Skip to main content

Pending Access Request Approvals List

This endpoint returns a list of pending approvals. See "owner-id" query parameter below for authorization info.

Query Parameters
    owner-id string

    If present, the value returns only pending approvals for the specified identity.

    • ORG_ADMIN users can call this with any identity ID value.
    • ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.
    • Non-ORG_ADMIN users can only specify me or pass their own identity ID value.
    Example: 2c91808568c529c60168cca6f90c1313
    limit int32

    Possible values: <= 250

    Default value: 250

    Max number of results to return. See V3 API Standard Collection Parameters for more information.

    Example: 250
    offset int32

    Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

    Example: 0
    count boolean

    If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

    Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

    See V3 API Standard Collection Parameters for more information.

    Example: true
    filters string

    Filter results using the standard syntax described in V3 API Standard Collection Parameters

    Filtering is supported for the following fields and operators:

    id: eq, in

    requestedFor.id: eq, in

    modified: gt, lt, ge, le

    Example: id eq "2c91808568c529c60168cca6f90c1313"
    sorters comma-separated

    Sort results using the standard syntax described in V3 API Standard Collection Parameters

    Sorting is supported for the following fields: created, modified

    Example: modified
Responses

List of Pending Approvals.


Schema
  • Array [
  • id string

    The approval id.

    name string

    The name of the approval.

    created date-time

    When the approval was created.

    modified date-time

    When the approval was modified last time.

    requestCreated date-time

    When the access-request was created.

    requestType AccessRequestType

    Possible values: [GRANT_ACCESS, REVOKE_ACCESS]

    Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.

    requester object

    The identity that requested the item.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    requestedFor object

    The identity for whom the item is requested for.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    owner object

    The owner or approver of the approval.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    requestedObject object

    The requested access item.

    id string

    Id of the object.

    name string

    Name of the object.

    description string

    Description of the object.

    type string

    Possible values: [ACCESS_PROFILE, ROLE, ENTITLEMENT]

    Type of the object.

    requesterComment object

    The requester's comment.

    comment string

    Content of the comment

    author object
    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

    id string

    ID of the author

    name string

    Human-readable display name of the identity making the comment

    created date-time

    Date and time comment was created

    previousReviewersComments object[]

    The history of the previous reviewers comments.

  • Array [
  • comment string

    Content of the comment

    author object
    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

    id string

    ID of the author

    name string

    Human-readable display name of the identity making the comment

    created date-time

    Date and time comment was created

  • ]
  • forwardHistory object[]

    The history of approval forward action.

  • Array [
  • oldApproverName string

    Display name of approver from whom the approval was forwarded.

    newApproverName string

    Display name of approver to whom the approval was forwarded.

    comment string nullable

    Comment made while forwarding.

    modified date-time

    Time at which approval was forwarded.

    forwarderName string nullable

    Display name of forwarder who forwarded the approval.

    reassignmentType ReassignmentType

    Possible values: [MANUAL_REASSIGNMENT, AUTOMATIC_REASSIGNMENT, AUTO_ESCALATION, SELF_REVIEW_DELEGATION]

    The approval reassignment type.

    • MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
    • AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
    • AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to Setting Global Reminders and Escalation Policies.
    • SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to Self-review Prevention and Preventing Self-approval.
  • ]
  • commentRequiredWhenRejected boolean

    When true the rejector has to provide comments when rejecting

    actionInProcess PendingApprovalAction

    Possible values: [APPROVED, REJECTED, FORWARDED]

    Action that is performed on this approval, and system has not finished performing that action yet.

    removeDate date-time

    The date the role or access profile is no longer assigned to the specified identity.

    removeDateUpdateRequested boolean

    If true, then the request is to change the remove date or sunset date.

    currentRemoveDate date-time

    The remove date or sunset date that was assigned at the time of the request.

    sodViolationContext object

    The details of the SOD violations for the associated approval.

    state string

    Possible values: [SUCCESS, ERROR]

    The status of SOD violation check

    uuid string

    The id of the Violation check event

    violationCheckResult object

    The inner object representing the completed SOD Violation check

    message object

    If the request failed, includes any error message that was generated.

    locale string

    The locale for the message text, a BCP 47 language tag.

    localeOrigin LocaleOrigin

    Possible values: [DEFAULT, REQUEST]

    An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

    text string

    Actual text of the error message in the indicated locale.

    clientMetadata object

    Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.

    property name* string
    violationContexts object[]
  • Array [
  • policy object

    Reference to the Policy that is being violated.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

    conflictingAccessCriteria object

    The object which contains the left and right hand side of the entitlements that got violated according to the policy.

    leftCriteria object
    criteriaList object[]
  • Array [
  • existing boolean

    If the entitlement already belonged to the user or not.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

    id string

    Entitlement ID

    name string

    Entitlement name

  • ]
  • rightCriteria object
    criteriaList object[]
  • Array [
  • existing boolean

    If the entitlement already belonged to the user or not.

    type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

    id string

    Entitlement ID

    name string

    Entitlement name

  • ]
  • ]
  • violatedPolicies object[]

    A list of the Policies that were violated

  • Array [
  • type DtoType

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    DTO type

    id string

    ID of the object to which this reference applies

    name string

    Human-readable display name of the object to which this reference applies

  • ]
  • ]
Loading...