Lists all events for the given identity
This method retrieves all access events for the identity Requires authorization scope of 'idn:identity-history:read'
Path Parameters
- id string required
The identity id
Example: 8c190e6787aa4ed9a90bd9d5344523fb
Query Parameters
- from string
The optional instant from which to return the access events
Example: 2007-03-01T13:00:00Z - eventTypes string[]
An optional list of event types to return. If null or empty, all events are returned
Example: AccessAddedEvent,AccessRemovedEvent - accessItemTypes string[]
An optional list of access item types (app, account, entitlement, etc...) to return. If null or empty, all access items types are returned
Example: entitlement,account - limit int32
Possible values:
<= 250Default value:
250Max number of results to return. See V3 API Standard Collection Parameters for more information.
Example: 250 - offset int32
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
- count boolean
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.
See V3 API Standard Collection Parameters for more information.
Example: true
- 200
- 400
- 401
- 403
- 404
- 429
- 500
The list of events for the identity
- application/json
- Schema
- Example (from schema)
- Access Item Associated
- Access Item Removed
- Attributes Changed
- Access Requested
- Identity Certified
- Account Status Changed
Schema array
- MOD1
- MOD2
- MOD3
- MOD4
- MOD5
- MOD6
accessItem object
oneOf- MOD1
- MOD2
- MOD3
- MOD4
- MOD5
accessType stringthe access item type. accessProfile in this case
id stringthe access item id
name stringthe access profile name
sourceName stringthe name of the source
sourceId stringthe id of the source
description stringthe description for the access profile
displayName stringthe display name of the identity
entitlementCount stringthe number of entitlements the access profile will create
appDisplayName stringthe name of app
accessType stringthe access item type. account in this case
id stringthe access item id
nativeIdentity stringthe native identifier used to uniquely identify an acccount
sourceName stringthe name of the source
sourceId stringthe id of the source
entitlementCount stringthe number of entitlements the account will create
displayName stringthe display name of the identity
accessType stringthe access item type. entitlement in this case
id stringthe access item id
displayName stringthe access profile display name
sourceName stringthe associated source name if it exists
accessType stringthe access item type. entitlement in this case
id stringthe access item id
attribute stringthe entitlement attribute
value stringthe associated value
entitlementType stringthe type of entitlement
sourceName stringthe name of the source
sourceId stringthe id of the source
description stringthe description for the entitlment
displayName stringthe display name of the identity
accessType stringthe access item type. role in this case
id stringthe access item id
displayName stringthe role display name
description stringthe description for the role
sourceName stringthe associated source name if it exists
- identityId string
the identity id
- eventType string
the event type
- dt string
the date of event
governanceEvent object
name stringThe name of the governance event, such as the certification name or access request ID.
dt stringThe date that the certification or access request was completed.
type stringPossible values: [
certification,accessRequest]The type of governance event.
governanceId stringThe ID of the instance that caused the event - either the certification ID or access request ID.
owners object[]
The owners of the governance event (the certifiers or approvers)
id stringthe id of the certifier
displayName stringthe name of the certifier
reviewers object[]
The owners of the governance event (the certifiers or approvers), this field should be preferred over owners
id stringthe id of the certifier
displayName stringthe name of the certifier
decisionMaker object
The decision maker
id stringthe id of the certifier
displayName stringthe name of the certifier
accessItem object
oneOf- MOD1
- MOD2
- MOD3
- MOD4
- MOD5
accessType stringthe access item type. accessProfile in this case
id stringthe access item id
name stringthe access profile name
sourceName stringthe name of the source
sourceId stringthe id of the source
description stringthe description for the access profile
displayName stringthe display name of the identity
entitlementCount stringthe number of entitlements the access profile will create
appDisplayName stringthe name of app
accessType stringthe access item type. account in this case
id stringthe access item id
nativeIdentity stringthe native identifier used to uniquely identify an acccount
sourceName stringthe name of the source
sourceId stringthe id of the source
entitlementCount stringthe number of entitlements the account will create
displayName stringthe display name of the identity
accessType stringthe access item type. entitlement in this case
id stringthe access item id
displayName stringthe access profile display name
sourceName stringthe associated source name if it exists
accessType stringthe access item type. entitlement in this case
id stringthe access item id
attribute stringthe entitlement attribute
value stringthe associated value
entitlementType stringthe type of entitlement
sourceName stringthe name of the source
sourceId stringthe id of the source
description stringthe description for the entitlment
displayName stringthe display name of the identity
accessType stringthe access item type. role in this case
id stringthe access item id
displayName stringthe role display name
description stringthe description for the role
sourceName stringthe associated source name if it exists
- identityId string
the identity id
- eventType string
the event type
- dt string
the date of event
governanceEvent object
name stringThe name of the governance event, such as the certification name or access request ID.
dt stringThe date that the certification or access request was completed.
type stringPossible values: [
certification,accessRequest]The type of governance event.
governanceId stringThe ID of the instance that caused the event - either the certification ID or access request ID.
owners object[]
The owners of the governance event (the certifiers or approvers)
id stringthe id of the certifier
displayName stringthe name of the certifier
reviewers object[]
The owners of the governance event (the certifiers or approvers), this field should be preferred over owners
id stringthe id of the certifier
displayName stringthe name of the certifier
decisionMaker object
The decision maker
id stringthe id of the certifier
displayName stringthe name of the certifier
changes object[]
name stringthe attribute name
previousValue stringthe old value of attribute
newValue stringthe new value of attribute
- eventType string
the event type
- identityId string
the identity id
- dt string
the date of event
accessRequest object
the access request details
requesterId stringthe requester Id
requesterName stringthe requesterName
items object[]
operation stringthe access request item operation
accessItemType stringthe access item type
name stringthe name of access request item
decision stringPossible values: [
APPROVED,REJECTED]the final decision for the access request
description stringthe description of access request item
sourceId stringthe source id
sourceName stringthe source Name
approvalInfos object[]
id stringthe id of approver
name stringthe name of approver
status stringthe status of the approval request
- identityId string
the identity id
- eventType string
the event type
- dt string
the date of event
- certificationId string
the id of the certification item
- certificationName string
the certification item name
- signedDate string
the date ceritification was signed
certifiers object[]
this field is deprecated and may go away
id stringthe id of the certifier
displayName stringthe name of the certifier
reviewers object[]
The list of identities who review this certification
id stringthe id of the certifier
displayName stringthe name of the certifier
signer object
Identity who signed off on the certification
id stringthe id of the certifier
displayName stringthe name of the certifier
- eventType string
the event type
- dt string
the date of event
- eventType string
the event type
- identityId string
the identity id
- dt string
the date of event
account object
id stringthe ID of the account in the database
nativeIdentity stringthe native identifier of the account
displayName stringthe display name of the account
sourceId stringthe ID of the source for this account
sourceName stringthe name of the source for this account
entitlementCount integerthe number of entitlements on this account
accessType stringthis value is always "account"
statusChange object
previousStatus stringPossible values: [
enabled,disabled,locked]the previous status of the account
newStatus stringPossible values: [
enabled,disabled,locked]the new status of the account
[
{
"accessItem": {
"accessType": "accessProfile",
"id": "2c918087763e69d901763e72e97f006f",
"name": "sample",
"sourceName": "DataScienceDataset",
"sourceId": "2793o32dwd",
"description": "AccessProfile - Workday/Citizenship access",
"displayName": "Dr. Arden Rogahn MD",
"entitlementCount": 12,
"appDisplayName": "AppName"
},
"identityId": "8c190e6787aa4ed9a90bd9d5344523fb",
"eventType": "AccessItemAssociated",
"dt": "2019-03-08T22:37:33.901Z",
"governanceEvent": {
"name": "Manager Certification for Jon Snow",
"dt": "2019-03-08T22:37:33.901Z",
"type": "certification",
"governanceId": "2c91808a77ff216301782327a50f09bf",
"owners": [
{
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
],
"reviewers": [
{
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
],
"decisionMaker": {
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
}
},
{
"accessItem": {
"accessType": "accessProfile",
"id": "2c918087763e69d901763e72e97f006f",
"name": "sample",
"sourceName": "DataScienceDataset",
"sourceId": "2793o32dwd",
"description": "AccessProfile - Workday/Citizenship access",
"displayName": "Dr. Arden Rogahn MD",
"entitlementCount": 12,
"appDisplayName": "AppName"
},
"identityId": "8c190e6787aa4ed9a90bd9d5344523fb",
"eventType": "AccessItemRemoved",
"dt": "2019-03-08T22:37:33.901Z",
"governanceEvent": {
"name": "Manager Certification for Jon Snow",
"dt": "2019-03-08T22:37:33.901Z",
"type": "certification",
"governanceId": "2c91808a77ff216301782327a50f09bf",
"owners": [
{
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
],
"reviewers": [
{
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
],
"decisionMaker": {
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
}
},
{
"attributeChanges": {
"name": "firstname",
"previousValue": "adam",
"newValue": "zampa"
},
"eventType": "AttributesChanged",
"identityId": "8a80828f643d484f01643e14202e206f",
"dt": "2019-03-08T22:37:33.901Z"
},
{
"accessRequest": {
"requesterId": "2c91808a77ff216301782327a50f09bf",
"requesterName": "Bing C",
"items": [
{
"operation": "Add",
"accessItemType": "role",
"name": "Role-1",
"decision": "APPROVED",
"description": "The role descrition",
"sourceId": "8a80828f643d484f01643e14202e206f",
"sourceName": "Source1",
"approvalInfos": [
{
"name": "John Snow",
"id": "8a80828f643d484f01643e14202e2000",
"status": "Approved"
}
]
}
]
},
"identityId": "8a80828f643d484f01643e14202e206f",
"eventType": "AccessRequested",
"dt": "2019-03-08T22:37:33.901Z"
},
{
"certificationId": "2c91808a77ff216301782327a50f09bf",
"certificationName": "Cert name",
"signedDate": "2019-03-08T22:37:33.901Z",
"certifiers": [
{
"id": "8a80828f643d484f01643e14202e206f",
"displayName": "John Snow"
}
],
"reviewers": [
{
"id": "8a80828f643d484f01643e14202e206f",
"displayName": "John Snow"
}
],
"signer": {
"id": "8a80828f643d484f01643e14202e206f",
"displayName": "John Snow"
},
"eventType": "IdentityCertified",
"dt": "2019-03-08T22:37:33.901Z"
},
{
"account": {
"id": "2c91808a77ff216301782327a50f09bf",
"nativeIdentity": 127999,
"displayName": "Sample Name",
"sourceId": "8a80828f643d484f01643e14202e206f",
"sourceName": "JDBC Entitlements Source",
"entitlementCount": 0,
"accessType": "account"
},
"statusChange": {
"previousStatus": "enabled",
"newStatus": "disabled"
},
"eventType": "AccountStatusChanged",
"identityId": "8a80828f643d484f01643e14202e206f",
"date": "2019-03-08T22:37:33.901Z"
}
]
[
{
"accessItem": {
"id": "8c190e6787aa4ed9a90bd9d5344523fb",
"accessType": "account",
"nativeIdentity": 127999,
"sourceName": "JDBC Entitlements Source",
"entitlementCount": 0,
"displayName": "Sample Name"
},
"eventType": "AccessItemAssociated",
"identityId": "8a80828f643d484f01643e14202e206f",
"dt": "2019-03-08T22:37:33.901Z",
"governanceEvent": {
"name": "Access Request 58",
"dt": "2019-03-08T22:37:33.901Z",
"type": "accessRequest",
"governanceId": "2c91808a77ff216301782327a50f09e1",
"owners": [
{
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
],
"reviewers": [
{
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
],
"decisionMaker": {
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
}
}
]
[
{
"accessItem": {
"id": "8c190e6787aa4ed9a90bd9d5344523fb",
"accessType": "account",
"nativeIdentity": 127999,
"sourceName": "JDBC Entitlements Source",
"entitlementCount": 0,
"displayName": "Sample Name"
},
"eventType": "AccessItemRemoved",
"identityId": "8a80828f643d484f01643e14202e206f",
"dt": "2019-03-08T22:37:33.901Z",
"governanceEvent": {
"name": "Manager Certification for Jon Snow",
"dt": "2019-03-08T22:37:33.901Z",
"type": "certification",
"governanceId": "2c91808a77ff216301782327a50f09bf",
"owners": [
{
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
],
"reviewers": [
{
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
],
"decisionMaker": {
"id": "bc693f07e7b645539626c25954c58554",
"displayName": "Jon Snow"
}
}
}
]
[
{
"attributeChanges": [
{
"name": "firstname",
"previousValue": "adam",
"newValue": "zampa"
}
],
"eventType": "AttributesChanged",
"identityId": "8a80828f643d484f01643e14202e206f",
"dt": "2019-03-08T22:37:33.901Z"
}
]
{
"accessRequest": {
"requesterId": "2c91808a77ff216301782327a50f09bf",
"requestName": "Bing C",
"items": [
{
"operation": "Add",
"accessItemType": "role",
"name": "Role-1",
"decision": "APPROVED",
"description": "The role descrition",
"sourceId": "8a80828f643d484f01643e14202e206f",
"sourceName": "Source1",
"approvalInfos": [
{
"name": "John Snow",
"id": "8a80828f643d484f01643e14202e2000",
"status": "Approved"
}
]
}
]
},
"eventType": "AccessRequested",
"identityId": "8a80828f643d484f01643e14202e206f",
"dt": "2019-03-08T22:37:33.901Z"
}
[
{
"certification": {
"id": "2c91808a77ff216301782327a50f09bf",
"name": "Cert name",
"signedDate": "2019-03-08T22:37:33.901Z",
"certifiers": [
{
"id": "8a80828f643d484f01643e14202e206f",
"displayName": "John Snow"
}
],
"reviewers": [
{
"id": "8a80828f643d484f01643e14202e206f",
"displayName": "Daenerys Targaryen"
}
],
"signer": {
"id": "8a80828f643d484f01643e14202e206f",
"displayName": "Tyrion Lannister"
}
},
"eventType": "IdentityCertified",
"identityId": "8a80828f643d484f01643e14202e206f",
"dt": "2019-03-08T22:37:33.901Z"
}
]
[
{
"account": {
"id": "2c91808a77ff216301782327a50f09bf",
"nativeIdentity": 127999,
"displayName": "Sample Name",
"sourceId": "8a80828f643d484f01643e14202e206f",
"sourceName": "JDBC Entitlements Source",
"entitlementCount": 0,
"accessType": "account"
},
"statusChange": {
"previousStatus": "ENABLED",
"newStatus": "DISABLED"
},
"eventType": "AccountStatusChanged",
"identityId": "8a80828f643d484f01643e14202e206f",
"dt": "2019-03-08T22:37:33.901Z"
}
]
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
- detailCode string
Fine-grained error code providing more detail of the error.
- trackingId string
Unique tracking id for the error.
messages object[]
Generic localized reason for error
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT,REQUEST]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT,REQUEST]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
- error
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
- detailCode string
Fine-grained error code providing more detail of the error.
- trackingId string
Unique tracking id for the error.
messages object[]
Generic localized reason for error
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT,REQUEST]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT,REQUEST]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Not Found - returned if the request URL refers to a resource or object that does not exist
- application/json
- Schema
- Example (from schema)
- 404
Schema
- detailCode string
Fine-grained error code providing more detail of the error.
- trackingId string
Unique tracking id for the error.
messages object[]
Generic localized reason for error
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT,REQUEST]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT,REQUEST]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 404 response object
{
"detailCode": "404 Not found",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server did not find a current representation for the target resource."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (from schema)
Schema
- message
A message describing the error
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
- detailCode string
Fine-grained error code providing more detail of the error.
- trackingId string
Unique tracking id for the error.
messages object[]
Generic localized reason for error
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT,REQUEST]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT,REQUEST]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}