List Triggers
Gets a list of triggers that are available in the tenant.
Query Parameters
- limit int32
Possible values:
<= 250
Default value:
250
Max number of results to return. See V3 API Standard Collection Parameters for more information.
Example: 250 - offset int32
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
- count boolean
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.
See V3 API Standard Collection Parameters for more information.
Example: true - filters string
Filter results using the standard syntax described in V3 API Standard Collection Parameters
Filtering is supported for the following fields and operators:
id: eq
Example: id eq "idn:access-request-post-approval" - sorters comma-separated
Sort results using the standard syntax described in V3 API Standard Collection Parameters
Sorting is supported for the following fields:
id name
Example: name
- 200
- 400
- 401
- 403
- 429
- 500
List of triggers.
- application/json
- Schema
- Example (from schema)
Schema array
- id string
Unique identifier of the trigger.
- name string
Trigger Name.
- type string
Possible values: [
REQUEST_RESPONSE
,FIRE_AND_FORGET
]The type of trigger.
- description string
Trigger Description.
- inputSchema string
The JSON schema of the payload that will be sent by the trigger to the subscribed service.
exampleInput object
An example of the JSON payload that will be sent by the trigger to the subscribed service.
oneOf- Access Request Dynamic Approver
- Access Request Post Approval
- Access Request Pre Approval
- Account Aggregation Completed
- Account Attributes Changed
- Account Correlated
- Accounts Collected for Aggregation
- Account Uncorrelated
- Campaign Activated
- Campaign Ended
- Campaign Generated
- Certification Signed Off
- Identity Attributes Changed
- Identity Created
- Identity Deleted
- Provisioning Completed
- Saved Search Complete
- MOD18
- MOD19
- MOD20
- Source Created
- Source Deleted
- Source Updated
- VA Cluster Status Change Event
accessRequestId stringThe unique ID of the access request object. Can be used with the access request status endpoint to get the status of the request.
requestedFor object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
requestedItems object[]
The access items that are being requested.
id stringThe unique ID of the access item.
name stringHuman friendly name of the access item.
description stringExtended description of the access item.
typePossible values: [
ACCESS_PROFILE
,ROLE
,ENTITLEMENT
]The type of access item being requested.
operationPossible values: [
Add
,Remove
]Grant or revoke the access item
comment stringA comment from the requestor on why the access is needed.
requestedBy object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
accessRequestId stringThe unique ID of the access request.
requestedFor object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
requestedItemsStatus object[]
Details on the outcome of each access item.
id stringThe unique ID of the access item being requested.
name stringThe human friendly name of the access item.
description stringDetailed description of the access item.
typePossible values: [
ACCESS_PROFILE
,ROLE
,ENTITLEMENT
]The type of access item.
operationPossible values: [
Add
,Remove
]The action to perform on the access item.
comment stringA comment from the identity requesting the access.
clientMetadata object
Additional customer defined metadata about the access item.
approvalInfo object[]
A list of one or more approvers for the access request.
approvalComment stringA comment left by the approver.
approvalDecisionPossible values: [
APPROVED
,DENIED
]The final decision of the approver.
approverName stringThe name of the approver
approver object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
requestedBy object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
accessRequestId stringThe unique ID of the access request.
requestedFor object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
requestedItems object[]
Details of the access items being requested.
id stringThe unique ID of the access item being requested.
name stringThe human friendly name of the access item.
description stringDetailed description of the access item.
typePossible values: [
ACCESS_PROFILE
,ROLE
,ENTITLEMENT
]The type of access item.
operationPossible values: [
Add
,Remove
]The action to perform on the access item.
comment stringA comment from the identity requesting the access.
requestedBy object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
source object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
statusPossible values: [
Success
,Failed
,Terminated
]The overall status of the aggregation.
started date-timeThe date and time when the account aggregation started.
completed date-timeThe date and time when the account aggregation finished.
errors string[]A list of errors that occurred during the aggregation.
warnings string[]A list of warnings that occurred during the aggregation.
stats object
Overall statistics about the account aggregation.
scanned int32Possible values:
<= 2147483647
The number of accounts which were scanned / iterated over.
unchanged int32Possible values:
<= 2147483647
The number of accounts which existed before, but had no changes.
changed int32Possible values:
<= 2147483647
The number of accounts which existed before, but had changes.
added int32Possible values:
<= 2147483647
The number of accounts which are new - have not existed before.
removed int32Possible values:
<= 2147483647
The number accounts which existed before, but no longer exist (thus getting removed).
identity object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
source object
The source that contains the account.
id stringID of the object to which this reference applies
type stringPossible values: [
SOURCE
]The type of object that is referenced
name stringHuman-readable display name of the object to which this reference applies
account object
Details of the account where the attributes changed.
id stringSailPoint generated unique identifier.
uuid stringThe source's unique identifier for the account. UUID is generated by the source system.
name stringName of the account.
nativeIdentity stringUnique ID of the account on the source.
typePossible values: [
ACCOUNT
]The type of the account
changes object[]
A list of attributes that changed.
attribute stringThe name of the attribute.
oldValue object
The previous value of the attribute.
oneOf- MOD1
- MOD2
- MOD3
stringbooleanstringnewValue object
The new value of the attribute.
oneOf- MOD1
- MOD2
- MOD3
stringbooleanstringidentity object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
source object
The source from which the account came from.
id stringID of the object to which this reference applies
type stringPossible values: [
SOURCE
]The type of object that is referenced
name stringHuman-readable display name of the object to which this reference applies
account object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
attributes object
The attributes associated with the account. Attributes are unique per source.
entitlementCount int32The number of entitlements associated with this account.
source object
Reference to the source that has been aggregated.
id stringID of the object to which this reference applies
type stringPossible values: [
SOURCE
]The type of object that is referenced
name stringHuman-readable display name of the object to which this reference applies
statusPossible values: [
Success
,Failed
,Terminated
]The overall status of the collection.
started date-timeThe date and time when the account collection started.
completed date-timeThe date and time when the account collection finished.
errors string[]A list of errors that occurred during the collection.
warnings string[]A list of warnings that occurred during the collection.
stats object
Overall statistics about the account collection.
scanned int32Possible values:
<= 2147483647
The number of accounts which were scanned / iterated over.
unchanged int32Possible values:
<= 2147483647
The number of accounts which existed before, but had no changes.
changed int32Possible values:
<= 2147483647
The number of accounts which existed before, but had changes.
added int32Possible values:
<= 2147483647
The number of accounts which are new - have not existed before.
removed int32Possible values:
<= 2147483647
The number accounts which existed before, but no longer exist (thus getting removed).
identity object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
source object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
account object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
entitlementCount int32The number of entitlements associated with this account.
campaign object
Details about the certification campaign that was activated.
id stringUnique ID for the campaign.
name stringThe human friendly name of the campaign.
description stringExtended description of the campaign.
created date-timeThe date and time the campaign was created.
modified date-timeThe date and time the campaign was last modified.
deadline date-timeThe date and time the campaign is due.
typePossible values: [
MANAGER
,SOURCE_OWNER
,SEARCH
,ROLE_COMPOSITION
]The type of campaign.
campaignOwner object
Details of the identity that owns the campaign.
id stringThe unique ID of the identity.
displayName stringThe human friendly name of the identity.
email stringThe primary email address of the identity.
statusPossible values: [
ACTIVE
]The current status of the campaign.
campaign object
Details about the certification campaign that ended.
id stringUnique ID for the campaign.
name stringThe human friendly name of the campaign.
description stringExtended description of the campaign.
created date-timeThe date and time the campaign was created.
modified date-timeThe date and time the campaign was last modified.
deadline date-timeThe date and time the campaign is due.
typePossible values: [
MANAGER
,SOURCE_OWNER
,SEARCH
,ROLE_COMPOSITION
]The type of campaign.
campaignOwner object
Details of the identity that owns the campaign.
id stringThe unique ID of the identity.
displayName stringThe human friendly name of the identity.
email stringThe primary email address of the identity.
statusPossible values: [
COMPLETED
]The current status of the campaign.
campaign object
Details about the campaign that was generated.
id stringThe unique ID of the campaign.
name stringHuman friendly name of the campaign.
description stringExtended description of the campaign.
created date-timeThe date and time the campaign was created.
modified stringThe date and time the campaign was last modified.
deadline stringThe date and time when the campaign must be finished by.
typePossible values: [
MANAGER
,SOURCE_OWNER
,SEARCH
,ROLE_COMPOSITION
]The type of campaign that was generated.
campaignOwner object
The identity that owns the campaign.
id stringThe unique ID of the identity.
displayName stringThe display name of the identity.
email stringThe primary email address of the identity.
statusPossible values: [
STAGED
,ACTIVATING
,ACTIVE
]The current status of the campaign.
certification object
campaignRef object
id stringThe unique ID of the campaign.
name stringThe name of the campaign.
type stringPossible values: [
CAMPAIGN
]The type of object that is being referenced.
campaignType stringPossible values: [
MANAGER
,SOURCE_OWNER
,SEARCH
]The type of the campaign.
description stringThe description of the campaign set by the admin who created it.
phase stringPossible values: [
STAGED
,ACTIVE
,SIGNED
]The current phase of the campaign.
STAGED
: The campaign is waiting to be activated.ACTIVE
: The campaign is active.SIGNED
: The reviewer has signed off on the campaign, and it is considered complete.
due date-timeThe due date of the certification.
signed date-timeThe date the reviewer signed off on the certification.
reviewer object
A reference to the reviewer of the campaign.
type stringPossible values: [
GOVERNANCE_GROUP
,IDENTITY
]The type of object that the reviewer is.
email stringThe email of the reviewing identity. Only applicable to
IDENTITY
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
reassignment object
A reference to a reviewer that this campaign has been reassigned to.
from object
The previous certification
type stringPossible values: [
CERTIFICATION
]The type of object that the reviewer is.
correlatedStatusPossible values: [
CORRELATED
,UNCORRELATED
]The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
reviewer object
Certification reviewer
type stringPossible values: [
GOVERNANCE_GROUP
,IDENTITY
]The type of object that the reviewer is.
email stringThe email of the reviewing identity. Only applicable to
IDENTITY
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
comment stringComments from the previous reviewer.
hasErrors booleanIndicates it the certification has any errors.
errorMessage stringA message indicating what the error is.
completed booleanIndicates if all certification decisions have been made.
decisionsMade int32The number of approve/revoke/acknowledge decisions that have been made by the reviewer.
decisionsTotal int32The total number of approve/revoke/acknowledge decisions for the certification.
entitiesCompleted int32The number of entities (identities, access profiles, roles, etc.) for which all decisions have been made and are complete.
entitiesTotal int32The total number of entities (identities, access profiles, roles, etc.) in the certification, both complete and incomplete.
identity object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
changes object[]
A list of one or more identity attributes that changed on the identity.
attribute stringThe name of the identity attribute that changed.
oldValue object
The value of the identity attribute before it changed.
oneOf- MOD1
- MOD2
- MOD3
stringbooleanstringnewValue object
The value of the identity attribute after it changed.
oneOf- MOD1
- MOD2
- MOD3
stringbooleanstringidentity object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
attributes object
The attributes assigned to the identity. Attributes are determined by the identity profile.
identity object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
attributes object
The attributes assigned to the identity. Attributes are determined by the identity profile.
trackingNumber stringThe reference number of the provisioning request. Useful for tracking status in the Account Activity search interface.
sources stringOne or more sources that the provisioning transaction(s) were done against. Sources are comma separated.
action stringOrigin of where the provisioning request came from.
errors string[]A list of any accumulated error messages that occurred during provisioning.
warnings string[]A list of any accumulated warning messages that occurred during provisioning.
recipient object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
requester object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
accountRequests object[]
A list of provisioning instructions to perform on an account-by-account basis.
source object
Reference to the source being provisioned against.
id stringID of the object to which this reference applies
type stringPossible values: [
SOURCE
]The type of object that is referenced
name stringHuman-readable display name of the object to which this reference applies
accountId stringThe unique idenfier of the account being provisioned.
accountOperation stringThe provisioning operation; typically Create, Modify, Enable, Disable, Unlock, or Delete.
provisioningResultPossible values: [
SUCCESS
,PENDING
,FAILED
]The overall result of the provisioning transaction; this could be success, pending, failed, etc.
provisioningTarget stringThe name of the provisioning channel selected; this could be the same as the source, or could be a Service Desk Integration Module (SDIM).
ticketId stringA reference to a tracking number, if this is sent to a Service Desk Integration Module (SDIM).
attributeRequests object[]
A list of attributes as part of the provisioning transaction.
attributeName stringThe name of the attribute being provisioned.
attributeValue stringThe value of the attribute being provisioned.
operationPossible values: [
Add
,Set
,Remove
]The operation to handle the attribute.
fileName stringA name for the report file.
ownerEmail stringThe email address of the identity that owns the saved search.
ownerName stringThe name of the identity that owns the saved search.
query stringThe search query that was used to generate the report.
searchName stringThe name of the saved search.
searchResults object
A preview of the search results for each object type. This includes a count as well as headers, and the first several rows of data, per object type.
Account object
A table of accounts that match the search criteria.
count stringThe number of rows in the table.
noun stringThe type of object represented in the table.
preview array[]A sample of the data in the table.
Entitlement object
A table of entitlements that match the search criteria.
count stringThe number of rows in the table.
noun stringThe type of object represented in the table.
preview array[]A sample of the data in the table.
Identity object
A table of identities that match the search criteria.
count stringThe number of rows in the table.
noun stringThe type of object represented in the table.
preview array[]A sample of the data in the table.
signedS3Url stringThe Amazon S3 URL to download the report from.
uuid stringSource unique identifier for the identity. UUID is generated by the source system.
id stringSailPoint generated unique identifier.
nativeIdentifier stringUnique ID of the account on the source.
sourceId stringThe ID of the source.
sourceName stringThe name of the source.
identityId stringThe ID of the identity that is corellated with this account.
identityName stringThe name of the identity that is corellated with this account.
attributes object
The attributes of the account. The contents of attributes depends on the account schema for the source.
uuid stringSource unique identifier for the identity. UUID is generated by the source system.
id stringSailPoint generated unique identifier.
nativeIdentifier stringUnique ID of the account on the source.
sourceId stringThe ID of the source.
sourceName stringThe name of the source.
identityId stringThe ID of the identity that is corellated with this account.
identityName stringThe name of the identity that is corellated with this account.
attributes object
The attributes of the account. The contents of attributes depends on the account schema for the source.
uuid stringSource unique identifier for the identity. UUID is generated by the source system.
id stringSailPoint generated unique identifier.
nativeIdentifier stringUnique ID of the account on the source.
sourceId stringThe ID of the source.
sourceName stringThe name of the source.
identityId stringThe ID of the identity that is corellated with this account.
identityName stringThe name of the identity that is corellated with this account.
attributes object
The attributes of the account. The contents of attributes depends on the account schema for the source.
id stringThe unique ID of the source.
name stringHuman friendly name of the source.
type stringThe connection type.
created date-timeThe date and time the source was created.
connector stringThe connector type used to connect to the source.
actor object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
id stringThe unique ID of the source.
name stringHuman friendly name of the source.
type stringThe connection type.
deleted date-timeThe date and time the source was deleted.
connector stringThe connector type used to connect to the source.
actor object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
id stringThe unique ID of the source.
name stringThe user friendly name of the source.
type stringThe connection type of the source.
modified date-timeThe date and time the source was modified.
connector stringThe connector type used to connect to the source.
actor object
type stringPossible values: [
ACCOUNT_CORRELATION_CONFIG
,ACCESS_PROFILE
,ACCESS_REQUEST_APPROVAL
,ACCOUNT
,APPLICATION
,CAMPAIGN
,CAMPAIGN_FILTER
,CERTIFICATION
,CLUSTER
,CONNECTOR_SCHEMA
,ENTITLEMENT
,GOVERNANCE_GROUP
,IDENTITY
,IDENTITY_PROFILE
,IDENTITY_REQUEST
,LIFECYCLE_STATE
,PASSWORD_POLICY
,ROLE
,RULE
,SOD_POLICY
,SOURCE
,TAG_CATEGORY
,TASK_RESULT
,REPORT_RESULT
,SOD_VIOLATION
,ACCOUNT_ACTIVITY
]DTO type
id stringID of the object to which this reference applies
name stringHuman-readable display name of the object to which this reference applies
created date-timeThe date and time the status change occurred.
typePossible values: [
SOURCE
,CLUSTER
]The type of the object that initiated this event.
application object
Details about the
CLUSTER
orSOURCE
that initiated this event.id stringThe GUID of the application
name stringThe name of the application
attributes object
Custom map of attributes for a source. This will only be populated if type is
SOURCE
and the source has a proxy.healthCheckResult object
The results of the most recent health check.
message stringDetailed message of the result of the health check.
resultType stringThe type of the health check result.
statusPossible values: [
Succeeded
,Failed
]The status of the health check.
previousHealthCheckResult object
The results of the last health check.
message stringDetailed message of the result of the health check.
resultType stringThe type of the health check result.
statusPossible values: [
Succeeded
,Failed
]The status of the health check.
- outputSchema string
The JSON schema of the response that will be sent by the subscribed service to the trigger in response to an event. This only applies to a trigger type of
REQUEST_RESPONSE
. exampleOutput object
An example of the JSON payload that will be sent by the subscribed service to the trigger in response to an event.
oneOf- Access Request Dynamic Approver
- Access Request Pre Approval
id stringThe unique ID of the identity to add to the approver list for the access request.
name stringThe name of the identity to add to the approver list for the access request.
typePossible values: [
IDENTITY
,GOVERNANCE_GROUP
]The type of object being referenced.
approved booleanWhether or not to approve the access request.
comment stringA comment about the decision to approve or deny the request.
approver stringThe name of the entity that approved or denied the request.
[
{
"id": "idn:access-request-dynamic-approver",
"name": "Access Request Dynamic Approver",
"type": "REQUEST_RESPONSE",
"description": "Trigger for getting a dynamic approver.",
"inputSchema": "{\"definitions\":{\"record:AccessRequestDynamicApproverInput\":{\"type\":\"object\",\"required\":[\"accessRequestId\",\"requestedFor\",\"requestedItems\",\"requestedBy\"],\"additionalProperties\":true,\"properties\":{\"accessRequestId\":{\"type\":\"string\"},\"requestedFor\":{\"$ref\":\"#/definitions/record:requestedForIdentityRef\"},\"requestedItems\":{\"type\":\"array\",\"items\":{\"$ref\":\"#/definitions/record:requestedObjectRef\"}},\"requestedBy\":{\"$ref\":\"#/definitions/record:requestedByIdentityRef\"}}},\"record:requestedForIdentityRef\":{\"type\":\"object\",\"required\":[\"id\",\"name\",\"type\"],\"additionalProperties\":true,\"properties\":{\"id\":{\"type\":\"string\"},\"name\":{\"type\":\"string\"},\"type\":{\"type\":\"string\"}}},\"record:requestedObjectRef\":{\"type\":\"object\",\"optional\":[\"description\",\"comment\"],\"required\":[\"id\",\"name\",\"type\",\"operation\"],\"additionalProperties\":true,\"properties\":{\"id\":{\"type\":\"string\"},\"name\":{\"type\":\"string\"},\"description\":{\"oneOf\":[{\"type\":\"null\"},{\"type\":\"string\"}]},\"type\":{\"type\":\"string\"},\"operation\":{\"type\":\"string\"},\"comment\":{\"oneOf\":[{\"type\":\"null\"},{\"type\":\"string\"}]}}},\"record:requestedByIdentityRef\":{\"type\":\"object\",\"required\":[\"type\",\"id\",\"name\"],\"additionalProperties\":true,\"properties\":{\"type\":{\"type\":\"string\"},\"id\":{\"type\":\"string\"},\"name\":{\"type\":\"string\"}}}},\"$ref\":\"#/definitions/record:AccessRequestDynamicApproverInput\"}",
"exampleInput": {
"accessRequestId": "4b4d982dddff4267ab12f0f1e72b5a6d",
"requestedFor": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "William Wilson"
},
"requestedItems": [
{
"id": "2c91808b6ef1d43e016efba0ce470904",
"name": "Engineering Access",
"description": "Engineering Access",
"type": "ACCESS_PROFILE",
"operation": "Add",
"comment": "William needs this access for his day to day job activities."
}
],
"requestedBy": {
"type": "IDENTITY",
"id": "2c91808568c529c60168cca6f90c1313",
"name": "William Wilson"
}
},
"outputSchema": "{\"definitions\":{\"record:AccessRequestDynamicApproverOutput\":{\"type\":[\"null\",\"object\"],\"required\":[\"id\",\"name\",\"type\"],\"additionalProperties\":true,\"properties\":{\"id\":{\"type\":\"string\"},\"name\":{\"type\":\"string\"},\"type\":{\"type\":\"string\"}}}},\"$ref\":\"#/definitions/record:AccessRequestDynamicApproverOutput\"}",
"exampleOutput": {
"id": "2c91808b6ef1d43e016efba0ce470906",
"name": "Adam Adams",
"type": "IDENTITY"
}
}
]
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
- detailCode string
Fine-grained error code providing more detail of the error.
- trackingId string
Unique tracking id for the error.
messages object[]
Generic localized reason for error
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT
,REQUEST
]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT
,REQUEST
]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
- error
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
- detailCode string
Fine-grained error code providing more detail of the error.
- trackingId string
Unique tracking id for the error.
messages object[]
Generic localized reason for error
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT
,REQUEST
]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT
,REQUEST
]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (from schema)
Schema
- message
A message describing the error
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
- detailCode string
Fine-grained error code providing more detail of the error.
- trackingId string
Unique tracking id for the error.
messages object[]
Generic localized reason for error
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT
,REQUEST
]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
locale stringThe locale for the message text, a BCP 47 language tag.
localeOrigin stringPossible values: [
DEFAULT
,REQUEST
]An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
text stringActual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}