Entitlements

The following are Autonomous Identity filtering by entitlements endpoints (New APIs introduced in this release are marked with ):

GET /api/entitlements/search

GET /api/entitlements/search

Search for entitlements by name and with applied filters. [Ent Owner, App Owner, Admin]

Endpoint

/api/entitlements/search?q=QueryString

Authorization

<Bearer Token JWT-value>

Params

by      appOwner or enttOwner
user    user ID
q       Search query string (required)
appId   Application ID to use as a filter

Example Request

curl --location --request GET 'https://autoid-api.forgerock.com/api/entitlements/search?by=enttOwner&user=john.doe&q=WEB&appId=Salesforce' \
--header 'Content-Type: application/json'

Example Response

{
  "values": [
    {
      "id": "string",
      "app_id": "string",
      "app_name": "string",
      "entt_name": "string"
    }
  ]
}

POST /api/entitlements/stats

POST /api/entitlements/stats

Get data for entitlements view. [Supervisor, Ent Owner, Admin]

Endpoint

/api/entitlements/stats?by=supervisor/entitlementOwner/admin

Authorization

<Bearer Token JWT-value>

Params

by      supervisor, roleOwner

Body

{
	"ownerId": "timothy.slack",
	"isHighRiskOnly": true,
	"isMediumLowRiskOnly": false,
	"isUserEntitlementsIncluded": true,
	"filters": [{
		"type": "app_id",
		"group": "criticality",
		"value": "Essential"
	}]
}

Example Request

curl --location --request POST 'https://autoid-api.forgerock.com/api/entitlements/stats?by=supervisor' \
--header 'content-type: application/json' \
--data-raw '{
	"ownerId": "timothy.slack",
	"isHighRiskOnly": true,
	"isMediumLowRiskOnly": false,
	"isUserEntitlementsIncluded": true,
	"filters": [{
		"type": "app_id",
		"group": "criticality",
		"value": "Essential"
	}]
}'

Example Response

{
  "total_entitlements": 0,
  "total_subordinates": 0,
  "unscoredEntitlements": 0,
  "scoredEntitlements": 0,
  "usersWithNoEntitlement": 0,
  "usersWithNoScoredEntitlement": 0,
  "distinct_apps": [
    {
      "app_id": "string",
      "app_name": "string",
      "low": 0,
      "medium": 0,
      "high": 0
    }
  ],
  "users": [
    {
      "user": "string",
      "user_name": "string",
      "high": 0,
      "medium": 0,
      "low": 0,
      "avg": "string"
    }
  ],
  "entitlements": [
    {
      "entitlement": "string",
      "entitlement_name": "string",
      "app_id": "string",
      "high_risk": "string",
      "high": 0,
      "medium": 0,
      "low": 0,
      "avg": "string"
    }
  ]
}

GET /api/entitlements/id/{id}

GET /api/entitlements/id/{id}

Get entitlement details. [User, Supervisor, Ent Owner, App Owner, Admin]

Endpoint

/api/entitlements/id/{id+}

Authorization

<Bearer Token JWT-value>

Params

by      entitlement ID

Example Request

curl --request GET "https://autoid-api.forgerock.com/api/entitlements/id/1234" \
--header "Content-Type: application/json"

Example Response

{
  "entitlement_name": "string",
  "scores": {
    "avg": 0,
    "high": 0,
    "medium": 0,
    "low": 0
  },
  "drivingFactors": [
    {
      "attribute": {
        "id": "string",
        "title": "string",
        "value": "string"
      },
      "count": 0
    }
  ],
  "userScores": [
    {
      "score": 0,
      "count": 0
    }
  ],
  "users": [
    {
      "user": "string",
      "user_name": "string",
      "app_id": "string",
      "freq": 0,
      "frequnion": 0,
      "justification": [
        {
          "title": "string",
          "value": "string"
        }
      ],
      "rawJustification": [
        "string"
      ],
      "score": 0
    }
  ]
}

GET /api/entitlements/unscored

GET /api/entitlements/unscored

Get unscored entitlements and users for a given Supervisor or Entitlement Owner ID. [Supervisor, Ent Owner, Admin]

Endpoint

/api/entitlements/unscored

Authorization

<Bearer Token JWT-value>

Params

by      supervisor, entitlement owner
user    supervisor or entitlement owner user ID

Example Request

curl --request GET "https://autoid-api.forgerock.com/api/entitlements/unscored?by=supervisor&user=1234" \
--header "Content-Type: application/json"

GET /api/entitlements/distinct

GET /api/entitlements/distinct

Get a list of all entitlements.

Endpoint

/api/entitlements/distinct

Authorization

<Bearer Token JWT-value>

Example Request

curl --location --request GET 'https://autoid-api.forgerock.com/api/entitlements/distinct' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <token>'

Example Response

[
  {
    "ent_id": "AccessType : XMLP_ADMIN",
    "ent_name": "AccessType : XMLP_ADMIN",
    "ent_owner_id": "julie.yee",
    "app_id": "Salesforce",
    "ent_criticality": "Non-Essential",
    "ent_risk_level": "Medium"
  }
]

GET /api/entitlements/recommendations

GET /api/entitlements/recommendations

Get a list of entitlement recommendations for a given set of user attributes.

Endpoint

/api/entitlements/recommendations

Authorization

<Bearer Token JWT-value>

Body

{
      "confidenceThreshold": 0.1,
      "maxResults": 1000,
      "offset": 200,
      "userAttributes": [
                  "0E_USR_MANAGER_ID_gregory.suhr",
                  "13_USR_DEPARTMENT_NAME_Facilities Area A",
                  "0C_CHIEF_YES_NO_No",
                  "0C_MANAGER_NAME_Gregory Suhr",
                  "0C_USR_EMP_TYPE_Employee",
                  "13_USR_DEPARTMENT_NAME_Wireless Operations"
                    ]
}

Example Request

curl --request GET "https://autoid-api.forgerock.com/api/entitlements/recommendations" \
--header  "Content-Type: application/json" \
--header  "Authorization: Bearer <token>" \
--data-raw '{
    "confidenceThreshold": 0.1,
    "maxResults": 1000,
    "offset": 200,
    "userAttributes": [
       "0E_USR_MANAGER_ID_gregory.suhr",
       "13_USR_DEPARTMENT_NAME_Facilities Area A",
       "0C_CHIEF_YES_NO_No",
       "0C_MANAGER_NAME_Gregory Suhr",
       "0C_USR_EMP_TYPE_Employee",
       "13_USR_DEPARTMENT_NAME_Wireless Operations"
       ]
     }'

Example Response

[
  {
    "attributes": [
      "0C_CHIEF_YES_NO_No",
      "0E_USR_MANAGER_ID_gregory.suhr"
    ],
    "entitlement": "06_ENT_ID_WEB_user_WEB RCQ Flare NonIT Distribution_II",
    "confidence": 0.14,
    "frequency": 22
  },
  {
    "attributes": [
      "0C_MANAGER_NAME_Gregory Suhr",
      "13_USR_DEPARTMENT_NAME_Facilities Area A"
    ],
    "entitlement": "06_ENT_ID_Web_tildeNon-security plus",
    "confidence": 0.14,
    "frequency": 28
  },
]