId = "2b838de9-db9b-abcf-e646-d4f274ad4238"
try {
Get-V2024DefaultIdentityAttributeConfig -IdentityProfileId $IdentityProfileId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2024DefaultIdentityAttributeConfig"
Write-Host $_.ErrorDetails
}
[Back to top]
get-identity-profile
This returns a single Identity Profile based on ID.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | IdentityProfileId | String | True | The Identity Profile ID. |
Return type
IdentityProfile
Responses
| Code | Description | Data Type |
|---|
| 200 | An Identity Profile object. | IdentityProfile |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$IdentityProfileId = "2b838de9-db9b-abcf-e646-d4f274ad4238"
try {
Get-V2024IdentityProfile -IdentityProfileId $IdentityProfileId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2024IdentityProfile"
Write-Host $_.ErrorDetails
}
[Back to top]
import-identity-profiles
This imports previously exported identity profiles.
API Spec
Parameters
Return type
ObjectImportResult
Responses
| Code | Description | Data Type |
|---|
| 200 | The result of importing Identity Profiles. | ObjectImportResult |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: application/json
- Accept: application/json
Example
$IdentityProfileExportedObject = @"{
"self" : {
"name" : "HR Active Directory",
"id" : "2c9180835d191a86015d28455b4b232a",
"type" : "SOURCE"
},
"version" : 1,
"object" : {
"owner" : {
"name" : "William Wilson",
"id" : "2c9180835d191a86015d28455b4b232a",
"type" : "IDENTITY"
},
"identityExceptionReportReference" : {
"reportName" : "My annual report",
"taskResultId" : "2b838de9-db9b-abcf-e646-d4f274ad4238"
},
"authoritativeSource" : {
"name" : "HR Active Directory",
"id" : "2c9180835d191a86015d28455b4b232a",
"type" : "SOURCE"
},
"hasTimeBasedAttr" : true,
"created" : "2015-05-28T14:07:17Z",
"description" : "My custom flat file profile",
"identityRefreshRequired" : true,
"identityCount" : 8,
"priority" : 10,
"identityAttributeConfig" : {
"attributeTransforms" : [ {
"transformDefinition" : {
"attributes" : {
"attributeName" : "e-mail",
"sourceName" : "MySource",
"sourceId" : "2c9180877a826e68017a8c0b03da1a53"
},
"type" : "accountAttribute"
},
"identityAttributeName" : "email"
}, {
"transformDefinition" : {
"attributes" : {
"attributeName" : "e-mail",
"sourceName" : "MySource",
"sourceId" : "2c9180877a826e68017a8c0b03da1a53"
},
"type" : "accountAttribute"
},
"identityAttributeName" : "email"
} ],
"enabled" : true
},
"name" : "aName",
"modified" : "2015-05-28T14:07:17Z",
"id" : "id12345"
}
}"@
try {
$Result = ConvertFrom-JsonToIdentityProfileExportedObject -Json $IdentityProfileExportedObject
Import-V2024IdentityProfiles -V2024IdentityProfileExportedObject $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Import-V2024IdentityProfiles"
Write-Host $_.ErrorDetails
}
[Back to top]
list-identity-profiles
This returns a list of Identity Profiles based on the specified query parameters.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: id: eq, ne, ge, gt, in, le, lt, isnull, sw name: eq, ne, ge, gt, in, le, lt, isnull, sw priority: eq, ne |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: id, name, priority, created, modified, owner.id, owner.name |
Return type
IdentityProfile[]
Responses
| Code | Description | Data Type |
|---|
| 200 | List of identityProfiles. | IdentityProfile[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$Limit = 250
$Offset = 0
$Count = $true
$Filters = 'id eq "ef38f94347e94562b5bb8424a56397d8"'
$Sorters = "id,name"
try {
Get-V2024IdentityProfiles
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2024IdentityProfiles"
Write-Host $_.ErrorDetails
}
[Back to top]
show-identity-preview
Use this API to generate a non-persisted preview of the identity object after applying IdentityAttributeConfig sent in request body.
This API only allows accountAttribute, reference and rule transform types in the IdentityAttributeConfig sent in the request body.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Body | IdentityPreviewRequest | IdentityPreviewRequest | True | Identity Preview request body. |
Return type
IdentityPreviewResponse
Responses
| Code | Description | Data Type |
|---|
| 200 | A preview of the identity attributes after applying identity attributes config sent in request body. | IdentityPreviewResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: application/json
- Accept: application/json
Example
$IdentityPreviewRequest = @"{
"identityId" : "046b6c7f-0b8a-43b9-b35d-6489e6daee91",
"identityAttributeConfig" : {
"attributeTransforms" : [ {
"transformDefinition" : {
"attributes" : {
"attributeName" : "e-mail",
"sourceName" : "MySource",
"sourceId" : "2c9180877a826e68017a8c0b03da1a53"
},
"type" : "accountAttribute"
},
"identityAttributeName" : "email"
}, {
"transformDefinition" : {
"attributes" : {
"attributeName" : "e-mail",
"sourceName" : "MySource",
"sourceId" : "2c9180877a826e68017a8c0b03da1a53"
},
"type" : "accountAttribute"
},
"identityAttributeName" : "email"
} ],
"enabled" : true
}
}"@
try {
$Result = ConvertFrom-JsonToIdentityPreviewRequest -Json $IdentityPreviewRequest
Show-V2024IdentityPreview -V2024IdentityPreviewRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Show-V2024IdentityPreview"
Write-Host $_.ErrorDetails
}
[Back to top]
sync-identity-profile
Process identities under the profile
This operation should not be used to schedule your own identity processing or to perform system wide identity refreshes. The system will use a combination of event-based processing and scheduled processing that runs every day at 8:00 AM and 8:00 PM in the tenant's timezone to keep your identities synchronized.
This should only be run on identity profiles that have the identityRefreshRequired attribute set to true. If identityRefreshRequired is false, then there is no benefit to running this operation. Typically, this operation is performed when a change is made to the identity profile or its related lifecycle states that requires a refresh.
This operation will perform the following activities on all identities under the identity profile.
- Updates identity attribute according to the identity profile mappings. 2. Determines the identity's correct manager through manager correlation. 3. Updates the identity's access according to their assigned lifecycle state. 4. Updates the identity's access based on role assignment criteria.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | IdentityProfileId | String | True | The Identity Profile ID to be processed |
Return type
SystemCollectionsHashtable
Responses
| Code | Description | Data Type |
|---|
| 202 | Accepted - Returned if the request was successfully accepted into the system. | SystemCollectionsHashtable |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: Not defined
- Accept: application/json
Example
$IdentityProfileId = "ef38f94347e94562b5bb8424a56397d8"
try {
Sync-V2024IdentityProfile -IdentityProfileId $IdentityProfileId
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Sync-V2024IdentityProfile"
Write-Host $_.ErrorDetails
}
[Back to top]
update-identity-profile
This updates the specified Identity Profile.
Some fields of the Schema cannot be updated. These fields are listed below:
- id
- name
- created
- modified
- identityCount
- identityRefreshRequired
- Authoritative Source and Identity Attribute Configuration cannot be modified at once.
API Spec
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|
| Path | IdentityProfileId | String | True | The Identity Profile ID |
| Body | JsonPatchOperation | []JsonPatchOperation | True | A list of Identity Profile update operations according to the JSON Patch standard. |
Return type
IdentityProfile
Responses
| Code | Description | Data Type |
|---|
| 200 | The updated Identity Profile. | IdentityProfile |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
- Content-Type: application/json-patch+json
- Accept: application/json
Example
$IdentityProfileId = "ef38f94347e94562b5bb8424a56397d8"
$JsonPatchOperation = @"{
"op" : "replace",
"path" : "/description",
"value" : "New description"
}"@
try {
$Result = ConvertFrom-JsonToJsonPatchOperation -Json $JsonPatchOperation
Update-V2024IdentityProfile -IdentityProfileId $IdentityProfileId -V2024JsonPatchOperation $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-V2024IdentityProfile"
Write-Host $_.ErrorDetails
}
[Back to top]