Perform a Search Query Aggregation

Performs a search query aggregation and returns the aggregation result. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to Paginating Search Queries for more information about how to implement searchAfter paging.

Query Parameters

• offset int32

  Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

• limit int32

  Possible values: <= 250

  Default value: 250

  Max number of results to return. See V3 API Standard Collection Parameters for more information.

  Example: 250
• count boolean

  If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

  Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

  See V3 API Standard Collection Parameters for more information.

  Example: true

application/json

Request Body required

• indices string[]

  Possible values: [accessprofiles, accountactivities, entitlements, events, identities, roles, *]

  The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.

• queryType string

  Possible values: [DSL, SAILPOINT, TYPEAHEAD]

  Default value: SAILPOINT

  The type of query to use. By default, the SAILPOINT query type is used, which requires the query object to be defined in the request body. To use the queryDsl or typeAheadQuery objects in the request, you must set the type to DSL or TYPEAHEAD accordingly. Additional values may be added in the future without notice.

• queryVersion object

  Default value: 5.2

  The current Elasticserver version.

• query object

  Query parameters used to construct an Elasticsearch query object.

  query string

  The query using the Elasticsearch Query String Query syntax from the Query DSL extended by SailPoint to support Nested queries.

  fields string[]

  The fields to which the specified query will be applied. The available fields are dependent on the indice(s) being searched on. Please refer to the response schema of this API for a list of available fields.

  timeZone string

  The time zone to be applied to any range query related to dates.

  innerHit object

  The innerHit query object returns a flattened list of results for the specified nested type.

  query string required

  The search query using the Elasticsearch Query String Query syntax from the Query DSL extended by SailPoint to support Nested queries.

  type string required

  The nested type to use in the inner hits query. The nested type Nested Type refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.

• queryDsl object

  The search query using the Elasticsearch Query DSL syntax.

• typeAheadQuery object

  Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job."

  query string required

  The type ahead query string used to construct a phrase prefix match query.

  field string required

  The field on which to perform the type ahead search.

  nestedType string

  The nested type.

  maxExpansions int32

  Possible values: >= 1 and <= 1000

  Default value: 10

  The number of suffixes the last term will be expanded into. Influences the performance of the query and the number results returned. Valid values: 1 to 1000.

• includeNested boolean

  Default value: true

  Indicates whether nested objects from returned search results should be included.

• queryResultFilter object

  Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents.

  includes string[]

  The list of field names to include in the result documents.

  excludes string[]

  The list of field names to exclude from the result documents.

• aggregationType string

  Possible values: [DSL, SAILPOINT]

  Default value: DSL

  Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results.

  Additional values may be added in the future without notice.

• aggregationsVersion object

  Default value: 5.2

  The current Elasticserver version.

• aggregationsDsl object

  The aggregation search query using Elasticsearch Aggregations syntax.

• aggregations object

  nested object

  The nested aggregation object.

  name string required

  The name of the nested aggregate to be included in the result.

  type string required

  The type of the nested object.

  metric object

  The calculation done on the results of the query

  name string required

  The name of the metric aggregate to be included in the result. If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.

  type string

  Possible values: [COUNT, UNIQUE_COUNT, AVG, SUM, MEDIAN, MIN, MAX]

  Default value: UNIQUE_COUNT

  Enum representing the currently supported metric aggregation types. Additional values may be added in the future without notice.

  field string required

  The field the calculation is performed on.

  Prefix the field name with '@' to reference a nested object.

  filter object

  An additional filter to constrain the results of the search query.

  name string required

  The name of the filter aggregate to be included in the result.

  type string

  Possible values: [TERM]

  Default value: TERM

  Enum representing the currently supported filter aggregation types. Additional values may be added in the future without notice.

  field string required

  The search field to apply the filter to.

  Prefix the field name with '@' to reference a nested object.

  value string required

  The value to filter on.

  bucket object

  The bucket to group the results of the aggregation query by.

  name string required

  The name of the bucket aggregate to be included in the result.

  type string

  Possible values: [TERMS]

  Default value: TERMS

  Enum representing the currently supported bucket aggregation types. Additional values may be added in the future without notice.

  field string required

  The field to bucket on. Prefix the field name with '@' to reference a nested object.

  size int32

  Maximum number of buckets to include.

  minDocCount int32

  Minimum number of documents a bucket should have.

  subAggregation object

  Aggregation to be performed on the result of the parent bucket aggregation.

  nested object

  The nested aggregation object.

  name string required

  The name of the nested aggregate to be included in the result.

  type string required

  The type of the nested object.

  metric object

  The calculation done on the results of the query

  name string required

  The name of the metric aggregate to be included in the result. If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.

  type string

  Possible values: [COUNT, UNIQUE_COUNT, AVG, SUM, MEDIAN, MIN, MAX]

  Default value: UNIQUE_COUNT

  Enum representing the currently supported metric aggregation types. Additional values may be added in the future without notice.

  field string required

  The field the calculation is performed on.

  Prefix the field name with '@' to reference a nested object.

  filter object

  An additional filter to constrain the results of the search query.

  name string required

  The name of the filter aggregate to be included in the result.

  type string

  Possible values: [TERM]

  Default value: TERM

  Enum representing the currently supported filter aggregation types. Additional values may be added in the future without notice.

  field string required

  The search field to apply the filter to.

  Prefix the field name with '@' to reference a nested object.

  value string required

  The value to filter on.

  bucket object

  The bucket to group the results of the aggregation query by.

  name string required

  The name of the bucket aggregate to be included in the result.

  type string

  Possible values: [TERMS]

  Default value: TERMS

  Enum representing the currently supported bucket aggregation types. Additional values may be added in the future without notice.

  field string required

  The field to bucket on. Prefix the field name with '@' to reference a nested object.

  size int32

  Maximum number of buckets to include.

  minDocCount int32

  Minimum number of documents a bucket should have.

  subAggregation object

  Aggregation to be performed on the result of the parent bucket aggregation.

  nested object

  The nested aggregation object.

  name string required

  The name of the nested aggregate to be included in the result.

  type string required

  The type of the nested object.

  metric object

  The calculation done on the results of the query

  name string required

  The name of the metric aggregate to be included in the result. If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results.

  type string

  Possible values: [COUNT, UNIQUE_COUNT, AVG, SUM, MEDIAN, MIN, MAX]

  Default value: UNIQUE_COUNT

  Enum representing the currently supported metric aggregation types. Additional values may be added in the future without notice.

  field string required

  The field the calculation is performed on.

  Prefix the field name with '@' to reference a nested object.

  filter object

  An additional filter to constrain the results of the search query.

  name string required

  The name of the filter aggregate to be included in the result.

  type string

  Possible values: [TERM]

  Default value: TERM

  Enum representing the currently supported filter aggregation types. Additional values may be added in the future without notice.

  field string required

  The search field to apply the filter to.

  Prefix the field name with '@' to reference a nested object.

  value string required

  The value to filter on.

  bucket object

  The bucket to group the results of the aggregation query by.

  name string required

  The name of the bucket aggregate to be included in the result.

  type string

  Possible values: [TERMS]

  Default value: TERMS

  Enum representing the currently supported bucket aggregation types. Additional values may be added in the future without notice.

  field string required

  The field to bucket on. Prefix the field name with '@' to reference a nested object.

  size int32

  Maximum number of buckets to include.

  minDocCount int32

  Minimum number of documents a bucket should have.

• sort string[]

  The fields to be used to sort the search results. Use + or - to specify the sort direction.

• searchAfter string[]

  Used to begin the search window at the values specified. This parameter consists of the last values of the sorted fields in the current record set. This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value. It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging. For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"]. If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity. The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"]

• filters object

  The filters to be applied for each filtered field name.

  property name* object

Responses

• 200
• 400
• 401
• 403
• 429
• 500

---

Aggregation results.

Response Headers

• X-Total-Count integer
  Example: 5

  The total result count (returned only if the count parameter is specified as true).

application/json

• Schema
• Example (from schema)

---

Schema

• aggregations object

  The document containing the results of the aggregation. This document is controlled by Elasticsearch and depends on the type of aggregation query that is run.

  See Elasticsearch Aggregations documentation for information.

• hits object[]

  The results of the aggregation search query.

  oneOf

  • MOD1
  • MOD2
  • MOD3
  • MOD4
  • MOD5
  • MOD6
  • MOD7
  • MOD8

  ---

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  _type string

  Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]

  Enum representing the currently supported document types.

  Additional values may be added in the future without notice.

  description string

  The description of the access item

  created date-time

  A date-time in ISO-8601 format

  modified date-time

  A date-time in ISO-8601 format

  synced date-time

  A date-time in ISO-8601 format

  enabled boolean

  requestable boolean

  Indicates if the access can be requested

  requestCommentsRequired boolean

  Indicates if comments are required when requesting access

  owner object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  type string

  Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

  An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  email string

  The email of the identity

  source object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  entitlements object[]

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  description string

  A description of the entitlement

  attribute string

  The name of the entitlement attribute

  value string

  The value of the entitlement

  entitlementCount integer

  tags string[]

  id string

  name string

  _type string

  Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]

  Enum representing the currently supported document types.

  Additional values may be added in the future without notice.

  action string

  The type of action that this activity performed

  created date-time

  A date-time in ISO-8601 format

  modified date-time

  A date-time in ISO-8601 format

  stage string

  The current stage of the activity

  origin string

  status string

  the current status of the activity

  requester object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  type string

  the type of source returned

  recipient object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  type string

  the type of source returned

  trackingNumber string

  errors string[]

  warnings string[]

  approvals object[]

  comments object[]

  comment string

  The comment text

  commenter string

  The name of the commenter

  date date-time

  A date-time in ISO-8601 format

  created date-time

  A date-time in ISO-8601 format

  modified date-time

  A date-time in ISO-8601 format

  owner object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  type string

  the type of source returned

  result string

  The result of the approval

  type string

  originalRequests object[]

  accountId string

  the account id

  attributeRequests object[]

  name string

  The attribute name

  op string

  The operation to perform

  value string

  The value of the attribute

  op string

  the operation that was used

  source object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  type string

  the type of source returned

  expansionItems object[]

  accountId string

  The ID of the account

  cause string

  name string

  The name of the item

  attributeRequests object[]

  name string

  The attribute name

  op string

  The operation to perform

  value string

  The value of the attribute

  source object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  type string

  the type of source returned

  accountRequests object[]

  accountId string

  Unique ID of the account

  attributeRequests object[]

  name string

  The attribute name

  op string

  The operation to perform

  value string

  The value of the attribute

  op string

  The operation that was performed

  provisioningTarget object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  type string

  the type of source returned

  result object

  errors string[]

  status string

  The status of the account request

  ticketId string

  source object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  type string

  the type of source returned

  sources string

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  _type string

  Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]

  Enum representing the currently supported document types.

  Additional values may be added in the future without notice.

  accountId string

  The ID of the account

  source object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  type string

  the type of source returned

  disabled boolean

  Indicates if the account is disabled

  locked boolean

  Indicates if the account is locked

  privileged boolean

  manuallyCorrelated boolean

  Indicates if the account has been manually correlated to an identity

  passwordLastSet date-time

  A date-time in ISO-8601 format

  entitlementAttributes object

  a map or dictionary of key/value pairs

  created date-time

  A date-time in ISO-8601 format

  modified date-time

  A date-time in ISO-8601 format

  attributes object

  a map or dictionary of key/value pairs

  identity object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  displayName string

  access object[]

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  displayName string

  type string

  Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

  An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  description string

  source object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  privileged boolean

  attribute string

  value string

  standalone boolean

  entitlementCount int32

  The number of entitlements assigned to the account

  uncorrelated boolean

  Indicates if the account is not correlated to an identity

  tags string[]

  id string

  name string

  _type string

  Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]

  Enum representing the currently supported document types.

  Additional values may be added in the future without notice.

  status string

  duration int32

  avgDuration int32

  changedAccounts int32

  nextScheduled date-time

  A date-time in ISO-8601 format

  startTime date-time

  A date-time in ISO-8601 format

  sourceOwner string

  John Doe

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  _type string

  Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]

  Enum representing the currently supported document types.

  Additional values may be added in the future without notice.

  description string

  A description of the entitlement

  attribute string

  The name of the entitlement attribute

  value string

  The value of the entitlement

  modified date-time

  A date-time in ISO-8601 format

  synced date-time

  A date-time in ISO-8601 format

  displayName string

  The display name of the entitlement

  source object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  privileged boolean

  identityCount int32

  tags string[]

  id string

  name string

  _type string

  Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]

  Enum representing the currently supported document types.

  Additional values may be added in the future without notice.

  created date-time

  A date-time in ISO-8601 format

  synced date-time

  A date-time in ISO-8601 format

  action string

  The action that was performed

  type string

  The type of event

  actor object

  name string

  the actor or target name

  type string

  Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

  An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  target object

  name string

  the actor or target name

  type string

  Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

  An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  stack string

  trackingNumber string

  ipAddress string

  details string

  attributes object

  objects string[]

  operation string

  status string

  technicalName string

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  _type string

  Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]

  Enum representing the currently supported document types.

  Additional values may be added in the future without notice.

  displayName string

  The display name of the identity

  firstName string

  The first name of the identity

  lastName string

  The last name of the identity

  email string

  The identity's primary email address

  created date-time

  A date-time in ISO-8601 format

  modified date-time

  A date-time in ISO-8601 format

  synced date-time

  A date-time in ISO-8601 format

  phone string

  The phone number of the identity

  inactive boolean

  Indicates if the identity is inactive

  protected boolean

  status string

  The identity's status in SailPoint

  employeeNumber string

  manager object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  displayName string

  isManager boolean

  Indicates if this identity is a manager of other identities

  identityProfile object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  source object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  attributes object

  a map or dictionary of key/value pairs

  processingState string

  processingDetails object

  date date-time

  A date-time in ISO-8601 format

  stage string

  retryCount int32

  stackTrace string

  message string

  accounts object[]

  List of accounts associated with the identity

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  accountId string

  The ID of the account

  source object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  type string

  the type of source returned

  disabled boolean

  Indicates if the account is disabled

  locked boolean

  Indicates if the account is locked

  privileged boolean

  manuallyCorrelated boolean

  Indicates if the account has been manually correlated to an identity

  passwordLastSet date-time

  A date-time in ISO-8601 format

  entitlementAttributes object

  a map or dictionary of key/value pairs

  created date-time

  A date-time in ISO-8601 format

  accountCount int32

  Number of accounts associated with the identity

  apps object[]

  The list of applications the identity has access to

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  source object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  account object

  id string

  The SailPoint generated unique ID

  accountId string

  The account ID generated by the source

  appCount int32

  The number of applications the identity has access to

  access object[]

  The list of access items assigned to the identity

  oneOf

  • MOD1
  • MOD2
  • MOD3

  ---

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  displayName string

  type string

  Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

  An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  description string

  source object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  owner object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  displayName string

  revocable boolean

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  displayName string

  type string

  Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

  An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  description string

  source object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  privileged boolean

  attribute string

  value string

  standalone boolean

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  displayName string

  type string

  Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

  An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  description string

  owner object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  displayName string

  disabled boolean

  revocable boolean

  accessCount int32

  The number of access items assigned to the identity

  accessProfileCount integer

  The number of access profiles assigned to the identity

  entitlementCount integer

  The number of entitlements assigned to the identity

  roleCount integer

  The number of roles assigned to the identity

  owns object

  sources object[]

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  entitlements object[]

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  accessProfiles object[]

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  roles object[]

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  apps object[]

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  governanceGroups object[]

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  fallbackApprover boolean

  tags string[]

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  _type string

  Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]

  Enum representing the currently supported document types.

  Additional values may be added in the future without notice.

  description string

  The description of the access item

  created date-time

  A date-time in ISO-8601 format

  modified date-time

  A date-time in ISO-8601 format

  synced date-time

  A date-time in ISO-8601 format

  enabled boolean

  requestable boolean

  Indicates if the access can be requested

  requestCommentsRequired boolean

  Indicates if comments are required when requesting access

  owner object

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  type string

  Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

  An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

  email string

  The email of the identity

  accessProfiles object[]

  id string

  The unique ID of the referenced object.

  name string

  The human readable name of the referenced object.

  accessProfileCount integer

  tags string[]

{
  "aggregations": {
    "Identity Locations": {
      "buckets": [
        {
          "key": "Austin",
          "doc_count": 109
        },
        {
          "key": "London",
          "doc_count": 64
        },
        {
          "key": "San Jose",
          "doc_count": 27
        },
        {
          "key": "Brussels",
          "doc_count": 26
        },
        {
          "key": "Sao Paulo",
          "doc_count": 24
        },
        {
          "key": "Munich",
          "doc_count": 23
        },
        {
          "key": "Singapore",
          "doc_count": 22
        },
        {
          "key": "Tokyo",
          "doc_count": 20
        },
        {
          "key": "Taipei",
          "doc_count": 16
        }
      ]
    }
  },
  "hits": [
    {
      "id": true,
      "name": true,
      "_type": "identity",
      "description": "The admin role",
      "created": "2018-06-25T20:22:28.104Z",
      "modified": "2018-06-25T20:22:28.104Z",
      "synced": "2018-06-25T20:22:28.104Z",
      "enabled": true,
      "requestable": true,
      "requestCommentsRequired": false,
      "owner": {
        "id": "2c91808568c529c60168cca6f90c1313",
        "name": "John Doe",
        "type": "IDENTITY",
        "email": "[email protected]"
      },
      "source": {
        "id": "2c91808568c529c60168cca6f90c1313",
        "name": "John Doe"
      },
      "entitlements": [
        {
          "id": "2c91808568c529c60168cca6f90c1313",
          "name": "John Doe",
          "description": "The admin privilege",
          "attribute": "admin",
          "value": "true"
        }
      ],
      "entitlementCount": 5,
      "tags": [
        "TAG_1",
        "TAG_2"
      ]
    },
    {
      "id": "2c91808375d8e80a0175e1f88a575222",
      "name": "john.doe",
      "_type": "identity",
      "action": "Identity Refresh.",
      "created": "2018-06-25T20:22:28.104Z",
      "modified": "2018-06-25T20:22:28.104Z",
      "stage": "Completed",
      "origin": null,
      "status": "Complete",
      "requester": {
        "id": "2c91808568c529c60168cca6f90c1313",
        "name": "John Doe",
        "type": "Delimited File"
      },
      "recipient": {
        "id": "2c91808568c529c60168cca6f90c1313",
        "name": "John Doe",
        "type": "Delimited File"
      },
      "trackingNumber": "61aad0c9e8134eca89e76a35e0cabe3f",
      "errors": null,
      "warnings": null,
      "approvals": [
        {
          "comments": [
            {
              "comment": "This request was autoapproved by our automated ETS subscriber.",
              "commenter": "Automated AR Approval",
              "date": "2018-06-25T20:22:28.104Z"
            }
          ],
          "created": "2018-06-25T20:22:28.104Z",
          "modified": "2018-06-25T20:22:28.104Z",
          "owner": {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe",
            "type": "Delimited File"
          },
          "result": "Finished",
          "type": null
        }
      ],
      "originalRequests": [
        {
          "accountId": "CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com",
          "attributeRequests": [
            {
              "name": "groups",
              "op": "Add",
              "value": "3203537556531076"
            }
          ],
          "op": "add",
          "source": {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe",
            "type": "Delimited File"
          }
        }
      ],
      "expansionItems": [
        {
          "accountId": "2c91808981f58ea601821c3e93482e6f",
          "cause": "Role",
          "name": "smartsheet-role",
          "attributeRequests": [
            {
              "name": "groups",
              "op": "Add",
              "value": "3203537556531076"
            }
          ],
          "source": {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe",
            "type": "Delimited File"
          }
        }
      ],
      "accountRequests": [
        {
          "accountId": "John.Doe",
          "attributeRequests": [
            {
              "name": "groups",
              "op": "Add",
              "value": "3203537556531076"
            }
          ],
          "op": "Modify",
          "provisioningTarget": {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe",
            "type": "Delimited File"
          },
          "result": {
            "errors": [
              "[ConnectorError] [\n  {\n    \"code\": \"unrecognized_keys\",\n    \"keys\": [\n      \"groups\"\n    ],\n    \"path\": [],\n    \"message\": \"Unrecognized key(s) in object: 'groups'\"\n  }\n] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e)"
            ],
            "status": "failed",
            "ticketId": null
          },
          "source": {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe",
            "type": "Delimited File"
          }
        }
      ],
      "sources": "smartsheet-test, airtable-v4, IdentityNow"
    },
    {
      "id": true,
      "name": true,
      "_type": "identity",
      "accountId": "john.doe",
      "source": {
        "id": "2c91808568c529c60168cca6f90c1313",
        "name": "John Doe",
        "type": "Delimited File"
      },
      "disabled": false,
      "locked": false,
      "privileged": false,
      "manuallyCorrelated": false,
      "passwordLastSet": "2018-06-25T20:22:28.104Z",
      "entitlementAttributes": {
        "moderator": true,
        "admin": true,
        "trust_level": "4"
      },
      "created": "2018-06-25T20:22:28.104Z",
      "modified": "2018-06-25T20:22:28.104Z",
      "attributes": {
        "firstName": "John",
        "lastName": "Doe",
        "displayName": "John.Doe"
      },
      "identity": {
        "id": "2c91808568c529c60168cca6f90c1313",
        "name": "John Doe",
        "displayName": "John Q. Doe"
      },
      "access": [
        {
          "id": "2c91808568c529c60168cca6f90c1313",
          "name": "John Doe",
          "displayName": "John Q. Doe",
          "type": "IDENTITY",
          "description": null,
          "source": {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe"
          },
          "privileged": false,
          "attribute": "memberOf",
          "value": "CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com",
          "standalone": false
        }
      ],
      "entitlementCount": 2,
      "uncorrelated": false,
      "tags": [
        "TAG_1",
        "TAG_2"
      ]
    },
    {
      "id": "2c91808375d8e80a0175e1f88a575222",
      "name": "john.doe",
      "_type": "identity",
      "status": "Success",
      "duration": 20,
      "avgDuration": 20,
      "changedAccounts": 1,
      "nextScheduled": "2018-06-25T20:22:28.104Z",
      "startTime": "2018-06-25T20:22:28.104Z",
      "sourceOwner": "string"
    },
    {
      "id": true,
      "name": true,
      "_type": "identity",
      "description": "The admin privilege",
      "attribute": "admin",
      "value": "true",
      "modified": "2018-06-25T20:22:28.104Z",
      "synced": "2018-06-25T20:22:28.104Z",
      "displayName": "Admin",
      "source": {
        "id": "2c91808568c529c60168cca6f90c1313",
        "name": "John Doe"
      },
      "privileged": false,
      "identityCount": 3,
      "tags": [
        "TAG_1",
        "TAG_2"
      ]
    },
    {
      "id": "2c91808375d8e80a0175e1f88a575222",
      "name": "john.doe",
      "_type": "identity",
      "created": "2018-06-25T20:22:28.104Z",
      "synced": "2018-06-25T20:22:28.104Z",
      "action": "update",
      "type": "SYSTEM_CONFIG",
      "actor": {
        "name": "John Doe",
        "type": "IDENTITY"
      },
      "target": {
        "name": "John Doe",
        "type": "IDENTITY"
      },
      "stack": "tpe",
      "trackingNumber": "63f891e0735f4cc8bf1968144a1e7440",
      "ipAddress": "52.52.97.85",
      "details": "73b65dfbed1842548c207432a18c84b0",
      "attributes": {
        "pod": "stg03-useast1",
        "org": "acme",
        "sourceName": "SailPoint"
      },
      "objects": [
        "AUTHENTICATION"
      ],
      "operation": "REQUEST",
      "status": "PASSED",
      "technicalName": "AUTHENTICATION_REQUEST_PASSED"
    },
    {
      "id": true,
      "name": true,
      "_type": "identity",
      "displayName": true,
      "firstName": "Carol",
      "lastName": "Adams",
      "email": "[email protected]",
      "created": "2018-06-25T20:22:28.104Z",
      "modified": "2018-06-25T20:22:28.104Z",
      "synced": "2018-06-25T20:22:28.104Z",
      "phone": "+1 440-527-3672",
      "inactive": false,
      "protected": false,
      "status": "UNREGISTERED",
      "employeeNumber": "1a2a3d4e",
      "manager": {
        "id": "2c91808568c529c60168cca6f90c1313",
        "name": "John Doe",
        "displayName": "John Q. Doe"
      },
      "isManager": false,
      "identityProfile": {
        "id": "2c91808568c529c60168cca6f90c1313",
        "name": "John Doe"
      },
      "source": {
        "id": "2c91808568c529c60168cca6f90c1313",
        "name": "John Doe"
      },
      "attributes": {
        "country": "US",
        "firstname": "Carol",
        "cloudStatus": "UNREGISTERED"
      },
      "processingState": null,
      "processingDetails": {
        "date": "2018-06-25T20:22:28.104Z",
        "stage": "In Process",
        "retryCount": 0,
        "stackTrace": "<stack trace>",
        "message": "<message>"
      },
      "accounts": [
        {
          "id": "2c91808568c529c60168cca6f90c1313",
          "name": "John Doe",
          "accountId": "john.doe",
          "source": {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe",
            "type": "Delimited File"
          },
          "disabled": false,
          "locked": false,
          "privileged": false,
          "manuallyCorrelated": false,
          "passwordLastSet": "2018-06-25T20:22:28.104Z",
          "entitlementAttributes": {
            "moderator": true,
            "admin": true,
            "trust_level": "4"
          },
          "created": "2018-06-25T20:22:28.104Z"
        }
      ],
      "accountCount": 3,
      "apps": [
        {
          "id": "2c91808568c529c60168cca6f90c1313",
          "name": "John Doe",
          "source": {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe"
          },
          "account": {
            "id": "2c9180837dfe6949017e21f3d8cd6d49",
            "accountId": "CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com"
          }
        }
      ],
      "appCount": 2,
      "access": [
        {
          "id": "2c91808568c529c60168cca6f90c1313",
          "name": "John Doe",
          "displayName": "John Q. Doe",
          "type": "IDENTITY",
          "description": null,
          "source": {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe"
          },
          "owner": {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe",
            "displayName": "John Q. Doe"
          },
          "revocable": true
        },
        {
          "id": "2c91808568c529c60168cca6f90c1313",
          "name": "John Doe",
          "displayName": "John Q. Doe",
          "type": "IDENTITY",
          "description": null,
          "source": {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe"
          },
          "privileged": false,
          "attribute": "memberOf",
          "value": "CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com",
          "standalone": false
        },
        {
          "id": "2c91808568c529c60168cca6f90c1313",
          "name": "John Doe",
          "displayName": "John Q. Doe",
          "type": "IDENTITY",
          "description": null,
          "owner": {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe",
            "displayName": "John Q. Doe"
          },
          "disabled": true,
          "revocable": true
        }
      ],
      "accessCount": 5,
      "accessProfileCount": 1,
      "entitlementCount": 10,
      "roleCount": 1,
      "owns": {
        "sources": [
          {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe"
          }
        ],
        "entitlements": [
          {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe"
          }
        ],
        "accessProfiles": [
          {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe"
          }
        ],
        "roles": [
          {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe"
          }
        ],
        "apps": [
          {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe"
          }
        ],
        "governanceGroups": [
          {
            "id": "2c91808568c529c60168cca6f90c1313",
            "name": "John Doe"
          }
        ],
        "fallbackApprover": false
      },
      "tags": [
        "TAG_1",
        "TAG_2"
      ]
    },
    {
      "id": true,
      "name": true,
      "_type": "identity",
      "description": "The admin role",
      "created": "2018-06-25T20:22:28.104Z",
      "modified": "2018-06-25T20:22:28.104Z",
      "synced": "2018-06-25T20:22:28.104Z",
      "enabled": true,
      "requestable": true,
      "requestCommentsRequired": false,
      "owner": {
        "id": "2c91808568c529c60168cca6f90c1313",
        "name": "John Doe",
        "type": "IDENTITY",
        "email": "[email protected]"
      },
      "accessProfiles": [
        {
          "id": "2c91808568c529c60168cca6f90c1313",
          "name": "John Doe"
        }
      ],
      "accessProfileCount": 0,
      "tags": [
        "TAG_1",
        "TAG_2"
      ]
    }
  ]
}

text/csv

• Schema
• Example (from schema)

---

Schema

• string

  If the Accept:text/csv header is specified and the aggregationType parameter in the request body is SAILPOINT,

  the aggregation result will be returned as a CSV document.

[
  "Identity Locations,Count",
  "Munich,23",
  "Brussels,26",
  "Singapore,22",
  "Tokyo,20",
  "Taipei,16",
  "London,64",
  "Austin,109",
  "Sao Paulo,24",
  "San Jose,27"
]

Client Error - Returned if the request body is invalid.

application/json

• Schema
• Example (from schema)

---

Schema

• detailCode string

  Fine-grained error code providing more detail of the error.

• trackingId string

  Unique tracking id for the error.

• messages object[]

  Generic localized reason for error

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

• causes object[]

  Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.

application/json

• Schema
• Example (from schema)

---

Schema

• error

  A message describing the error

{
  "error": "JWT validation failed: JWT is expired"
}

Forbidden - Returned if the user you are running as, doesn't have access to this end-point.

application/json

• Schema
• Example (from schema)
• 403

---

Schema

• detailCode string

  Fine-grained error code providing more detail of the error.

• trackingId string

  Unique tracking id for the error.

• messages object[]

  Generic localized reason for error

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

• causes object[]

  Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 403 response object

{
  "detailCode": "403 Forbidden",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server understood the request but refuses to authorize it."
    }
  ]
}

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.

application/json

• Schema
• Example (from schema)

---

Schema

• message

  A message describing the error

{
  "message": " Rate Limit Exceeded "
}

Internal Server Error - Returned if there is an unexpected error.

application/json

• Schema
• Example (from schema)
• 500

---

Schema

• detailCode string

  Fine-grained error code providing more detail of the error.

• trackingId string

  Unique tracking id for the error.

• messages object[]

  Generic localized reason for error

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

• causes object[]

  Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 500 response object

{
  "detailCode": "500.0 Internal Fault",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "An internal fault occurred."
    }
  ]
}

Loading...