Skip to main content

sailpoint.beta.SegmentsApi

Use this API to implement and customize access request segment functionality. With this functionality in place, administrators can create and manage access request segments. Segments provide organizations with a way to make the access their users have even more granular - this can simply the access request process for the organization's users and improves security by reducing the risk of overprovisoning access.

Segments represent sets of identities, all grouped by specified identity attributes, who are only able to see and access the access items associated with their segments. For example, administrators could group all their organization's London office employees into one segment, "London Office Employees," by their shared location. The administrators could then define the access items the London employees would need, and the identities in the "London Office Employees" would then only be able to see and access those items.

In Identity Security Cloud, administrators can use the 'Access' drop-down menu and select 'Segments' to reach the 'Access Requests Segments' page. This page lists all the existing access request segments, along with their statuses, enabled or disabled. Administrators can use this page to create, edit, enable, disable, and delete segments. To create a segment, an administrator must provide a name, define the identities grouped in the segment, and define the items the identities in the segment can access. These items can be access profiles, roles, or entitlements.

When administrators use the API to create and manage segments, they use a JSON expression in the `visibilityCriteria` object to define the segment's identities and access items.

Refer to Managing Access Request Segments for more information about segments in Identity Security Cloud.

All URIs are relative to https://sailpoint.api.identitynow.com/beta

MethodHTTP requestDescription
create-segmentPOST /segmentsCreate Segment
delete-segmentDELETE /segments/{id}Delete Segment by ID
get-segmentGET /segments/{id}Get Segment by ID
list-segmentsGET /segmentsList Segments
patch-segmentPATCH /segments/{id}Update Segment

create-segment

Create Segment This API creates a segment.

Note: Segment definitions may take time to propagate to all identities. A token with ORG_ADMIN or API authority is required to call this API.

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
BodysegmentSegmentTrue

Return type

Segment

Responses

CodeDescriptionData TypeResponse headers
201Segment createdSegment-
400Client Error - Returned if the request body is invalid.ErrorResponseDto-
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessModelMetadataAttribute401Response-
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto-
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessModelMetadataAttribute429Response-
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto-

HTTP request headers

  • Content-Type: application/json
  • Accept: application/json

Example

from sailpoint.beta.api.segments_api import SegmentsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.segment import Segment
from sailpoint.configuration import Configuration
configuration = Configuration()


with ApiClient(configuration) as api_client:
segment = '''{
"owner" : {
"name" : "support",
"id" : "2c9180a46faadee4016fb4e018c20639",
"type" : "IDENTITY"
},
"created" : "2020-01-01T00:00:00Z",
"visibilityCriteria" : {
"expression" : {
"children" : [ ],
"attribute" : "location",
"value" : {
"type" : "STRING",
"value" : "Austin"
},
"operator" : "EQUALS"
}
},
"name" : "segment-xyz",
"modified" : "2020-01-01T00:00:00Z",
"description" : "This segment represents xyz",
"active" : true,
"id" : "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde"
}''' # Segment |

try:
# Create Segment
new_segment = Segment.from_json(segment)
results = SegmentsApi(api_client).create_segment(segment=new_segment)
# Below is a request that includes all optional parameters
# results = SegmentsApi(api_client).create_segment(new_segment)
print("The response of SegmentsApi->create_segment:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling SegmentsApi->create_segment: %s\n" % e)

[Back to top]

delete-segment

Delete Segment by ID This API deletes the segment specified by the given ID.

Note: Segment deletion may take some time to go into effect. A token with ORG_ADMIN or API authority is required to call this API.

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
PathidstrTrueThe segment ID to delete.

Return type

(empty response body)

Responses

CodeDescriptionData TypeResponse headers
204No content.-
400Client Error - Returned if the request body is invalid.ErrorResponseDto-
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessModelMetadataAttribute401Response-
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto-
404Not Found - returned if the request URL refers to a resource or object that does not existErrorResponseDto-
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessModelMetadataAttribute429Response-
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto-

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

Example

from sailpoint.beta.api.segments_api import SegmentsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.configuration import Configuration
configuration = Configuration()


with ApiClient(configuration) as api_client:
id = 'ef38f94347e94562b5bb8424a56397d8' # str | The segment ID to delete. # str | The segment ID to delete.

try:
# Delete Segment by ID

SegmentsApi(api_client).delete_segment(id=id)
# Below is a request that includes all optional parameters
# SegmentsApi(api_client).delete_segment(id)
except Exception as e:
print("Exception when calling SegmentsApi->delete_segment: %s\n" % e)

[Back to top]

get-segment

Get Segment by ID This API returns the segment specified by the given ID. A token with ORG_ADMIN or API authority is required to call this API.

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
PathidstrTrueThe segment ID to retrieve.

Return type

Segment

Responses

CodeDescriptionData TypeResponse headers
200SegmentSegment-
400Client Error - Returned if the request body is invalid.ErrorResponseDto-
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessModelMetadataAttribute401Response-
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto-
404Not Found - returned if the request URL refers to a resource or object that does not existErrorResponseDto-
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessModelMetadataAttribute429Response-
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto-

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

Example

from sailpoint.beta.api.segments_api import SegmentsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.segment import Segment
from sailpoint.configuration import Configuration
configuration = Configuration()


with ApiClient(configuration) as api_client:
id = 'ef38f94347e94562b5bb8424a56397d8' # str | The segment ID to retrieve. # str | The segment ID to retrieve.

try:
# Get Segment by ID

results = SegmentsApi(api_client).get_segment(id=id)
# Below is a request that includes all optional parameters
# results = SegmentsApi(api_client).get_segment(id)
print("The response of SegmentsApi->get_segment:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling SegmentsApi->get_segment: %s\n" % e)

[Back to top]

list-segments

List Segments This API returns a list of all segments. A token with ORG_ADMIN or API authority is required to call this API.

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
Querylimitint(optional) (default to 250)Max number of results to return. See V3 API Standard Collection Parameters for more information.
Queryoffsetint(optional) (default to 0)Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
Querycountbool(optional) (default to False)If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information.

Return type

List[Segment]

Responses

CodeDescriptionData TypeResponse headers
200List of all segmentsList[Segment]-
400Client Error - Returned if the request body is invalid.ErrorResponseDto-
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessModelMetadataAttribute401Response-
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto-
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessModelMetadataAttribute429Response-
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto-

HTTP request headers

  • Content-Type: Not defined
  • Accept: application/json

Example

from sailpoint.beta.api.segments_api import SegmentsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.segment import Segment
from sailpoint.configuration import Configuration
configuration = Configuration()


with ApiClient(configuration) as api_client:
limit = 250 # int | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250) # int | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
offset = 0 # int | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0) # int | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
count = False # bool | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to False) # bool | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to False)

try:
# List Segments

results = SegmentsApi(api_client).list_segments()
# Below is a request that includes all optional parameters
# results = SegmentsApi(api_client).list_segments(limit, offset, count)
print("The response of SegmentsApi->list_segments:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling SegmentsApi->list_segments: %s\n" % e)

[Back to top]

patch-segment

Update Segment Use this API to update segment fields by using the JSON Patch standard.

Note: Changes to a segment may take some time to propagate to all identities. A token with ORG_ADMIN or API authority is required to call this API.

API Spec

Parameters

Param TypeNameData TypeRequiredDescription
PathidstrTrueThe segment ID to modify.
Bodyrequest_body[]objectTrueA list of segment update operations according to the JSON Patch standard. The following fields are patchable: * name * description * owner * visibilityCriteria * active

Return type

Segment

Responses

CodeDescriptionData TypeResponse headers
200Indicates the PATCH operation succeeded, and returns the segment's new representation.Segment-
400Client Error - Returned if the request body is invalid.ErrorResponseDto-
401Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.ListAccessModelMetadataAttribute401Response-
403Forbidden - Returned if the user you are running as, doesn't have access to this end-point.ErrorResponseDto-
404Not Found - returned if the request URL refers to a resource or object that does not existErrorResponseDto-
429Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.ListAccessModelMetadataAttribute429Response-
500Internal Server Error - Returned if there is an unexpected error.ErrorResponseDto-

HTTP request headers

  • Content-Type: application/json-patch+json
  • Accept: application/json

Example

from sailpoint.beta.api.segments_api import SegmentsApi
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.models.segment import Segment
from sailpoint.configuration import Configuration
configuration = Configuration()


with ApiClient(configuration) as api_client:
id = 'ef38f94347e94562b5bb8424a56397d8' # str | The segment ID to modify. # str | The segment ID to modify.
request_body = '''[{op=replace, path=/visibilityCriteria, value={expression={operator=AND, children=[{operator=EQUALS, attribute=location, value={type=STRING, value=Philadelphia}}, {operator=EQUALS, attribute=department, value={type=STRING, value=HR}}]}}}]''' # List[object] | A list of segment update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following fields are patchable: * name * description * owner * visibilityCriteria * active

try:
# Update Segment
new_request_body = RequestBody.from_json(request_body)
results = SegmentsApi(api_client).patch_segment(id=id, request_body=new_request_body)
# Below is a request that includes all optional parameters
# results = SegmentsApi(api_client).patch_segment(id, new_request_body)
print("The response of SegmentsApi->patch_segment:\n")
print(results.model_dump_json(by_alias=True, indent=4))
except Exception as e:
print("Exception when calling SegmentsApi->patch_segment: %s\n" % e)

[Back to top]