Skip to main content

Access Request Status

The Access Request Status API returns a list of access request statuses based on the specified query parameters. Any token with any authority can request their own status. A token with ORG_ADMIN authority is required to call this API to get a list of statuses for other users.

Query Parameters
    requested-for string

    Filter the results by the identity for which the requests were made. me indicates the current user. Mutually exclusive with regarding-identity.

    Example: 2c9180877b2b6ea4017b2c545f971429
    requested-by string

    Filter the results by the identity that made the requests. me indicates the current user. Mutually exclusive with regarding-identity.

    Example: 2c9180877b2b6ea4017b2c545f971429
    regarding-identity string

    Filter the results by the specified identity which is either the requester or target of the requests. me indicates the current user. Mutually exclusive with requested-for and requested-by.

    Example: 2c9180877b2b6ea4017b2c545f971429
    count boolean

    If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

    Example: false
    limit int32

    Possible values: <= 250

    Default value: 250

    Max number of results to return.

    Example: 100
    offset int32

    Offset into the full result set. Usually specified with limit to paginate through the results. Defaults to 0 if not specified.

    Example: 10
    filters string

    Filter results using the standard syntax described in V3 API Standard Collection Parameters

    Filtering is supported for the following fields and operators:

    accountActivityItemId: eq, in

    Example: accountActivityItemId eq "2c918086771c86df0177401efcdf54c0"
    sorters comma-separated

    Sort results using the standard syntax described in V3 API Standard Collection Parameters

    Sorting is supported for the following fields: created, modified, accountActivityItemId

    Example: created
Responses

List of requested item status.


Schema
  • Array [
  • name string

    Human-readable display name of the item being requested.

    type string

    Possible values: [ACCESS_PROFILE, ROLE, ENTITLEMENT]

    Type of requested object.

    cancelledRequestDetails object nullable

    Provides additional details for a request that has been cancelled.

    comment string

    Comment made by the owner when cancelling the associated request.

    owner object
    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    modified date-time

    Date comment was added by the owner when cancelling the associated request

    errorMessages array[] nullable

    List of list of localized error messages, if any, encountered during the approval/provisioning process.

    state RequestedItemStatusRequestState

    Possible values: [EXECUTING, REQUEST_COMPLETED, CANCELLED, TERMINATED, PROVISIONING_VERIFICATION_PENDING, REJECTED, PROVISIONING_FAILED, NOT_ALL_ITEMS_PROVISIONED, ERROR]

    Indicates the state of an access request:

    • EXECUTING: The request is executing, which indicates the system is doing some processing.
    • REQUEST_COMPLETED: Indicates the request has been completed.
    • CANCELLED: The request was cancelled with no user input.
    • TERMINATED: The request has been terminated before it was able to complete.
    • PROVISIONING_VERIFICATION_PENDING: The request has finished any approval steps and provisioning is waiting to be verified.
    • REJECTED: The request was rejected.
    • PROVISIONING_FAILED: The request has failed to complete.
    • NOT_ALL_ITEMS_PROVISIONED: One or more of the requested items failed to complete, but there were one or more successes.
    • ERROR: An error occurred during request processing.
    approvalDetails object[]

    Approval details for each item.

  • Array [
  • forwarded boolean

    True if the request for this item was forwarded from one owner to another.

    originalOwner object

    Base identity/workgroup reference object representing the original owner, if forwarded.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    currentOwner object

    Base reference of approver that will make decision.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    reviewedBy object

    The identity who has reviewed the approval.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    modified date-time

    Time at which item was modified.

    status ManualWorkItemState

    Possible values: [PENDING, APPROVED, REJECTED, EXPIRED, CANCELLED, ARCHIVED]

    Indicates the state of the request processing for this item:

    • PENDING: The request for this item is awaiting processing.
    • APPROVED: The request for this item has been approved.
    • REJECTED: The request for this item was rejected.
    • EXPIRED: The request for this item expired with no action taken.
    • CANCELLED: The request for this item was cancelled with no user action.
    • ARCHIVED: The request for this item has been archived after completion.
    scheme ApprovalScheme

    Possible values: [APP_OWNER, SOURCE_OWNER, MANAGER, ROLE_OWNER, ACCESS_PROFILE_OWNER, ENTITLEMENT_OWNER, GOVERNANCE_GROUP]

    Describes the individual or group that is responsible for an approval step.

    errorMessages object[]

    If the request failed, includes any error messages that were generated.

  • Array [
  • locale string

    The locale for the message text, a BCP 47 language tag.

    localeOrigin LocaleOrigin

    Possible values: [DEFAULT, REQUEST]

    An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

    text string

    Actual text of the error message in the indicated locale.

  • ]
  • comment string

    Comment, if any, provided by the approver.

    removeDate date-time

    The date the role or access profile is no longer assigned to the specified identity.

  • ]
  • manualWorkItemDetails object[] nullable

    Manual work items created for provisioning the item.

  • Array [
  • forwarded boolean

    True if the request for this item was forwarded from one owner to another.

    originalOwner object

    Base identity/workgroup reference object representing the original owner, if forwarded.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    currentOwner object

    Base reference of approver that will make decision.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    modified date-time

    Time at which item was modified.

    status ManualWorkItemState

    Possible values: [PENDING, APPROVED, REJECTED, EXPIRED, CANCELLED, ARCHIVED]

    Indicates the state of the request processing for this item:

    • PENDING: The request for this item is awaiting processing.
    • APPROVED: The request for this item has been approved.
    • REJECTED: The request for this item was rejected.
    • EXPIRED: The request for this item expired with no action taken.
    • CANCELLED: The request for this item was cancelled with no user action.
    • ARCHIVED: The request for this item has been archived after completion.
    forwardHistory object[]

    The history of approval forward action.

  • Array [
  • oldApproverName string

    Display name of approver from whom the approval was forwarded.

    newApproverName string

    Display name of approver to whom the approval was forwarded.

    comment string nullable

    Comment made while forwarding.

    modified date-time

    Time at which approval was forwarded.

    forwarderName string nullable

    Display name of forwarder who forwarded the approval.

    reassignmentType ReassignmentType

    Possible values: [MANUAL_REASSIGNMENT, AUTOMATIC_REASSIGNMENT, AUTO_ESCALATION, SELF_REVIEW_DELEGATION]

    The approval reassignment type.

    • MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
    • AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
    • AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to Setting Global Reminders and Escalation Policies.
    • SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to Self-review Prevention and Preventing Self-approval.
  • ]
  • ]
  • accountActivityItemId string

    Id of associated account activity item.

    requestType AccessRequestType

    Possible values: [GRANT_ACCESS, REVOKE_ACCESS]

    Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.

    modified date-time

    When the request was last modified.

    created date-time

    When the request was created.

    requester object

    The identity that requested the item.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    requestedFor object

    The identity for whom the Access Request Status is requested for.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    requesterComment object nullable

    The requester's comment.

    comment string

    Content of the comment

    author object
    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

    id string

    ID of the author

    name string

    Human-readable display name of the identity making the comment

    created date-time

    Date and time comment was created

    sodViolationContext object nullable

    The details of the SOD violations for the associated approval.

    state string

    Possible values: [SUCCESS, ERROR]

    The status of SOD violation check

    uuid string

    The id of the Violation check event

    violationCheckResult object

    The inner object representing the completed SOD Violation check

    message object

    If the request failed, includes any error message that was generated.

    locale string

    The locale for the message text, a BCP 47 language tag.

    localeOrigin LocaleOrigin

    Possible values: [DEFAULT, REQUEST]

    An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

    text string

    Actual text of the error message in the indicated locale.

    clientMetadata object

    Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.

    property name* string
    violationContexts object[]
  • Array [
  • policy object

    Reference to the Policy that is being violated.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    conflictingAccessCriteria object

    The object which contains the left and right hand side of the entitlements that got violated according to the policy.

    leftCriteria object
    criteriaList object[]
  • Array [
  • existing boolean

    If the entitlement already belonged to the user or not.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

    id string

    Entitlement ID

    name string

    Entitlement name

  • ]
  • rightCriteria object
    criteriaList object[]
  • Array [
  • existing boolean

    If the entitlement already belonged to the user or not.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

    id string

    Entitlement ID

    name string

    Entitlement name

  • ]
  • ]
  • violatedPolicies object[]

    A list of the Policies that were violated

  • Array [
  • type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

  • ]
  • provisioningDetails object nullable

    Provides additional details about provisioning for this request.

    orderedSubPhaseReferences string

    Ordered CSV of sub phase references to objects that contain more information about provisioning. For example, this can contain "manualWorkItemDetails" which indicate that there is further information in that object for this phase.

    preApprovalTriggerDetails object nullable

    Provides additional details about the pre-approval trigger for this request.

    comment string

    Comment left for the pre-approval decision

    reviewer string

    The reviewer of the pre-approval decision

    decision string

    Possible values: [APPROVED, REJECTED]

    The decision of the pre-approval trigger

    accessRequestPhases object[]

    A list of Phases that the Access Request has gone through in order, to help determine the status of the request.

  • Array [
  • started date-time

    The time that this phase started.

    finished date-time

    The time that this phase finished.

    name string

    The name of this phase.

    state string

    Possible values: [PENDING, EXECUTING, COMPLETED, CANCELLED]

    The state of this phase.

    result string

    Possible values: [SUCCESSFUL, FAILED]

    The state of this phase.

    phaseReference string

    A reference to another object on the RequestedItemStatus that contains more details about the phase. Note that for the Provisioning phase, this will be empty if there are no manual work items.

  • ]
  • description string

    Description associated to the requested object.

    removeDate date-time nullable

    When the role access is scheduled for removal.

    cancelable boolean

    True if the request can be canceled.

    accessRequestId string

    This is the account activity id.

    clientMetadata object nullable

    Arbitrary key-value pairs, if any were included in the corresponding access request

    property name* string
  • ]
Loading...