Skip to main content

Pending Access Request Approvals List

This endpoint returns a list of pending approvals. See "owner-id" query parameter below for authorization info.

Query Parameters
  • owner-id string

    If present, the value returns only pending approvals for the specified identity.

    • ORG_ADMIN users can call this with any identity ID value.
    • ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.
    • Non-ORG_ADMIN users can only specify me or pass their own identity ID value.
  • limit int32

    Possible values: <= 250

    Default value: 250

    Max number of results to return. See V3 API Standard Collection Parameters for more information.

    Example: 250
  • offset int32

    Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

  • count boolean

    If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

    Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

    See V3 API Standard Collection Parameters for more information.

    Example: true
  • filters string

    Filter results using the standard syntax described in V3 API Standard Collection Parameters

    Filtering is supported for the following fields and operators:

    id: eq, in

    requestedFor.id: eq, in

    modified: gt, lt, ge, le

  • sorters comma-separated

    Sort results using the standard syntax described in V3 API Standard Collection Parameters

    Sorting is supported for the following fields: created, modified

Responses

List of Pending Approvals.

Schema array
  • id string

    The approval id.

  • name string

    The name of the approval.

  • created date-time

    When the approval was created.

  • modified date-time

    When the approval was modified last time.

  • requestCreated date-time

    When the access-request was created.

  • requestType string

    Possible values: [GRANT_ACCESS, REVOKE_ACCESS]

    Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. Currently REVOKE_ACCESS is not supported for entitlements.

  • requester object

    The identity that requested the item.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • requestedFor object

    The identity for whom the item is requested for.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • owner object

    The owner or approver of the approval.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • requestedObject object

    The requested access item.

  • id string

    Id of the object.

  • name string

    Name of the object.

  • description string

    Description of the object.

  • type string

    Possible values: [ACCESS_PROFILE, ROLE, ENTITLEMENT]

    Type of the object.

  • requesterComment object

    The requester's comment.

  • comment string

    Content of the comment

  • author object
  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • id string

    ID of the author

  • name string

    Human-readable display name of the identity making the comment

  • created date-time

    Date and time comment was created

  • previousReviewersComments object[]

    The history of the previous reviewers comments.

  • comment string

    Content of the comment

  • author object
  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • id string

    ID of the author

  • name string

    Human-readable display name of the identity making the comment

  • created date-time

    Date and time comment was created

  • forwardHistory object[]

    The history of approval forward action.

  • oldApproverName string

    Display name of approver that forwarded the approval.

  • newApproverName string

    Display name of approver to whom the approval was forwarded.

  • comment string

    Comment made by old approver when forwarding.

  • modified date-time

    Time at which approval was forwarded.

  • commentRequiredWhenRejected boolean

    When true the rejector has to provide comments when rejecting

  • actionInProcess string

    Possible values: [APPROVED, REJECTED, FORWARDED]

    Action that is performed on this approval, and system has not finished performing that action yet.

  • removeDate date-time

    The date the role or access profile is no longer assigned to the specified identity.

  • removeDateUpdateRequested boolean

    If true, then the request is to change the remove date or sunset date.

  • currentRemoveDate date-time

    The remove date or sunset date that was assigned at the time of the request.

  • sodViolationContext object

    The details of the SOD violations for the associated approval.

  • state string

    Possible values: [SUCCESS, ERROR]

    The status of SOD violation check

  • uuid string

    The id of the Violation check event

  • violationCheckResult object

    The inner object representing the completed SOD Violation check

  • message object

    If the request failed, includes any error message that was generated.

  • locale string

    The locale for the message text, a BCP 47 language tag.

  • localeOrigin string

    Possible values: [DEFAULT, REQUEST]

    An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  • text string

    Actual text of the error message in the indicated locale.

  • clientMetadata object

    Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.

  • property name* string
  • violationContexts object[]
  • policy object

    Reference to the Policy that is being violated.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • conflictingAccessCriteria object

    The object which contains the left and right hand side of the entitlements that got violated according to the policy.

  • leftCriteria object
  • criteriaList object[]
  • existing boolean

    If the entitlement already belonged to the user or not.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • id string

    Entitlement ID

  • name string

    Entitlement name

  • rightCriteria object
  • criteriaList object[]
  • existing boolean

    If the entitlement already belonged to the user or not.

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  • id string

    Entitlement ID

  • name string

    Entitlement name

  • violatedPolicies object[]

    A list of the Policies that were violated

  • id string

    the application ID

  • name string

    the application name

Loading...