MachineIdentities
All URIs are relative to https://sailpoint.api.identitynow.com/v2025
| Method | HTTP request | Description |
|---|---|---|
| New-V2025MachineIdentity | POST /machine-identities | Create machine identities |
| Remove-V2025MachineIdentity | DELETE /machine-identities/{id} | Delete machine identity |
| Get-V2025MachineIdentity | GET /machine-identities/{id} | Machine identity details |
| Get-V2025MachineIdentities | GET /machine-identities | List machine identities |
| Get-V2025MachineIdentityUserEntitlements | GET /machine-identity-user-entitlements | List machine identity's user entitlements |
| Start-V2025MachineIdentityAggregation | POST /sources/{sourceId}/aggregate-agents | Start Machine Identity (AI Agent) Aggregation |
| Update-V2025MachineIdentity | PATCH /machine-identities/{id} | Update a machine identity |
create-machine-identity
experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
Use this API to create a machine identity. The maximum supported length for the description field is 2000 characters.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| XSailPointExperimental | String | True (default to "true") | Use this header to enable this experimental API. | |
| Body | MachineIdentityRequest | MachineIdentityRequest | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | Machine Identity created. | MachineIdentityResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$XSailPointExperimental = "true" # String | Use this header to enable this experimental API. (default to "true")
$MachineIdentityRequest = @"{
"sourceId" : "6d28b7c1-620c-49c6-b6d5-cbf81eb4b5fa",
"created" : "2015-05-28T14:07:17Z",
"description" : "",
"owners" : {
"primaryIdentity" : "{}",
"secondaryIdentities" : [ {
"name" : "William Wilson",
"id" : "2c91808568c529c60168cca6f90c1313",
"type" : "IDENTITY"
}, {
"name" : "William Wilson",
"id" : "2c91808568c529c60168cca6f90c1313",
"type" : "IDENTITY"
} ]
},
"uuid" : "f5dd23fe-3414-42b7-bb1c-869400ad7a10",
"nativeIdentity" : "abc:123:dddd",
"subtype" : "Application",
"businessApplication" : "ADService",
"userEntitlements" : [ {
"sourceId" : "5898b7c1-620c-49c6-cccc-cbf81eb4bddd",
"entitlementId" : "6d28b7c1-620c-49c6-b6d5-cbf81eb4b5fa"
}, {
"sourceId" : "5898b7c1-620c-49c6-cccc-cbf81eb4bddd",
"entitlementId" : "6d28b7c1-620c-49c6-b6d5-cbf81eb4b5fa"
} ],
"name" : "aName",
"modified" : "2015-05-28T14:07:17Z",
"attributes" : "{\"Region\":\"EU\"}",
"id" : "id12345"
}"@
# Create machine identities
try {
$Result = ConvertFrom-JsonToMachineIdentityRequest -Json $MachineIdentityRequest
New-V2025MachineIdentity -XSailPointExperimental $XSailPointExperimental -MachineIdentityRequest $Result
# Below is a request that includes all optional parameters
# New-V2025MachineIdentity -XSailPointExperimental $XSailPointExperimental -MachineIdentityRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling New-V2025MachineIdentity"
Write-Host $_.ErrorDetails
}
delete-machine-identity
experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
The API returns successful response if the requested machine identity was deleted.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Id | String | True | Machine Identity ID |
| XSailPointExperimental | String | True (default to "true") | Use this header to enable this experimental API. |
Return type
(empty response body)
Responses
| Code | Description | Data Type |
|---|---|---|
| 204 | No content - indicates the request was successful but there is no content to be returned in the response. | |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Id = "ef38f94347e94562b5bb8424a56397d8" # String | Machine Identity ID
$XSailPointExperimental = "true" # String | Use this header to enable this experimental API. (default to "true")
# Delete machine identity
try {
Remove-V2025MachineIdentity -Id $Id -XSailPointExperimental $XSailPointExperimental
# Below is a request that includes all optional parameters
# Remove-V2025MachineIdentity -Id $Id -XSailPointExperimental $XSailPointExperimental
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Remove-V2025MachineIdentity"
Write-Host $_.ErrorDetails
}
get-machine-identity
experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
This API returns a single machine identity using the Machine Identity ID.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Id | String | True | Machine Identity ID |
| XSailPointExperimental | String | True (default to "true") | Use this header to enable this experimental API. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | A machine identity object | MachineIdentityResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Id = "ef38f94347e94562b5bb8424a56397d8" # String | Machine Identity ID
$XSailPointExperimental = "true" # String | Use this header to enable this experimental API. (default to "true")
# Machine identity details
try {
Get-V2025MachineIdentity -Id $Id -XSailPointExperimental $XSailPointExperimental
# Below is a request that includes all optional parameters
# Get-V2025MachineIdentity -Id $Id -XSailPointExperimental $XSailPointExperimental
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2025MachineIdentity"
Write-Host $_.ErrorDetails
}
list-machine-identities
experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
This API returns a list of machine identities.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| XSailPointExperimental | String | True (default to "true") | Use this header to enable this experimental API. | |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: id: eq, in, sw displayName: eq, in, sw cisIdentityId: eq, in, sw businessApplication: eq, in, sw attributes: eq manuallyEdited: eq subtype: eq, in owners.primaryIdentity.id: eq, in, sw owners.primaryIdentity.name: eq, in, isnull, pr owners.secondaryIdentity.id: eq, in, sw owners.secondaryIdentity.name: eq, in, isnull, pr source.name: eq, in, sw source.id: eq, in entitlement.id: eq, in entitlement.name: eq, in, sw |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: businessApplication, name, source.name |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | List of machine identities. | MachineIdentityResponse[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$XSailPointExperimental = "true" # String | Use this header to enable this experimental API. (default to "true")
$Filters = 'identityId eq "2c9180858082150f0180893dbaf44201"' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in, sw* **displayName**: *eq, in, sw* **cisIdentityId**: *eq, in, sw* **businessApplication**: *eq, in, sw* **attributes**: *eq* **manuallyEdited**: *eq* **subtype**: *eq, in* **owners.primaryIdentity.id**: *eq, in, sw* **owners.primaryIdentity.name**: *eq, in, isnull, pr* **owners.secondaryIdentity.id**: *eq, in, sw* **owners.secondaryIdentity.name**: *eq, in, isnull, pr* **source.name**: *eq, in, sw* **source.id**: *eq, in* **entitlement.id**: *eq, in* **entitlement.name**: *eq, in, sw* (optional)
$Sorters = "businessApplication" # String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **businessApplication, name, source.name** (optional)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
# List machine identities
try {
Get-V2025MachineIdentities -XSailPointExperimental $XSailPointExperimental
# Below is a request that includes all optional parameters
# Get-V2025MachineIdentities -XSailPointExperimental $XSailPointExperimental -Filters $Filters -Sorters $Sorters -Count $Count -Limit $Limit -Offset $Offset
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2025MachineIdentities"
Write-Host $_.ErrorDetails
}
list-machine-identity-user-entitlements
experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
This API returns a list of user entitlements associated with machine identities.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| XSailPointExperimental | String | True (default to "true") | Use this header to enable this experimental API. | |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: machineIdentityId: eq, in machineIdentityName: eq, in, sw entitlement.id: eq, in entitlement.name: eq, in, sw source.id: eq, in source.name: eq, in, sw |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: machineIdentityName, entitlement.name, source.name |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
Return type
MachineIdentityUserEntitlementResponse[]
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | List of machine identity user entitlements. | MachineIdentityUserEntitlementResponse[] |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$XSailPointExperimental = "true" # String | Use this header to enable this experimental API. (default to "true")
$Filters = 'machineIdentityId eq "2c9180858082150f0180893dbaf44201"' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **machineIdentityId**: *eq, in* **machineIdentityName**: *eq, in, sw* **entitlement.id**: *eq, in* **entitlement.name**: *eq, in, sw* **source.id**: *eq, in* **source.name**: *eq, in, sw* (optional)
$Sorters = "machineIdentityName" # String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **machineIdentityName, entitlement.name, source.name** (optional)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
# List machine identity's user entitlements
try {
Get-V2025MachineIdentityUserEntitlements -XSailPointExperimental $XSailPointExperimental
# Below is a request that includes all optional parameters
# Get-V2025MachineIdentityUserEntitlements -XSailPointExperimental $XSailPointExperimental -Filters $Filters -Sorters $Sorters -Count $Count -Limit $Limit -Offset $Offset
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-V2025MachineIdentityUserEntitlements"
Write-Host $_.ErrorDetails
}
start-machine-identity-aggregation
experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
Use this API to aggregate machine identities (AI Agents).
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| XSailPointExperimental | String | True (default to "true") | Use this header to enable this experimental API. | |
| Body | MachineIdentityAggregationRequest | MachineIdentityAggregationRequest | True |
Return type
MachineIdentityAggregationResponse
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | Machine Identity Aggregation was started successfully. | MachineIdentityAggregationResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$XSailPointExperimental = "true" # String | Use this header to enable this experimental API. (default to "true")
$MachineIdentityAggregationRequest = @"{
"datasetIds" : [ "source:datasetId12345", "source:datasetId12345" ]
}"@
# Start Machine Identity (AI Agent) Aggregation
try {
$Result = ConvertFrom-JsonToMachineIdentityAggregationRequest -Json $MachineIdentityAggregationRequest
Start-V2025MachineIdentityAggregation -XSailPointExperimental $XSailPointExperimental -MachineIdentityAggregationRequest $Result
# Below is a request that includes all optional parameters
# Start-V2025MachineIdentityAggregation -XSailPointExperimental $XSailPointExperimental -MachineIdentityAggregationRequest $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Start-V2025MachineIdentityAggregation"
Write-Host $_.ErrorDetails
}
update-machine-identity
experimental
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.
Use this API to update machine identity details.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | Id | String | True | Machine Identity ID. |
| XSailPointExperimental | String | True (default to "true") | Use this header to enable this experimental API. | |
| Body | RequestBody | []SystemCollectionsHashtable | True | A JSON of updated values JSON Patch standard. |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | Updated Machine Identity object. | MachineIdentityResponse |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessProfiles401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessProfiles429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto |
HTTP request headers
- Content-Type: application/json-patch+json
- Accept: application/json
Example
$Id = "ef38f94347e94562b5bb8424a56397d8" # String | Machine Identity ID.
$XSailPointExperimental = "true" # String | Use this header to enable this experimental API. (default to "true")
$RequestBody = # SystemCollectionsHashtable[] | A JSON of updated values [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
$RequestBody = @"[{op=add, path=/attributes/securityRisk, value=medium}]"@ # SystemCollectionsHashtable[] | A JSON of updated values [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
# Update a machine identity
try {
$Result = ConvertFrom-JsonToRequestBody -Json $RequestBody
Update-V2025MachineIdentity -Id $Id -XSailPointExperimental $XSailPointExperimental -RequestBody $Result
# Below is a request that includes all optional parameters
# Update-V2025MachineIdentity -Id $Id -XSailPointExperimental $XSailPointExperimental -RequestBody $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-V2025MachineIdentity"
Write-Host $_.ErrorDetails
}