Skip to main content

Access Request Status

The Access Request Status API returns a list of access request statuses based on the specified query parameters. Any token with any authority can request their own status. A token with ORG_ADMIN authority is required to call this API to get a list of statuses for other users.

Query Parameters
  • requested-for string

    Filter the results by the identity for which the requests were made. me indicates the current user. Mutually exclusive with regarding-identity.

    Example: 2c9180877b2b6ea4017b2c545f971429
  • requested-by string

    Filter the results by the identity that made the requests. me indicates the current user. Mutually exclusive with regarding-identity.

    Example: 2c9180877b2b6ea4017b2c545f971429
  • regarding-identity string

    Filter the results by the specified identity which is either the requester or target of the requests. me indicates the current user. Mutually exclusive with requested-for and requested-by.

    Example: 2c9180877b2b6ea4017b2c545f971429
  • count boolean

    If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

  • limit int32

    Possible values: <= 250

    Default value: 250

    Max number of results to return.

    Example: 100
  • offset int32

    Offset into the full result set. Usually specified with limit to paginate through the results. Defaults to 0 if not specified.

    Example: 10
  • filters string

    Filter results using the standard syntax described in V3 API Standard Collection Parameters

    Filtering is supported for the following fields and operators:

    accountActivityItemId: eq, in

    Example: accountActivityItemId eq "2c918086771c86df0177401efcdf54c0"
  • sorters comma-separated

    Sort results using the standard syntax described in V3 API Standard Collection Parameters

    Sorting is supported for the following fields: created, modified, accountActivityItemId

    Example: created
Responses

List of requested item status.

Schema array
  • name string

    Human-readable display name of the item being requested.

  • type string

    Possible values: [ACCESS_PROFILE, ROLE, ENTITLEMENT]

    Type of requested object.

  • cancelledRequestDetails object

    Provides additional details for a request that has been cancelled.

  • comment string

    Comment made by the owner when cancelling the associated request.

  • owner object
  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • modified date-time

    Date comment was added by the owner when cancelling the associated request

  • errorMessages array[]

    List of list of localized error messages, if any, encountered during the approval/provisioning process.

  • state string

    Possible values: [EXECUTING, REQUEST_COMPLETED, CANCELLED, TERMINATED, PROVISIONING_VERIFICATION_PENDING, REJECTED, PROVISIONING_FAILED, NOT_ALL_ITEMS_PROVISIONED, ERROR]

    Indicates the state of an access request:

    • EXECUTING: The request is executing, which indicates the system is doing some processing.
    • REQUEST_COMPLETED: Indicates the request has been completed.
    • CANCELLED: The request was cancelled with no user input.
    • TERMINATED: The request has been terminated before it was able to complete.
    • PROVISIONING_VERIFICATION_PENDING: The request has finished any approval steps and provisioning is waiting to be verified.
    • REJECTED: The request was rejected.
    • PROVISIONING_FAILED: The request has failed to complete.
    • NOT_ALL_ITEMS_PROVISIONED: One or more of the requested items failed to complete, but there were one or more successes.
    • ERROR: An error occurred during request processing.
  • approvalDetails object[]

    Approval details for each item.

  • forwarded boolean

    True if the request for this item was forwarded from one owner to another.

  • originalOwner object

    Base identity/workgroup reference object representing the original owner, if forwarded.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • currentOwner object

    Base reference of approver that will make decision.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • reviewedBy object

    The identity who has reviewed the approval.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • modified date-time

    Time at which item was modified.

  • status string

    Possible values: [PENDING, APPROVED, REJECTED, EXPIRED, CANCELLED, ARCHIVED]

    Indicates the state of the request processing for this item:

    • PENDING: The request for this item is awaiting processing.
    • APPROVED: The request for this item has been approved.
    • REJECTED: The request for this item was rejected.
    • EXPIRED: The request for this item expired with no action taken.
    • CANCELLED: The request for this item was cancelled with no user action.
    • ARCHIVED: The request for this item has been archived after completion.
  • scheme string

    Possible values: [APP_OWNER, SOURCE_OWNER, MANAGER, ROLE_OWNER, ACCESS_PROFILE_OWNER, GOVERNANCE_GROUP]

    Describes the individual or group that is responsible for an approval step.

  • errorMessages object[]

    If the request failed, includes any error messages that were generated.

  • locale string

    The locale for the message text, a BCP 47 language tag.

  • localeOrigin string

    Possible values: [DEFAULT, REQUEST]

    An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  • text string

    Actual text of the error message in the indicated locale.

  • comment string

    Comment, if any, provided by the approver.

  • removeDate date-time

    The date the role or access profile is no longer assigned to the specified identity.

  • manualWorkItemDetails object[]

    Manual work items created for provisioning the item.

  • forwarded boolean

    True if the request for this item was forwarded from one owner to another.

  • originalOwner object

    Base identity/workgroup reference object representing the original owner, if forwarded.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • currentOwner object

    Base reference of approver that will make decision.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • modified date-time

    Time at which item was modified.

  • status string

    Possible values: [PENDING, APPROVED, REJECTED, EXPIRED, CANCELLED, ARCHIVED]

    Indicates the state of the request processing for this item:

    • PENDING: The request for this item is awaiting processing.
    • APPROVED: The request for this item has been approved.
    • REJECTED: The request for this item was rejected.
    • EXPIRED: The request for this item expired with no action taken.
    • CANCELLED: The request for this item was cancelled with no user action.
    • ARCHIVED: The request for this item has been archived after completion.
  • accountActivityItemId string

    Id of associated account activity item.

  • requestType string

    Possible values: [GRANT_ACCESS, REVOKE_ACCESS]

    Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. Currently REVOKE_ACCESS is not supported for entitlements.

  • modified date-time

    When the request was last modified.

  • created date-time

    When the request was created.

  • requester object

    The identity that requested the item.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • requestedFor object

    The identity for whom the Access Request Status is requested for.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • requesterComment object

    The requester's comment.

  • comment string

    Content of the comment

  • author object
  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • id string

    ID of the author

  • name string

    Human-readable display name of the identity making the comment

  • created date-time

    Date and time comment was created

  • sodViolationContext object

    The details of the SOD violations for the associated approval.

  • state string

    Possible values: [SUCCESS, ERROR]

    The status of SOD violation check

  • uuid string

    The id of the Violation check event

  • violationCheckResult object

    The inner object representing the completed SOD Violation check

  • message object

    If the request failed, includes any error message that was generated.

  • locale string

    The locale for the message text, a BCP 47 language tag.

  • localeOrigin string

    Possible values: [DEFAULT, REQUEST]

    An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  • text string

    Actual text of the error message in the indicated locale.

  • clientMetadata object

    Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.

  • property name* string
  • violationContexts object[]
  • policy object

    Reference to the Policy that is being violated.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • conflictingAccessCriteria object

    The object which contains the left and right hand side of the entitlements that got violated according to the policy.

  • leftCriteria object
  • criteriaList object[]
  • existing boolean

    If the entitlement already belonged to the user or not.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • id string

    Entitlement ID

  • name string

    Entitlement name

  • rightCriteria object
  • criteriaList object[]
  • existing boolean

    If the entitlement already belonged to the user or not.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • id string

    Entitlement ID

  • name string

    Entitlement name

  • violatedPolicies object[]

    A list of the Policies that were violated

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • provisioningDetails object

    Provides additional details about provisioning for this request.

  • orderedSubPhaseReferences string

    Ordered CSV of sub phase references to objects that contain more information about provisioning. For example, this can contain "manualWorkItemDetails" which indicate that there is further information in that object for this phase.

  • preApprovalTriggerDetails object

    Provides additional details about the pre-approval trigger for this request.

  • comment string

    Comment left for the pre-approval decision

  • reviewer string

    The reviewer of the pre-approval decision

  • decision string

    Possible values: [APPROVED, REJECTED]

    The decision of the pre-approval trigger

  • accessRequestPhases object[]

    A list of Phases that the Access Request has gone through in order, to help determine the status of the request.

  • started date-time

    The time that this phase started.

  • finished date-time

    The time that this phase finished.

  • name string

    The name of this phase.

  • state string

    Possible values: [PENDING, EXECUTING, COMPLETED, CANCELLED]

    The state of this phase.

  • result string

    Possible values: [SUCCESSFUL, FAILED]

    The state of this phase.

  • phaseReference string

    A reference to another object on the RequestedItemStatus that contains more details about the phase. Note that for the Provisioning phase, this will be empty if there are no manual work items.

  • description string

    Description associated to the requested object.

  • removeDate date-time

    When the role access is scheduled for removal.

  • cancelable boolean

    True if the request can be canceled.

  • accessRequestId string

    This is the account activity id.

  • clientMetadata object

    Arbitrary key-value pairs, if any were included in the corresponding access request

  • property name* string
Loading...