User Details
The following are Autonomous Identity user details endpoints (Updated APIs in this release are marked with ):
POST /api/userDetails
- POST /api/userDetails
-
Obtain the employee details for Identities views. [User, Supervisor, Ent Owner, App Owner, Admin] NOTE: This is a POST due to the endpoint receiving a JSON body query.
Endpoint
/api/userDetails
Authorization
<Bearer Token JWT-value>
Headers
Content-Type application/json
Body
{ "employeeId": "john.doe", "sortDir": "asc, desc", "lastEntitlementId": "Web_NAS_Share_Case Management_7HQ", "lastRecommendedEnttId": "string" }
Example Request
curl --request POST "https://autoid-api.forgerock.com/api/userDetails" \ --header "Content-Type: application/json" \ --header "Authorization: Bearer <token>" \ --data-raw '{ "employeeId": "john.doe", "sortDir": "asc, desc", "lastEntitlementId": "Web_NAS_Share_Case Management_7HQ", "lastRecommendedEnttId": "string" }'
Example Response
{ "recommendedEntt": { "predictions": [ { "usr_key": "john.doe", "ent": "ent1", "conf": "0.88", "freq": "10.0", "frequnion": "9", "rule": [ { "title": "Chief", "value": "Yes" }, { "title": "Employee Type", "value": "Employee" } ], "entt": { "entitlement": "Ent 1", "app_id": "app1", "role": "role.owner", "app_name": "App 1", "entitlement_name": "Ent 1", "high_risk": "High", "roleOwnerDisplayName": "Role Owner", "requestorCanAccess": false } }, { "usr_key": "john.doe", "ent": "ent2", "conf": "1.00", "freq": "4.0", "frequnion": "4", "rule": [ { "title": "Job Code Name", "value": "Business Representitive" }, { "title": "Line of Business", "value": "Portfolio Management" }, { "title": "Department", "value": " South" }, { "title": "Employee Type", "value": "Employee" } ], "entt": { "entitlement": "ent2", "app_id": "app1", "role": "role.owner", "app_name": "App 1", "entitlement_name": "Ent 2", "high_risk": "High", "roleOwnerDisplayName": "Role Owner", "requestorCanAccess": true } } ], "entitlementsCount": 14, "entitlementsRemainingCount": 9, "lastEntitlementId": "ent2" }, "userEntt": [ { "user": "john.doe", "entitlement": "ent3", "app_id": "app1", "app_name": "App 1", "entitlement_name": "Ent 3", "freq": "10.0", "frequnion": "9", "high_risk": "High", "justification": [ { "title": "Chief", "value": "Yes" }, { "title": "Employee Type", "value": "Employee" } ], "score": 0.88, "user_name": "John Doe", "lastAccessed": "2020-01-01 00:00:00", "requestorCanAccess": false, "rawJustification": [ "CHIEF_YES_NO_Yes", "USR_EMP_TYPE_Employee" ] }, { "user": "john.doe", "entitlement": "ent4", "app_id": "app1", "app_name": "App 1", "entitlement_name": "Ent 4", "freq": "4.0", "frequnion": "4", "high_risk": "High", "justification": [ { "title": "Job Code Name", "value": "Business Representitive" }, { "title": "Line of Business", "value": "Portfolio Management" }, { "title": "Department", "value": " South" }, { "title": "Employee Type", "value": "Employee" } ], "score": 1, "user_name": "John Doe", "lastAccessed": "2020-01-01 00:00:00", "requestorCanAccess": false, "rawJustification": [ "JOBCODE_NAME_Business Representitive", "LINE_OF_BUSINESS_Portfolio Management", "USR_DEPARTMENT_NAME_Customer Operations_ South", "USR_EMP_TYPE_Employee" ] } ], "user": { "displayName": "John Doe", "hrData": [ { "title": "Job Code Name", "id": "JOBCODENAME", "value": "Business Representitive" }, { "title": "Line of Business", "id": "LINEOFBUSINESS", "value": "Portfolio Management" }, { "title": "Department", "id": "DEPARTMENT", "value": " South" }, { "title": "Employee Type", "id": "EMPTYPE", "value": "Employee" } ] }, "entitlementsCount": 2, "entitlementsRemainingCount": 9, "lastEntitlementId": "ent4" }
GET /api/userDetails/decisions
- GET /api/userDetails/decisions
-
Get the current entitlement decisions for the user [Supervisor, Ent Owner, App Owner, Admin].
Endpoint
/api/userDetails/decisions
Authorization
<Bearer Token JWT-value> OR <API-KEY>
Query Parameters Parameter Type Description user
string
User ID (required)
filter
object
Filter to add (single property shown below)
Filter Query Object Properties Parameter Type Description datasinkStatus
string
Datasink status filter ('ack' or 'nack')
timestampThresholds
timestampThresholds object
Timestamp threshold object (available properties below)
timestampThresholds Object Properties Parameter Type Description gt
string
Greater than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with gte.
gte
string
Greater than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with gt.
lt
string
Less than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with lte.
lte
string
Less than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with le.
Example Request (DatasinkStatus Filter)
curl -k -X GET \ 'datasinkStatus=nack' \ -H 'Authorization: Bearer <token value>' \ <or> -H 'X-API-KEY: <api key value>' \ -H 'Content-Type: application/json'
Example Response (DatasinkStatus Filter)
{ "decisions": [ { "user": "john.doe", "entitlement": "ent_1", "is_certified": false, "is_revoked": false, "is_processed": false, "is_archived": false, "author": "jane.smith", "author_name": "Jane Smith", "author_type": "Zoran Admin", "reason": null, "last_updated": "2022-01-11T19:48:17.195Z", "datasink_status": "nack", "usr_name": "John Doe", "ent_name": "Entitlement 1", "app_id": "Gateway", "app_name": "Gateway", "usr_manager_id": "john.smith", "conf": 0.75, "freq": 4, "freqUnion": 3 } ] }
POST /api/userDetails/decisions
- POST /api/userDetails/decisions
-
Update entitlement decisions for users. [Supervisor, Ent Owner, App Owner, Admin]
Endpoint
/api/userDetails/decisions
Authorization
<Bearer Token JWT-value>
Request Body Parameters Parameter Type Description assignments
array of assignment objects
List of assignments affected by the decision (available properties listed below)(required)
is_certified
boolean
Certification decision
is_revoked
boolean
Revoke decision
is_requested
boolean
Decision is processed
reason
string
Reason for decision
datasink_status
string
Datasink status ('ack' or 'nack')
Assignments Object Properties Parameter Type Description user
string
User ID (required)
entitlements
string array
List of entitlement ID’s (required)
Body
{ "assignments": [ { "user": "string", "entitlements": [ "string" ] } ], "is_certified": true, "is_revoked": true, "is_requested": true, "is_processed": true, "reason": "string", "datasink_status": "nack" }
Example Request
curl -k -X POST \ "https://autoid-api.forgerock.com/api/userDetails/decisions" \ -H 'Authorization: Bearer <token-value>' \ -H "accept: /" -H "Content-Type: application/json" \ --data-raw '{ "assignments": [ { "user": "john.doe", "entitlements": [ "ABC", "DEFFF" ] } ], "is_certified": true, "is_revoked": false, "is_requested": false, "is_processed": false, "reason": "string", "datasink_status": "nack" }'
Example Response
{ "status": 200 }
POST /api/userDetails/hrData
- POST /api/userDetails/hrData
-
Get a user’s HR data. [User, Supervisor, Ent Owner, App Owner, Admin]
Endpoint
/api/userDetails/hrData
Authorization
<Bearer Token JWT-value>
Headers
Content-Type application/json
Body
{ "employeeId": "john.doe" }
Example Request
curl --request POST "https://autoid-api.forgerock.com/api/userDetails/hrData" \ --header "Content-Type: application/json" \ --header "Authorization: Bearer <token>" \ --data-raw '{ "employeeId": "john.doe" }'
Example Response
{ "user": [ { "id": "USER_NAME", "title": "User Name", "value": "john.doe" }, { "id": "CHIEF", "title": "Chief", "value": "Yes" }, { "id": "CITY", "title": "City", "value": "Toledo" }, { "id": "USER_DISPLAY_NAME", "title": "User Display Name", "value": "John Doe" }, { "id": "EMPLOYEE_TYPE", "title": "Employee Type", "value": "Employee" }, { "id": "MANAGER", "title": "Manager", "value": "the.manager" } ], "displayName": "John Doe" }
POST /api/userDetails/search
- POST /api/userDetails/search
-
Search for users by name and with applied filters. [Executive, Supervisor, App Owner, Admin]
Endpoint
/api/userDetails/search
Authorization
<Bearer Token JWT-value>
Headers
Content-Type application/json
Body
{ "username": "john.doe" }
Example Request
curl --request POST "https://autoid-api.forgerock.com/api/userDetails/search" \ --header "Content-Type: application/json" --data-raw '{ "username": "john.doe" }'
Example Response
{ "values": [ { "user": "john.doe", "isapplicationowner": "false", "isentitlementowner": "false", "issupervisor": "false", "userdisplayname": "John Doe" } ] }
POST /api/userDetails/ent/autoprovision
- POST /api/userDetails/ent/autoprovision
-
Get user’s entitlements for autoprovisioning. [Admin]
Endpoint
/api/userDetails/ent/autoprovision
Authorization
<Bearer Token JWT-value>
Headers
Content-Type application/json
Body
{ "user": "john.doe" }
Example Request
curl --request POST "https://autoid-api.forgerock.com/api/userDetails/ent/autoprovision" \ --header "Content-Type: application/json" \ --header 'Authorization: Bearer <token>' \ --data-raw '{ "user": "john.doe" }'
Example Response
{ "usr_id": "string", "usr_name": "string", "ents": [ { "ent_id": "string", "ent_name": "string", "ent_attribute": "string", "ent_risk_level": "string", "score": 0, "freq": 0, "frequnion": 0, "justification": [ { "title": "string", "value": "string" } ], "app_id": "string", "app_name": "string" } ], "cursor": "string" } No links
POST /api/userDetails/autoAction
- POST /api/userDetails/autoAction
-
Get the list of entitlements for a user or list of users for an entitlement to provision, revoke, or certify. [Admin]
Endpoint
/api/userDetails/autoAction
Authorization
<Bearer Token JWT-value>
Headers
Content-Type application/json
Body
{ "action": "addAccess", "usrId": "john.doe", "entId": "entitlement_1", "thresholds": { "gte": 0, "gt": 0, "lte": 0, "lt": 0 }, "cursor": "string" }
Example Request
curl --request POST "https://autoid-api.forgerock.com/api/userDetails/autoAction" \ --header "Content-Type: application/json" \ --header "Authorization: Bearer <token>" \ --data-raw '{ "action": "addAccess", "usrId": "john.doe", "entId": "entitlement_1", "thresholds": { "gte": 0, "gt": 0, "lte": 0, "lt": 0 }, "cursor": "string" }'
POST /api/userDetails/drivingFactor
- POST /api/userDetails/drivingFactor
-
Get the driving factor data. [User, Supervisor, Ent Owner, App Owner, Admin]
Endpoint
/api/userDetails/drivingFactor
Authorization
<Bearer Token JWT-value>
Headers
Content-Type application/json
Params
{ "entitlement": "entitlement1" }
Example Request
curl --request POST "https://autoid-api.forgerock.com/api/userDetails/drivingFactor" \ --header "Content-Type: application/json" \ --header "Authorization: Bearer <token>" \ --data-raw '{ "entitlement": "entitlement1" }'
Example Request
[ { "ent": "ent1", "attribute": { "title": "Chief", "value": "No" }, "count": 3, "rawAttribute": "CHIEF_YES_NO_No" }, { "ent": "ent1", "attribute": { "title": "City", "value": "Tacoma" }, "count": 5, "rawAttribute": "CITY_Tacoma" } ]
POST /api/userDetails/distinct
- POST /api/userDetails/distinct
-
Get a list of all users.
Endpoint
/api/userDetails/distinct
Authorization
<Bearer Token JWT-value>
Headers
Content-Type application/json
Params
pageSize number (optional) Specify the number of assignments to return per page cursor (optional) String (Indicator on where to start a 2+ page list) <searchable-attribute> Any searchable attribute specified in the Identities Entity Definitions page
Body
{ "pageSize": 2, "cursor": "eyJ1c3JfaWQiOiJtYXJ5LmRvbm92YW4ifQ==", "cost_center": "OP" }
Example Request
curl --request POST "https://autoid-api.forgerock.com/api/userDetails/distinct" \ --header "Content-Type: application/json" \ --header "Authorization: Bearer <token>" --data-raw { "pageSize": 2, "cursor": "eyJ1c3JfaWQiOiJtYXJ5LmRvbm92YW4ifQ==", "cost_center": "OP" }
Example Response
[ { "usr_id": "john.doe", "usr_name": "John Doe", "usr_manager_id": "jane.smith", "cost_center": "OP_TT4" } ]