sailpoint.beta.AccountsApi
Use this API to implement and customize account functionality. With this functionality in place, administrators can manage users' access across sources in Identity Security Cloud.
In Identity Security Cloud, an account refers to a user's account on a supported source. This typically includes a unique identifier for the user, a unique password, a set of permissions associated with the source and a set of attributes. Identity Security Cloud loads accounts through the creation of sources in Identity Security Cloud.
Administrators can correlate users' identities with the users' accounts on the different sources they use. This allows Identity Security Cloud to govern the access of identities and all their correlated accounts securely and cohesively.
To view the accounts on a source and their correlated identities, administrators can use the Connections drop-down menu, select Sources, select the relevant source, and select its Account tab.
To view and edit source account statuses for an identity in Identity Security Cloud, administrators can use the Identities drop-down menu, select Identity List, select the relevant identity, and select its Accounts tab. Administrators can toggle an account's Actions to aggregate the account, enable/disable it, unlock it, or remove it from the identity.
Accounts can have the following statuses:
-
Enabled: The account is enabled. The user can access it.
-
Disabled: The account is disabled, and the user cannot access it, but the identity is not disabled in Identity Security Cloud. This can occur when an administrator disables the account or when the user's lifecycle state changes.
-
Locked: The account is locked. This may occur when someone has entered an incorrect password for the account too many times.
-
Pending: The account is currently updating. This status typically lasts seconds.
Administrators can select the source account to view its attributes, entitlements, and the last time the account's password was changed.
Refer to Managing User Accounts for more information about accounts.
All URIs are relative to https://sailpoint.api.identitynow.com/beta
| Method | HTTP request | Description |
|---|---|---|
| create-account | POST /accounts | Create Account |
| delete-account | DELETE /accounts/{id} | Delete Account |
| delete-account-async | POST /accounts/{id}/remove | Remove Account |
| disable-account | POST /accounts/{id}/disable | Disable Account |
| disable-account-for-identity | POST /identities-accounts/{id}/disable | Disable IDN Account for Identity |
| disable-accounts-for-identities | POST /identities-accounts/disable | Disable IDN Accounts for Identities |
| enable-account | POST /accounts/{id}/enable | Enable Account |
| enable-account-for-identity | POST /identities-accounts/{id}/enable | Enable IDN Account for Identity |
| enable-accounts-for-identities | POST /identities-accounts/enable | Enable IDN Accounts for Identities |
| get-account | GET /accounts/{id} | Account Details |
| get-account-entitlements | GET /accounts/{id}/entitlements | Account Entitlements |
| list-accounts | GET /accounts | Accounts List |
| put-account | PUT /accounts/{id} | Update Account |
| submit-reload-account | POST /accounts/{id}/reload | Reload Account |
| unlock-account | POST /accounts/{id}/unlock | Unlock Account |
| update-account | PATCH /accounts/{id} | Update Account |
create-account
Create Account Submits an account creation task - the API then returns the task ID.
The sourceId where this account will be created must be included in the attributes object.
This endpoint creates an account on the source record in your ISC tenant.
This is useful for Flat File (DelimitedFile) type sources because it allows you to aggregate new accounts without needing to import a new CSV file every time.
However, if you use this endpoint to create an account for a Direct Connection type source, you must ensure that the account also exists on the target source. The endpoint doesn't actually provision the account on the target source, which means that if the account doesn't also exist on the target source, an aggregation between the source and your tenant will remove it from your tenant.
By providing the account ID of an existing account in the request body, this API will function as a PATCH operation and update the account.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | account_attributes_create | AccountAttributesCreate | True |
Return type
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 202 | Async task details. | AccountsAsyncResult | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.account_attributes_create import AccountAttributesCreate
from sailpoint.beta.models.accounts_async_result import AccountsAsyncResult
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
account_attributes_create = '''{
"attributes" : {
"sourceId" : "34bfcbe116c9407464af37acbaf7a4dc",
"city" : "Austin",
"displayName" : "John Doe",
"userName" : "jdoe",
"sAMAccountName" : "jDoe",
"mail" : "[email protected]"
}
}''' # AccountAttributesCreate |
try:
# Create Account
new_account_attributes_create = AccountAttributesCreate.from_json(account_attributes_create)
results = AccountsApi(api_client).create_account(account_attributes_create=new_account_attributes_create)
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).create_account(new_account_attributes_create)
print("The response of AccountsApi->create_account:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->create_account: %s\n" % e)
delete-account
Delete Account Use this API to delete an account. This endpoint submits an account delete task and returns the task ID. This endpoint only deletes the account from IdentityNow, not the source itself, which can result in the account's returning with the next aggregation between the source and IdentityNow. To avoid this scenario, it is recommended that you disable accounts rather than delete them. This will also allow you to reenable the accounts in the future. A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
NOTE: You can only delete accounts from sources of the "DelimitedFile" type.**
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | id | str | True | Account ID. |
Return type
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 202 | Async task details. | AccountsAsyncResult | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.accounts_async_result import AccountsAsyncResult
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
id = 'ef38f94347e94562b5bb8424a56397d8' # str | Account ID. # str | Account ID.
try:
# Delete Account
results = AccountsApi(api_client).delete_account(id=id)
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).delete_account(id)
print("The response of AccountsApi->delete_account:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->delete_account: %s\n" % e)
delete-account-async
Remove Account Use this endpoint to remove accounts from the system without provisioning changes to the source. Accounts that are removed could be re-created during the next aggregation.
This endpoint is good for:
- Removing accounts that no longer exist on the source.
- Removing accounts that won't be aggregated following updates to the source configuration.
- Forcing accounts to be re-created following the next aggregation to re-run account processing, support testing, etc.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | id | str | True | The account id |
Return type
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 202 | Accepted. Returns task result details of removal request. | TaskResultDto | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.task_result_dto import TaskResultDto
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
id = 'c350d6aa4f104c61b062cb632421ad10' # str | The account id # str | The account id
try:
# Remove Account
results = AccountsApi(api_client).delete_account_async(id=id)
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).delete_account_async(id)
print("The response of AccountsApi->delete_account_async:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->delete_account_async: %s\n" % e)
disable-account
Disable Account
This API submits a task to disable the account and returns the task ID.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | id | str | True | The account id |
| Body | account_toggle_request | AccountToggleRequest | True |
Return type
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 202 | Async task details | AccountsAsyncResult | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.account_toggle_request import AccountToggleRequest
from sailpoint.beta.models.accounts_async_result import AccountsAsyncResult
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
id = 'ef38f94347e94562b5bb8424a56397d8' # str | The account id # str | The account id
account_toggle_request = '''{
"forceProvisioning" : false,
"externalVerificationId" : "3f9180835d2e5168015d32f890ca1581"
}''' # AccountToggleRequest |
try:
# Disable Account
new_account_toggle_request = AccountToggleRequest.from_json(account_toggle_request)
results = AccountsApi(api_client).disable_account(id=id, account_toggle_request=new_account_toggle_request)
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).disable_account(id, new_account_toggle_request)
print("The response of AccountsApi->disable_account:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->disable_account: %s\n" % e)
disable-account-for-identity
Disable IDN Account for Identity This API submits a task to disable IDN account for a single identity.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | id | str | True | The identity id. |
Return type
object
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 202 | Accepted - Returned if the request was successfully accepted into the system. | object | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
id = '2c91808384203c2d018437e631158309' # str | The identity id. # str | The identity id.
try:
# Disable IDN Account for Identity
results = AccountsApi(api_client).disable_account_for_identity(id=id)
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).disable_account_for_identity(id)
print("The response of AccountsApi->disable_account_for_identity:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->disable_account_for_identity: %s\n" % e)
disable-accounts-for-identities
Disable IDN Accounts for Identities This API submits tasks to disable IDN account for each identity provided in the request body.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | identities_accounts_bulk_request | IdentitiesAccountsBulkRequest | True |
Return type
List[BulkIdentitiesAccountsResponse]
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 207 | Bulk response details. | List[BulkIdentitiesAccountsResponse] | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.bulk_identities_accounts_response import BulkIdentitiesAccountsResponse
from sailpoint.beta.models.identities_accounts_bulk_request import IdentitiesAccountsBulkRequest
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
identities_accounts_bulk_request = '''{
"identityIds" : [ "2c91808384203c2d018437e631158308", "2c9180858082150f0180893dbaf553fe" ]
}''' # IdentitiesAccountsBulkRequest |
try:
# Disable IDN Accounts for Identities
new_identities_accounts_bulk_request = IdentitiesAccountsBulkRequest.from_json(identities_accounts_bulk_request)
results = AccountsApi(api_client).disable_accounts_for_identities(identities_accounts_bulk_request=new_identities_accounts_bulk_request)
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).disable_accounts_for_identities(new_identities_accounts_bulk_request)
print("The response of AccountsApi->disable_accounts_for_identities:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->disable_accounts_for_identities: %s\n" % e)
enable-account
Enable Account
This API submits a task to enable account and returns the task ID.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | id | str | True | The account id |
| Body | account_toggle_request | AccountToggleRequest | True |
Return type
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 202 | Async task details | AccountsAsyncResult | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.account_toggle_request import AccountToggleRequest
from sailpoint.beta.models.accounts_async_result import AccountsAsyncResult
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
id = 'ef38f94347e94562b5bb8424a56397d8' # str | The account id # str | The account id
account_toggle_request = '''{
"forceProvisioning" : false,
"externalVerificationId" : "3f9180835d2e5168015d32f890ca1581"
}''' # AccountToggleRequest |
try:
# Enable Account
new_account_toggle_request = AccountToggleRequest.from_json(account_toggle_request)
results = AccountsApi(api_client).enable_account(id=id, account_toggle_request=new_account_toggle_request)
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).enable_account(id, new_account_toggle_request)
print("The response of AccountsApi->enable_account:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->enable_account: %s\n" % e)
enable-account-for-identity
Enable IDN Account for Identity This API submits a task to enable IDN account for a single identity.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | id | str | True | The identity id. |
Return type
object
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 202 | Accepted - Returned if the request was successfully accepted into the system. | object | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
id = '2c91808384203c2d018437e631158309' # str | The identity id. # str | The identity id.
try:
# Enable IDN Account for Identity
results = AccountsApi(api_client).enable_account_for_identity(id=id)
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).enable_account_for_identity(id)
print("The response of AccountsApi->enable_account_for_identity:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->enable_account_for_identity: %s\n" % e)
enable-accounts-for-identities
Enable IDN Accounts for Identities This API submits tasks to enable IDN account for each identity provided in the request body.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | identities_accounts_bulk_request | IdentitiesAccountsBulkRequest | True |
Return type
List[BulkIdentitiesAccountsResponse]
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 207 | Bulk response details. | List[BulkIdentitiesAccountsResponse] | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.bulk_identities_accounts_response import BulkIdentitiesAccountsResponse
from sailpoint.beta.models.identities_accounts_bulk_request import IdentitiesAccountsBulkRequest
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
identities_accounts_bulk_request = '''{
"identityIds" : [ "2c91808384203c2d018437e631158308", "2c9180858082150f0180893dbaf553fe" ]
}''' # IdentitiesAccountsBulkRequest |
try:
# Enable IDN Accounts for Identities
new_identities_accounts_bulk_request = IdentitiesAccountsBulkRequest.from_json(identities_accounts_bulk_request)
results = AccountsApi(api_client).enable_accounts_for_identities(identities_accounts_bulk_request=new_identities_accounts_bulk_request)
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).enable_accounts_for_identities(new_identities_accounts_bulk_request)
print("The response of AccountsApi->enable_accounts_for_identities:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->enable_accounts_for_identities: %s\n" % e)
get-account
Account Details
Use this API to return the details for a single account by its ID.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | id | str | True | Account ID. |
Return type
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 200 | Account object. | Account | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.account import Account
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
id = 'ef38f94347e94562b5bb8424a56397d8' # str | Account ID. # str | Account ID.
try:
# Account Details
results = AccountsApi(api_client).get_account(id=id)
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).get_account(id)
print("The response of AccountsApi->get_account:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->get_account: %s\n" % e)
get-account-entitlements
Account Entitlements
This API returns entitlements of the account.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | id | str | True | The account id |
| Query | offset | int | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | limit | int | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | count | bool | (optional) (default to False) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
Return type
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 200 | An array of account entitlements | List[Entitlement] | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.entitlement import Entitlement
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
id = 'ef38f94347e94562b5bb8424a56397d8' # str | The account id # str | The account id
offset = 0 # int | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0) # int | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
limit = 250 # int | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250) # int | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
count = False # bool | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to False) # bool | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to False)
try:
# Account Entitlements
results = AccountsApi(api_client).get_account_entitlements(id=id)
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).get_account_entitlements(id, offset, limit, count)
print("The response of AccountsApi->get_account_entitlements:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->get_account_entitlements: %s\n" % e)
list-accounts
Accounts List List accounts.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Query | detail_level | str | (optional) | This value determines whether the API provides SLIM or increased level of detail (FULL) for each account in the returned list. FULL is the default behavior. |
| Query | limit | int | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | offset | int | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | count | bool | (optional) (default to False) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
| Query | filters | str | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: id: eq, in, sw identityId: eq, in, sw name: eq, in, sw nativeIdentity: eq, in, sw sourceId: eq, in, sw uncorrelated: eq entitlements: eq origin: eq, in manuallyCorrelated: eq hasEntitlements: eq identity.name: eq, in, sw identity.correlated: eq identity.identityState: eq, in source.displayableName: eq, in source.authoritative: eq source.connectionType: eq, in recommendation.method: eq, in, isnull created: eq, ge, gt, le modified: eq, ge, gt, le, lt |
| Query | sorters | str | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: id, name, created, modified, sourceId, identityId, nativeIdentity, uuid, manuallyCorrelated, hasEntitlements, entitlements, origin, identity.name, identity.identityState, identity.correlated, source.displayableName, source.authoritative, source.connectionType, sourceOwner.name |
Return type
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 200 | List of account objects. | List[Account] | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.account import Account
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
detail_level = 'FULL' # str | This value determines whether the API provides `SLIM` or increased level of detail (`FULL`) for each account in the returned list. `FULL` is the default behavior. (optional) # str | This value determines whether the API provides `SLIM` or increased level of detail (`FULL`) for each account in the returned list. `FULL` is the default behavior. (optional)
limit = 250 # int | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250) # int | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
offset = 0 # int | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0) # int | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
count = False # bool | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to False) # bool | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to False)
filters = 'identityId eq \"2c9180858082150f0180893dbaf44201\"' # str | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in, sw* **identityId**: *eq, in, sw* **name**: *eq, in, sw* **nativeIdentity**: *eq, in, sw* **sourceId**: *eq, in, sw* **uncorrelated**: *eq* **entitlements**: *eq* **origin**: *eq, in* **manuallyCorrelated**: *eq* **hasEntitlements**: *eq* **identity.name**: *eq, in, sw* **identity.correlated**: *eq* **identity.identityState**: *eq, in* **source.displayableName**: *eq, in* **source.authoritative**: *eq* **source.connectionType**: *eq, in* **recommendation.method**: *eq, in, isnull* **created**: *eq, ge, gt, le* **modified**: *eq, ge, gt, le, lt* (optional) # str | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **id**: *eq, in, sw* **identityId**: *eq, in, sw* **name**: *eq, in, sw* **nativeIdentity**: *eq, in, sw* **sourceId**: *eq, in, sw* **uncorrelated**: *eq* **entitlements**: *eq* **origin**: *eq, in* **manuallyCorrelated**: *eq* **hasEntitlements**: *eq* **identity.name**: *eq, in, sw* **identity.correlated**: *eq* **identity.identityState**: *eq, in* **source.displayableName**: *eq, in* **source.authoritative**: *eq* **source.connectionType**: *eq, in* **recommendation.method**: *eq, in, isnull* **created**: *eq, ge, gt, le* **modified**: *eq, ge, gt, le, lt* (optional)
sorters = 'id,name' # str | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, sourceId, identityId, nativeIdentity, uuid, manuallyCorrelated, hasEntitlements, entitlements, origin, identity.name, identity.identityState, identity.correlated, source.displayableName, source.authoritative, source.connectionType, sourceOwner.name** (optional) # str | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, name, created, modified, sourceId, identityId, nativeIdentity, uuid, manuallyCorrelated, hasEntitlements, entitlements, origin, identity.name, identity.identityState, identity.correlated, source.displayableName, source.authoritative, source.connectionType, sourceOwner.name** (optional)
try:
# Accounts List
results = AccountsApi(api_client).list_accounts()
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).list_accounts(detail_level, limit, offset, count, filters, sorters)
print("The response of AccountsApi->list_accounts:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->list_accounts: %s\n" % e)
put-account
Update Account Use this API to update an account with a PUT request.
This endpoint submits an account update task and returns the task ID.
A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
Note: You can only use this PUT endpoint to update accounts from flat file sources.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | id | str | True | Account ID. |
| Body | account_attributes | AccountAttributes | True |
Return type
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 202 | Async task details. | AccountsAsyncResult | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.account_attributes import AccountAttributes
from sailpoint.beta.models.accounts_async_result import AccountsAsyncResult
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
id = 'ef38f94347e94562b5bb8424a56397d8' # str | Account ID. # str | Account ID.
account_attributes = '''{
"attributes" : {
"city" : "Austin",
"displayName" : "John Doe",
"userName" : "jdoe",
"sAMAccountName" : "jDoe",
"mail" : "[email protected]"
}
}''' # AccountAttributes |
try:
# Update Account
new_account_attributes = AccountAttributes.from_json(account_attributes)
results = AccountsApi(api_client).put_account(id=id, account_attributes=new_account_attributes)
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).put_account(id, new_account_attributes)
print("The response of AccountsApi->put_account:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->put_account: %s\n" % e)
submit-reload-account
Reload Account
This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | id | str | True | The account id |
Return type
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 202 | Async task details | AccountsAsyncResult | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.accounts_async_result import AccountsAsyncResult
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
id = 'ef38f94347e94562b5bb8424a56397d8' # str | The account id # str | The account id
try:
# Reload Account
results = AccountsApi(api_client).submit_reload_account(id=id)
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).submit_reload_account(id)
print("The response of AccountsApi->submit_reload_account:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->submit_reload_account: %s\n" % e)
unlock-account
Unlock Account
This API submits a task to unlock an account and returns the task ID.
To use this endpoint to unlock an account that has the forceProvisioning option set to true, the idn:accounts-provisioning:manage scope is required.
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or HELPDESK authority is required to call this API.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | id | str | True | The account ID. |
| Body | account_unlock_request | AccountUnlockRequest | True |
Return type
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 202 | Async task details | AccountsAsyncResult | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.account_unlock_request import AccountUnlockRequest
from sailpoint.beta.models.accounts_async_result import AccountsAsyncResult
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
id = 'ef38f94347e94562b5bb8424a56397d8' # str | The account ID. # str | The account ID.
account_unlock_request = '''{
"forceProvisioning" : false,
"externalVerificationId" : "3f9180835d2e5168015d32f890ca1581",
"unlockIDNAccount" : false
}''' # AccountUnlockRequest |
try:
# Unlock Account
new_account_unlock_request = AccountUnlockRequest.from_json(account_unlock_request)
results = AccountsApi(api_client).unlock_account(id=id, account_unlock_request=new_account_unlock_request)
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).unlock_account(id, new_account_unlock_request)
print("The response of AccountsApi->unlock_account:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->unlock_account: %s\n" % e)
update-account
Update Account Use this API to update account details. A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.
This API supports updating an account's correlation by modifying the identityId and manuallyCorrelated fields.
To reassign an account from one identity to another, replace the current identityId with a new value.
If the account you're assigning was provisioned by Identity Security Cloud (ISC), it's possible for ISC to create a new account
for the previous identity as soon as the account is moved. If the account you're assigning is authoritative,
this causes the previous identity to become uncorrelated and can even result in its deletion.
All accounts that are reassigned will be set to manuallyCorrelated: true unless you specify otherwise.
Note: The
attributesfield can only be modified for flat file accounts.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | id | str | True | Account ID. |
| Body | request_body | []object | True | A list of account update operations according to the JSON Patch standard. |
Return type
object
Responses
| Code | Description | Data Type | Response headers |
|---|---|---|---|
| 202 | Accepted - Returned if the request was successfully accepted into the system. | object | - |
| 400 | Client Error - Returned if the request body is invalid. | ErrorResponseDto | - |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListAccessModelMetadataAttribute401Response | - |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | ErrorResponseDto | - |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | ErrorResponseDto | - |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListAccessModelMetadataAttribute429Response | - |
| 500 | Internal Server Error - Returned if there is an unexpected error. | ErrorResponseDto | - |
HTTP request headers
- Content-Type: application/json-patch+json
- Accept: application/json
Example
from sailpoint.beta.api.accounts_api import AccountsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
id = 'ef38f94347e94562b5bb8424a56397d8' # str | Account ID. # str | Account ID.
request_body = '''{Uncorrelate account={description=Remove account from Identity, value=[{op=remove, path=/identityId}]}, Reassign account={description=Move account from one Identity to another Identity, value=[{op=replace, path=/identityId, value=2c9180857725c14301772a93bb77242d}]}, Add account attribute={description=Add flat file account's attribute, value=[{op=add, path=/attributes/familyName, value=Smith}]}, Replace account attribute={description=Replace flat file account's attribute, value=[{op=replace, path=/attributes/familyName, value=Smith}]}, Remove account attribute={description=Remove flat file account's attribute, value=[{op=remove, path=/attributes/familyName}]}}''' # List[object] | A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
try:
# Update Account
new_request_body = RequestBody.from_json(request_body)
results = AccountsApi(api_client).update_account(id=id, request_body=new_request_body)
# Below is a request that includes all optional parameters
# results = AccountsApi(api_client).update_account(id, new_request_body)
print("The response of AccountsApi->update_account:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling AccountsApi->update_account: %s\n" % e)