Entitlements
The following are Autonomous Identity filtering by entitlements endpoints (New APIs introduced in this release are marked with ):
GET /api/entitlements/search
- GET /api/entitlements/search
-
Search for entitlements by name and with applied filters. [Ent Owner, App Owner, Admin]
Endpoint
/api/entitlements/search?q=QueryString
Authorization
<Bearer Token JWT-value>
Params
by appOwner or enttOwner user user ID q Search query string (required) appId Application ID to use as a filter
Example Request
curl --location --request GET 'https://autoid-api.forgerock.com/api/entitlements/search?by=enttOwner&user=john.doe&q=WEB&appId=Salesforce' \ --header 'Content-Type: application/json'
Example Response
{ "values": [ { "id": "string", "app_id": "string", "app_name": "string", "entt_name": "string" } ] }
POST /api/entitlements/stats
- POST /api/entitlements/stats
-
Get data for entitlements view. [Supervisor, Ent Owner, Admin]
Endpoint
/api/entitlements/stats?by=supervisor/entitlementOwner/admin
Authorization
<Bearer Token JWT-value>
Params
by supervisor, roleOwner
Body
{ "ownerId": "timothy.slack", "isHighRiskOnly": true, "isMediumLowRiskOnly": false, "isUserEntitlementsIncluded": true, "filters": [{ "type": "app_id", "group": "criticality", "value": "Essential" }] }
Example Request
curl --location --request POST 'https://autoid-api.forgerock.com/api/entitlements/stats?by=supervisor' \ --header 'content-type: application/json' \ --data-raw '{ "ownerId": "timothy.slack", "isHighRiskOnly": true, "isMediumLowRiskOnly": false, "isUserEntitlementsIncluded": true, "filters": [{ "type": "app_id", "group": "criticality", "value": "Essential" }] }'
Example Response
{ "total_entitlements": 0, "total_subordinates": 0, "unscoredEntitlements": 0, "scoredEntitlements": 0, "usersWithNoEntitlement": 0, "usersWithNoScoredEntitlement": 0, "distinct_apps": [ { "app_id": "string", "app_name": "string", "low": 0, "medium": 0, "high": 0 } ], "users": [ { "user": "string", "user_name": "string", "high": 0, "medium": 0, "low": 0, "avg": "string" } ], "entitlements": [ { "entitlement": "string", "entitlement_name": "string", "app_id": "string", "high_risk": "string", "high": 0, "medium": 0, "low": 0, "avg": "string" } ] }
GET /api/entitlements/id/{id}
- GET /api/entitlements/id/{id}
-
Get entitlement details. [User, Supervisor, Ent Owner, App Owner, Admin]
Endpoint
/api/entitlements/id/{id+}
Authorization
<Bearer Token JWT-value>
Params
by entitlement ID
Example Request
curl --request GET "https://autoid-api.forgerock.com/api/entitlements/id/1234" \ --header "Content-Type: application/json"
Example Response
{ "entitlement_name": "string", "scores": { "avg": 0, "high": 0, "medium": 0, "low": 0 }, "drivingFactors": [ { "attribute": { "id": "string", "title": "string", "value": "string" }, "count": 0 } ], "userScores": [ { "score": 0, "count": 0 } ], "users": [ { "user": "string", "user_name": "string", "app_id": "string", "freq": 0, "frequnion": 0, "justification": [ { "title": "string", "value": "string" } ], "rawJustification": [ "string" ], "score": 0 } ] }
GET /api/entitlements/unscored
- GET /api/entitlements/unscored
-
Get unscored entitlements and users for a given Supervisor or Entitlement Owner ID. [Supervisor, Ent Owner, Admin]
Endpoint
/api/entitlements/unscored
Authorization
<Bearer Token JWT-value>
Params
by supervisor, entitlement owner user supervisor or entitlement owner user ID
Example Request
curl --request GET "https://autoid-api.forgerock.com/api/entitlements/unscored?by=supervisor&user=1234" \ --header "Content-Type: application/json"
GET /api/entitlements/distinct
- GET /api/entitlements/distinct
-
Get a list of all entitlements.
Endpoint
/api/entitlements/distinct
Authorization
<Bearer Token JWT-value>
Example Request
curl --location --request GET 'https://autoid-api.forgerock.com/api/entitlements/distinct' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer <token>'
Example Response
[ { "ent_id": "AccessType : XMLP_ADMIN", "ent_name": "AccessType : XMLP_ADMIN", "ent_owner_id": "julie.yee", "app_id": "Salesforce", "ent_criticality": "Non-Essential", "ent_risk_level": "Medium" } ]
GET /api/entitlements/recommendations
- GET /api/entitlements/recommendations
-
Get a list of entitlement recommendations for a given set of user attributes.
Endpoint
/api/entitlements/recommendations
Authorization
<Bearer Token JWT-value>
Body
{ "confidenceThreshold": 0.1, "maxResults": 1000, "offset": 200, "userAttributes": [ "0E_USR_MANAGER_ID_gregory.suhr", "13_USR_DEPARTMENT_NAME_Facilities Area A", "0C_CHIEF_YES_NO_No", "0C_MANAGER_NAME_Gregory Suhr", "0C_USR_EMP_TYPE_Employee", "13_USR_DEPARTMENT_NAME_Wireless Operations" ] }
Example Request
curl --request GET "https://autoid-api.forgerock.com/api/entitlements/recommendations" \ --header "Content-Type: application/json" \ --header "Authorization: Bearer <token>" \ --data-raw '{ "confidenceThreshold": 0.1, "maxResults": 1000, "offset": 200, "userAttributes": [ "0E_USR_MANAGER_ID_gregory.suhr", "13_USR_DEPARTMENT_NAME_Facilities Area A", "0C_CHIEF_YES_NO_No", "0C_MANAGER_NAME_Gregory Suhr", "0C_USR_EMP_TYPE_Employee", "13_USR_DEPARTMENT_NAME_Wireless Operations" ] }'
Example Response
[ { "attributes": [ "0C_CHIEF_YES_NO_No", "0E_USR_MANAGER_ID_gregory.suhr" ], "entitlement": "06_ENT_ID_WEB_user_WEB RCQ Flare NonIT Distribution_II", "confidence": 0.14, "frequency": 22 }, { "attributes": [ "0C_MANAGER_NAME_Gregory Suhr", "13_USR_DEPARTMENT_NAME_Facilities Area A" ], "entitlement": "06_ENT_ID_Web_tildeNon-security plus", "confidence": 0.14, "frequency": 28 }, ]