Segregation of Duties
Segregation of Duties (SoD) is an internal control process ensuring no single individual is granted privileges that could lead to a conflict of interest or fraud. Administrators can configure SoD using policies and policy rules that let them identify violations and run actions, such as create an exception, allow or remediate the violation and others.
For your convenience, you can view the entire API using a YAML file based on the OpenAPI specification.
| Adjust the configurations of the file to match your specific details, such as your Advanced Identity Cloud tenant FQDN. |
YAML file
The REST APIs contain many parameters and, in some instances, large request bodies. For your convenience, you can view the entire API using a YAML file based on the OpenAPI specification.
To download the YAML file, click here.
| Adjust the configurations of the file to match your specific details, such as your Advanced Identity Cloud tenant FQDN. |
Endpoints
| URI | HTTP method | Description |
|---|---|---|
|
GET |
Search policies. The endpoint returns policies stored within the Identity Governance store, based on a set of query parameters. |
|
POST |
Create a new policy object within Identity Governance. |
|
POST |
Query policy objects using a targeted search filter. |
|
GET |
Get policy by ID. The endpoint returns the policy with the provided ID. |
|
PUT |
Update an existing policy object within Identity Governance. |
|
DELETE |
Delete an existing policy object within Identity Governance. |
|
POST |
Run a scan on all given rules of a policy and create violations if desired. |
|
GET |
Get policy rules associated with a policy ID. |
|
GET |
Query policy rules based on a set of query parameters. |
|
POST |
Create a new policy rule object within Identity Governance. |
|
POST |
Query the policy rule objects using a targeted search filter. |
|
GET |
Get policy rule by ID. |
|
POST |
Duplicate a given policy rule. The rule will be set as |
|
PUT |
Update an existing policy rule object. |
|
DELETE |
Delete an existing policy rule. |
|
POST |
Run a scan the given policy for violations and create violations if desired. |
|
POST |
Run a scan on a given user rule and return potential violations. |
|
GET |
Query policy scans with the Identity Governance store based on a set of query parameters. |
|
POST |
Query policy scan objects using a targeted search filter. |
|
GET |
Get policy scan by ID. |
|
DELETE |
Delete an existing policy scan object within Identity Governance. |
|
GET |
Query the signed-in user’s violation objects. |
|
GET |
Query the violation objects. |
|
POST |
Creates a violation with the given body. |
|
POST |
Once a phase (or phases) have chosen to allow a violation, close and complete the
violations with the outcome of |
|
POST |
As a user who can take action on violations, cancel existing exceptions, reverting the violations back to in-progress. |
|
POST |
As a user who can take action on violations, add a comment to the violation objects. |
|
POST |
As a user who can take action on violations, grant an exception to the violating access. |
|
POST |
As a user who can take action on violations, edit the list of active actors on the violation tasks. |
|
POST |
Query the violation objects using a targeted search filter. |
|
POST |
Query the signed-in user’s violation object using a targeted search filter. |
|
GET |
Query the contents of a single violation object. |
|
PUT |
Updates a given violation with the given body. |
|
DELETE |
Deletes a violation with a given ID. |
|
POST |
Once a phase (or phases) have chosen to allow a violation, close and complete the
violation with an outcome of |
|
POST |
As an actor on a violation, add a comment to a violation object. |
|
POST |
Once a phase (or phases) have chosen to remediate a violation, complete the violation
with an outcome of |
|
POST |
For violations with an outcome of |
|
POST |
Add a phase to a violation. A phase is a task that must be completed to move the violation forward,
which depends on the task configuration, such as expiration, assignee, notifications, and others.
For type= |
|
POST |
As an actor on a violation, allow the user to continue to violate the defined rule in perpetuity. |
|
POST |
As an actor on a violation, cancel an existing exception, reverting the violation back to |
|
POST |
Add a comment to a violation object. |
|
POST |
As an actor on a violation, grant an exception to the violating access. |
|
POST |
As an actor on a violation, edit the actors and permissions on a violation task. |
|
POST |
As an actor on a violation, choose to remediate the access, kicking off the remediation workflow assigned to the violation. |
|
POST |
As an actor on a manual provisioning task to handle the violation remediation, mark the action as completed. |
|
POST |
As an actor on a manual provisioning task to handle the violation remediation, mark the action as canceled (not completed). |
|
GET |
Get a list of supported violation remediation schemas. |
|
POST |
Create a new violation remediation schema. |
|
POST |
Search the remediation schema. |
|
GET |
Get the violation remediation schema by ID. |
|
PUT |
Update the existing violation remediation schema. |
|
DELETE |
Delete a violation remediation schema. |
|
POST |
Check the active violation objects for certain criteria, such as reminder notifications, expiration, creation status, and others. |