Autonomous Identity 2022.11.1

User Details

The following are Autonomous Identity user details endpoints (Updated APIs in this release are marked with ):

POST /api/userDetails

POST /api/userDetails

Obtain the employee details for Identities views. [User, Supervisor, Ent Owner, App Owner, Admin] NOTE: This is a POST due to the endpoint receiving a JSON body query.

Endpoint

/api/userDetails

Authorization

<Bearer Token JWT-value>

Headers

Content-Type      application/json

Body

{
  "employeeId": "john.doe",
  "sortDir": "asc, desc",
  "lastEntitlementId": "Web_NAS_Share_Case Management_7HQ",
  "lastRecommendedEnttId": "string"
}

Example Request

curl --request POST "https://autoid-api.forgerock.com/api/userDetails" \
--header "Content-Type: application/json" \
--header  "Authorization: Bearer <token>" \
--data-raw '{
   "employeeId": "john.doe",
   "sortDir": "asc, desc",
   "lastEntitlementId": "Web_NAS_Share_Case Management_7HQ",
   "lastRecommendedEnttId": "string"
}'

Example Response

{
  "recommendedEntt": {
    "predictions": [
      {
        "usr_key": "john.doe",
        "ent": "ent1",
        "conf": "0.88",
        "freq": "10.0",
        "frequnion": "9",
        "rule": [
          {
            "title": "Chief",
            "value": "Yes"
          },
          {
            "title": "Employee Type",
            "value": "Employee"
          }
        ],
        "entt": {
          "entitlement": "Ent 1",
          "app_id": "app1",
          "role": "role.owner",
          "app_name": "App 1",
          "entitlement_name": "Ent 1",
          "high_risk": "High",
          "roleOwnerDisplayName": "Role Owner",
          "requestorCanAccess": false
        }
      },
      {
        "usr_key": "john.doe",
        "ent": "ent2",
        "conf": "1.00",
        "freq": "4.0",
        "frequnion": "4",
        "rule": [
          {
            "title": "Job Code Name",
            "value": "Business Representitive"
          },
          {
            "title": "Line of Business",
            "value": "Portfolio Management"
          },
          {
            "title": "Department",
            "value": " South"
          },
          {
            "title": "Employee Type",
            "value": "Employee"
          }
        ],
        "entt": {
          "entitlement": "ent2",
          "app_id": "app1",
          "role": "role.owner",
          "app_name": "App 1",
          "entitlement_name": "Ent 2",
          "high_risk": "High",
          "roleOwnerDisplayName": "Role Owner",
          "requestorCanAccess": true
        }
      }
    ],
    "entitlementsCount": 14,
    "entitlementsRemainingCount": 9,
    "lastEntitlementId": "ent2"
  },
  "userEntt": [
    {
      "user": "john.doe",
      "entitlement": "ent3",
      "app_id": "app1",
      "app_name": "App 1",
      "entitlement_name": "Ent 3",
      "freq": "10.0",
      "frequnion": "9",
      "high_risk": "High",
      "justification": [
        {
          "title": "Chief",
          "value": "Yes"
        },
        {
          "title": "Employee Type",
          "value": "Employee"
        }
      ],
      "score": 0.88,
      "user_name": "John Doe",
      "lastAccessed": "2020-01-01 00:00:00",
      "requestorCanAccess": false,
      "rawJustification": [
        "CHIEF_YES_NO_Yes",
        "USR_EMP_TYPE_Employee"
      ]
    },
    {
      "user": "john.doe",
      "entitlement": "ent4",
      "app_id": "app1",
      "app_name": "App 1",
      "entitlement_name": "Ent 4",
      "freq": "4.0",
      "frequnion": "4",
      "high_risk": "High",
      "justification": [
        {
          "title": "Job Code Name",
          "value": "Business Representitive"
        },
        {
          "title": "Line of Business",
          "value": "Portfolio Management"
        },
        {
          "title": "Department",
          "value": " South"
        },
        {
          "title": "Employee Type",
          "value": "Employee"
        }
      ],
      "score": 1,
      "user_name": "John Doe",
      "lastAccessed": "2020-01-01 00:00:00",
      "requestorCanAccess": false,
      "rawJustification": [
        "JOBCODE_NAME_Business Representitive",
        "LINE_OF_BUSINESS_Portfolio Management",
        "USR_DEPARTMENT_NAME_Customer Operations_ South",
        "USR_EMP_TYPE_Employee"
      ]
    }
  ],
  "user": {
    "displayName": "John Doe",
    "hrData": [
      {
        "title": "Job Code Name",
        "id": "JOBCODENAME",
        "value": "Business Representitive"
      },
      {
        "title": "Line of Business",
        "id": "LINEOFBUSINESS",
        "value": "Portfolio Management"
      },
      {
        "title": "Department",
        "id": "DEPARTMENT",
        "value": " South"
      },
      {
        "title": "Employee Type",
        "id": "EMPTYPE",
        "value": "Employee"
      }
    ]
  },
  "entitlementsCount": 2,
  "entitlementsRemainingCount": 9,
  "lastEntitlementId": "ent4"
}

GET /api/userDetails/decisions

GET /api/userDetails/decisions

Get the current entitlement decisions for the user [Supervisor, Ent Owner, App Owner, Admin].

Endpoint

/api/userDetails/decisions

Authorization

<Bearer Token JWT-value> OR <API-KEY>
Query Parameters
Parameter Type Description

user

string

User ID (required)

filter

object

Filter to add (single property shown below)

Filter Query Object Properties
Parameter Type Description

datasinkStatus

string

Datasink status filter ('ack' or 'nack')

timestampThresholds

timestampThresholds object

Timestamp threshold object (available properties below)

timestampThresholds Object Properties
Parameter Type Description

gt

string

Greater than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with gte.

gte

string

Greater than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with gt.

lt

string

Less than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with lte.

lte

string

Less than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with le.

Example Request (DatasinkStatus Filter)

curl -k -X GET \
'datasinkStatus=nack' \
-H 'Authorization: Bearer <token value>' \  <or>   -H 'X-API-KEY: <api key value>' \
-H 'Content-Type: application/json'

Example Response (DatasinkStatus Filter)

{
  "decisions": [
    {
      "user": "john.doe",
      "entitlement": "ent_1",
      "is_certified": false,
      "is_revoked": false,
      "is_processed": false,
      "is_archived": false,
      "author": "jane.smith",
      "author_name": "Jane Smith",
      "author_type": "Zoran Admin",
      "reason": null,
      "last_updated": "2022-01-11T19:48:17.195Z",
      "datasink_status": "nack",
      "usr_name": "John Doe",
      "ent_name": "Entitlement 1",
      "app_id": "Gateway",
      "app_name": "Gateway",
      "usr_manager_id": "john.smith",
      "conf": 0.75,
      "freq": 4,
      "freqUnion": 3
    }
  ]
}

POST /api/userDetails/decisions

POST /api/userDetails/decisions

Update entitlement decisions for users. [Supervisor, Ent Owner, App Owner, Admin]

Endpoint

/api/userDetails/decisions

Authorization

<Bearer Token JWT-value>
Request Body Parameters
Parameter Type Description

assignments

array of assignment objects

List of assignments affected by the decision (available properties listed below)(required)

is_certified

boolean

Certification decision

is_revoked

boolean

Revoke decision

is_requested

boolean

Decision is processed

reason

string

Reason for decision

datasink_status

string

Datasink status ('ack' or 'nack')

Assignments Object Properties
Parameter Type Description

user

string

User ID (required)

entitlements

string array

List of entitlement ID’s (required)

Body

{
  "assignments": [
    {
      "user": "string",
      "entitlements": [
        "string"
      ]
    }
  ],
  "is_certified": true,
  "is_revoked": true,
  "is_requested": true,
  "is_processed": true,
  "reason": "string",
  "datasink_status": "nack"
}

Example Request

curl -k -X POST \
"https://autoid-api.forgerock.com/api/userDetails/decisions" \
-H 'Authorization: Bearer <token-value>' \
-H  "accept: /" -H  "Content-Type: application/json" \
--data-raw '{
  "assignments": [
    {
      "user": "john.doe",
      "entitlements": [
        "ABC",
        "DEFFF"
      ]
    }
  ],
  "is_certified": true,
  "is_revoked": false,
  "is_requested": false,
  "is_processed": false,
  "reason": "string",
  "datasink_status": "nack"
}'

Example Response

{
  "status": 200
}

POST /api/userDetails/hrData

POST /api/userDetails/hrData

Get a user’s HR data. [User, Supervisor, Ent Owner, App Owner, Admin]

Endpoint

/api/userDetails/hrData

Authorization

<Bearer Token JWT-value>

Headers

Content-Type      application/json

Body

{
  "employeeId": "john.doe"
}

Example Request

curl --request POST "https://autoid-api.forgerock.com/api/userDetails/hrData" \
--header "Content-Type: application/json" \
--header  "Authorization: Bearer <token>" \
--data-raw '{
  "employeeId": "john.doe"
}'

Example Response

{
  "user": [
    {
      "id": "USER_NAME",
      "title": "User Name",
      "value": "john.doe"
    },
    {
      "id": "CHIEF",
      "title": "Chief",
      "value": "Yes"
    },
    {
      "id": "CITY",
      "title": "City",
      "value": "Toledo"
    },
    {
      "id": "USER_DISPLAY_NAME",
      "title": "User Display Name",
      "value": "John Doe"
    },
    {
      "id": "EMPLOYEE_TYPE",
      "title": "Employee Type",
      "value": "Employee"
    },
    {
      "id": "MANAGER",
      "title": "Manager",
      "value": "the.manager"
    }
  ],
  "displayName": "John Doe"
}

POST /api/userDetails/search

POST /api/userDetails/search

Search for users by name and with applied filters. [Executive, Supervisor, App Owner, Admin]

Endpoint

/api/userDetails/search

Authorization

<Bearer Token JWT-value>

Headers

Content-Type      application/json

Body

{
	"username": "john.doe"
}

Example Request

curl --request POST "https://autoid-api.forgerock.com/api/userDetails/search" \
--header "Content-Type: application/json"
--data-raw '{
	"username": "john.doe"
}'

Example Response

{
  "values": [
    {
      "user": "john.doe",
      "isapplicationowner": "false",
      "isentitlementowner": "false",
      "issupervisor": "false",
      "userdisplayname": "John Doe"
    }
  ]
}

POST /api/userDetails/ent/autoprovision

POST /api/userDetails/ent/autoprovision

Get user’s entitlements for autoprovisioning. [Admin]

Endpoint

/api/userDetails/ent/autoprovision

Authorization

<Bearer Token JWT-value>

Headers

Content-Type      application/json

Body

{
  "user": "john.doe"
}

Example Request

curl --request POST "https://autoid-api.forgerock.com/api/userDetails/ent/autoprovision" \
--header "Content-Type: application/json" \
--header 'Authorization: Bearer <token>' \
--data-raw '{
	"user": "john.doe"
}'

Example Response

{
  "usr_id": "string",
  "usr_name": "string",
  "ents": [
    {
      "ent_id": "string",
      "ent_name": "string",
      "ent_attribute": "string",
      "ent_risk_level": "string",
      "score": 0,
      "freq": 0,
      "frequnion": 0,
      "justification": [
        {
          "title": "string",
          "value": "string"
        }
      ],
      "app_id": "string",
      "app_name": "string"
    }
  ],
  "cursor": "string"
}

	No links

POST /api/userDetails/autoAction

POST /api/userDetails/autoAction

Get the list of entitlements for a user or list of users for an entitlement to provision, revoke, or certify. [Admin]

Endpoint

/api/userDetails/autoAction

Authorization

<Bearer Token JWT-value>

Headers

Content-Type      application/json

Body

{
  "action": "addAccess",
  "usrId": "john.doe",
  "entId": "entitlement_1",
  "thresholds": {
    "gte": 0,
    "gt": 0,
    "lte": 0,
    "lt": 0
  },
  "cursor": "string"
}

Example Request

curl --request POST "https://autoid-api.forgerock.com/api/userDetails/autoAction" \
--header "Content-Type: application/json" \
--header  "Authorization: Bearer <token>" \
--data-raw '{
    "action": "addAccess",
    "usrId": "john.doe",
    "entId": "entitlement_1",
    "thresholds": {
        "gte": 0,
        "gt": 0,
        "lte": 0,
        "lt": 0
    },
    "cursor": "string"
}'

POST /api/userDetails/drivingFactor

POST /api/userDetails/drivingFactor

Get the driving factor data. [User, Supervisor, Ent Owner, App Owner, Admin]

Endpoint

/api/userDetails/drivingFactor

Authorization

<Bearer Token JWT-value>

Headers

Content-Type      application/json

Params

{
  "entitlement": "entitlement1"
}

Example Request

curl --request POST "https://autoid-api.forgerock.com/api/userDetails/drivingFactor" \
--header "Content-Type: application/json" \
--header  "Authorization: Bearer <token>" \
--data-raw '{
    "entitlement": "entitlement1"
}'

Example Request

[
  {
    "ent": "ent1",
    "attribute": {
      "title": "Chief",
      "value": "No"
    },
    "count": 3,
    "rawAttribute": "CHIEF_YES_NO_No"
  },
  {
    "ent": "ent1",
    "attribute": {
      "title": "City",
      "value": "Tacoma"
    },
    "count": 5,
    "rawAttribute": "CITY_Tacoma"
  }
]

POST /api/userDetails/distinct

POST /api/userDetails/distinct

Get a list of all users.

Endpoint

/api/userDetails/distinct

Authorization

<Bearer Token JWT-value>

Headers

Content-Type      application/json

Params

pageSize number (optional)   Specify the number of assignments to return per page
cursor (optional)            String (Indicator on where to start a 2+ page list)
<searchable-attribute>       Any searchable attribute specified in the Identities Entity Definitions page

Body

{
    "pageSize": 2,
    "cursor": "eyJ1c3JfaWQiOiJtYXJ5LmRvbm92YW4ifQ==",
    "cost_center": "OP"
}

Example Request

curl --request POST "https://autoid-api.forgerock.com/api/userDetails/distinct" \
--header "Content-Type: application/json" \
--header "Authorization: Bearer <token>"
--data-raw {
    "pageSize": 2,
    "cursor": "eyJ1c3JfaWQiOiJtYXJ5LmRvbm92YW4ifQ==",
    "cost_center": "OP"
}

Example Response

[
  {
    "usr_id": "john.doe",
    "usr_name": "John Doe",
    "usr_manager_id": "jane.smith",
    "cost_center": "OP_TT4"
  }
]
Copyright © 2010-2024 ForgeRock, all rights reserved.