Access review
The following are Identity Governance API Access Review endpoints:
Admin Certification
- POST Cancel Certification(s)
-
Allows governance administrators to cancel certifications.
Endpoint
{{idmRoot}}/governance/adminCancelCert/{{certType}}Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type application/jsonBody
{ "ids": [ "{{certtocancelid}}" ] }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/adminCancelCert/{{certtype}}' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "ids": [ "{{certtocancelid}}" ] }' - POST Cancel Ad-hoc User Certification
-
Create an ad-hoc user certification campaign.
Endpoint
{{idmRoot}}/governance/certification/userHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type application/jsonBody
{ "certObjectType":"user", "name":"Quarterly Certification", "description":"Scheduled certification to run every three months", "frequency":"scheduled", "schedule":"47 0 0 1 1/3 ?", "targetFilter":{ "operator":"AND", "operand":[ { "operator":"EQUALS", "operand":{ "targetName":"roles", "targetValue":"managed/role/2005" } } ] }, "stages":[ { "name":"Stage 1", "entitlementFilter":{ "attributes":{ "roles":{ "selected":true } } }, "certifierName":"managed/role/2007", "certifierType":"authzRoles", "certifierKey":"", "deadline":"14 days", "escalationSchedule":[ ], "riskLevelFilter":[ ] } ], "onExpire":"stageOnly", "remediationProcess":"RemoveEntitlements" }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/scheduledCertification/{{certtype}}' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "certObjectType":"user", "name":"Quarterly Certification", "description":"Scheduled certification to run every three months", "frequency":"scheduled", "schedule":"47 0 0 1 1/3 ?", "targetFilter":{ "operator":"AND", "operand":[ { "operator":"EQUALS", "operand":{ "targetName":"roles", "targetValue":"managed/role/2005" } } ] }, "stages":[ { "name":"Stage 1", "entitlementFilter":{ "attributes":{ "roles":{ "selected":true } } }, "certifierName":"managed/role/2007", "certifierType":"authzRoles", "certifierKey":"", "deadline":"14 days", "escalationSchedule":[ ], "riskLevelFilter":[ ] } ], "onExpire":"stageOnly", "remediationProcess":"RemoveEntitlements" }' - POST Create Ad-hoc Object Certification
-
Create an ad-hoc object certification campaign.
Endpoint
{{idmRoot}}/governance/certification/objectHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type application/jsonBody
{ "certObjectType":"role", "name":"Object Certification", "description":"Example object cert", "frequency":"ad-hoc", "targetFilter":{ "operator":"AND", "operand":[ { "operator":"EQUALS", "operand":{ "targetName":"name", "targetValue":"Finance Lead" } } ] }, "stages":[ { "name":"Stage 1", "entitlementFilter":{ "attributes":{ "members":{ "selected":true }, "description":{ "selected":true }, "assignments":{ "selected":true } }, "certifyMetadata":true }, "certifierName":"aclark", "certifierType":"user", "certifierKey":"", "deadline":"2020-08-06T13:30:00-04:00", "escalationSchedule":[ ], "riskLevelFilter":[ ] } ], "defaultCertifierType":"authzRoles", "defaultCertifierName":"internal/role/governance-administrator", "onExpire":"stageOnly", "remediationProcess":"RemoveEntitlements" }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/certification/object' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "certObjectType":"role", "name":"Object Certification", "description":"Example object cert", "frequency":"ad-hoc", "targetFilter":{ "operator":"AND", "operand":[ { "operator":"EQUALS", "operand":{ "targetName":"name", "targetValue":"Finance Lead" } } ] }, "stages":[ { "name":"Stage 1", "entitlementFilter":{ "attributes":{ "members":{ "selected":true }, "description":{ "selected":true }, "assignments":{ "selected":true } }, "certifyMetadata":true }, "certifierName":"aclark", "certifierType":"user", "certifierKey":"", "deadline":"2020-08-06T13:30:00-04:00", "escalationSchedule":[ ], "riskLevelFilter":[ ] } ], "defaultCertifierType":"authzRoles", "defaultCertifierName":"internal/role/governance-administrator", "onExpire":"stageOnly", "remediationProcess":"RemoveEntitlements" }' - POST Create Scheduled Certification
-
Create a scheduled certification definition.
Endpoint
{{idmRoot}}/governance/scheduledCertification/{{certtype}}Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type application/jsonBody
{ "certObjectType":"user", "name":"Quarterly Certification", "description":"Scheduled certification to run every three months", "frequency":"scheduled", "schedule":"47 0 0 1 1/3 ?", "targetFilter":{ "operator":"AND", "operand":[ { "operator":"EQUALS", "operand":{ "targetName":"roles", "targetValue":"managed/role/2005" } } ] }, "stages":[ { "name":"Stage 1", "entitlementFilter":{ "attributes":{ "roles":{ "selected":true } } }, "certifierName":"managed/role/2007", "certifierType":"authzRoles", "certifierKey":"", "deadline":"14 days", "escalationSchedule":[ ], "riskLevelFilter":[ ] } ], "onExpire":"stageOnly", "remediationProcess":"RemoveEntitlements" }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/scheduledCertification/{{certtype}}' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "certObjectType":"user", "name":"Quarterly Certification", "description":"Scheduled certification to run every three months", "frequency":"scheduled", "schedule":"47 0 0 1 1/3 ?", "targetFilter":{ "operator":"AND", "operand":[ { "operator":"EQUALS", "operand":{ "targetName":"roles", "targetValue":"managed/role/2005" } } ] }, "stages":[ { "name":"Stage 1", "entitlementFilter":{ "attributes":{ "roles":{ "selected":true } } }, "certifierName":"managed/role/2007", "certifierType":"authzRoles", "certifierKey":"", "deadline":"14 days", "escalationSchedule":[ ], "riskLevelFilter":[ ] } ], "onExpire":"stageOnly", "remediationProcess":"RemoveEntitlements" }' - POST Create Triggered Certification
-
Create a triggered certification definition.
Endpoint
{{idmRoot}}/governance/triggeredCertification/user?_action=createHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type application/jsonParams
_action create
Body
{ "certObjectType":"user", "name":"Event Based Cert", "description":"Test", "frequency":"event-based", "expression":"{\"operator\":\"changed\",\"operand\":{\"field\":\"manager\",\"value\":\"\"}}", "targetFilter":{ "operator":"AND", "operand":[ { "operator":"EQUALS", "operand":{ "targetName":"roles", "targetValue":"" } } ] }, "stages":[ { "name":"Stage 1", "entitlementFilter":{ "attributes":{ "roles":{ "selected":true } } }, "certifierName":"", "certifierType":"manager", "certifierKey":"", "deadline":"14 days", "escalationSchedule":[ ], "riskLevelFilter":[ ] } ], "onExpire":"stageOnly", "remediationProcess":"RemoveEntitlements" }'Example Request
curl --location -g --request POST '{{idmRoot}}/governance/triggeredCertification/user?_action=create' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "certObjectType":"user", "name":"Event Based Cert", "description":"Test", "frequency":"event-based", "expression":"{\"operator\":\"changed\",\"operand\":{\"field\":\"manager\",\"value\":\"\"}}", "targetFilter":{ "operator":"AND", "operand":[ { "operator":"EQUALS", "operand":{ "targetName":"roles", "targetValue":"" } } ] }, "stages":[ { "name":"Stage 1", "entitlementFilter":{ "attributes":{ "roles":{ "selected":true } } }, "certifierName":"", "certifierType":"manager", "certifierKey":"", "deadline":"14 days", "escalationSchedule":[ ], "riskLevelFilter":[ ] } ], "onExpire":"stageOnly", "remediationProcess":"RemoveEntitlements" }' - POST Delete Scheduled Certification
-
Delete scheduled certification definitions.
Endpoint
{{idmRoot}}/governance/scheduledCertification/{{certtype}}?_action=deleteHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type application/jsonParams
_action delete
Body
{ "ids": [ "26c64da2-a702-4cea-a79e-9879477049d4" ] }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/scheduledCertification/{{certtype}}?_action=delete' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "ids": [ "26c64da2-a702-4cea-a79e-9879477049d4" ] }' - POST Delete Triggered Certification
-
Delete triggered certification definitions.
Endpoint
{{idmRoot}}/governance/triggeredCertification/{{certtype}}?_action=deleteHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type application/jsonParams
_action delete
Body
{ "ids": [ "26c64da2-a702-4cea-a79e-9879477049d4" ] }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/triggeredCertification/{{certtype}}?_action=delete' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "ids": [ "26c64da2-a702-4cea-a79e-9879477049d4" ] }' - POST Edit Scheduled Certification
-
Update a scheduled certification definition.
Endpoint
{{idmRoot}}/governance/scheduledCertification/{{certtype}}/26c64da2-a702-4cea-a79e-9879477049d4?_action=updateHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type application/jsonParams
_action update
Body
{ "certObjectType":"user", "name":"Quarterly Certification", "description":"Scheduled certification to run every three months", "frequency":"scheduled", "schedule":"47 0 0 1 1/3 ?", "targetFilter":{ "operator":"AND", "operand":[ { "operator":"EQUALS", "operand":{ "targetName":"roles", "targetValue":"managed/role/2005" } } ] }, "stages":[ { "name":"Stage 1", "entitlementFilter":{ "attributes":{ "roles":{ "selected":true } } }, "certifierName":"managed/role/2007", "certifierType":"authzRoles", "certifierKey":"", "deadline":"14 days", "escalationSchedule":[ ], "riskLevelFilter":[ ] } ], "onExpire":"stageOnly", "remediationProcess":"RemoveEntitlements" }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/scheduledCertification/{{certtype}}/26c64da2-a702-4cea-a79e-9879477049d4?_action=update' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "certObjectType":"user", "name":"Quarterly Certification", "description":"Scheduled certification to run every three months", "frequency":"scheduled", "schedule":"47 0 0 1 1/3 ?", "targetFilter":{ "operator":"AND", "operand":[ { "operator":"EQUALS", "operand":{ "targetName":"roles", "targetValue":"managed/role/2005" } } ] }, "stages":[ { "name":"Stage 1", "entitlementFilter":{ "attributes":{ "roles":{ "selected":true } } }, "certifierName":"managed/role/2007", "certifierType":"authzRoles", "certifierKey":"", "deadline":"14 days", "escalationSchedule":[ ], "riskLevelFilter":[ ] } ], "onExpire":"stageOnly", "remediationProcess":"RemoveEntitlements" }' - POST Edit Triggered Certification
-
Update a triggered certification definition.
Endpoint
{{idmRoot}}/governance/triggeredCertification/{{certtype}}/{{triggeredusercertificationid}}?_action=updateHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type application/jsonParams
_action update
Body
{ "certObjectType":"user", "name":"Event Based Certification", "description":"Test", "frequency":"event-based", "expression":"{\"operator\":\"changed\",\"operand\":{\"field\":\"manager\",\"value\":\"\"}}", "targetFilter":{ "operator":"AND", "operand":[ { "operator":"EQUALS", "operand":{ "targetName":"roles", "targetValue":"" } } ] }, "stages":[ { "name":"Stage 1", "entitlementFilter":{ "attributes":{ "roles":{ "selected":true } } }, "certifierName":"", "certifierType":"manager", "certifierKey":"", "deadline":"14 days", "escalationSchedule":[ ], "riskLevelFilter":[ ] } ], "onExpire":"stageOnly", "remediationProcess":"RemoveEntitlements" }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/triggeredCertification/{{certtype}}/{{triggeredusercertificationid}}?_action=update' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "certObjectType":"user", "name":"Event Based Certification", "description":"Test", "frequency":"event-based", "expression":"{\"operator\":\"changed\",\"operand\":{\"field\":\"manager\",\"value\":\"\"}}", "targetFilter":{ "operator":"AND", "operand":[ { "operator":"EQUALS", "operand":{ "targetName":"roles", "targetValue":"" } } ] }, "stages":[ { "name":"Stage 1", "entitlementFilter":{ "attributes":{ "roles":{ "selected":true } } }, "certifierName":"", "certifierType":"manager", "certifierKey":"", "deadline":"14 days", "escalationSchedule":[ ], "riskLevelFilter":[ ] } ], "onExpire":"stageOnly", "remediationProcess":"RemoveEntitlements" }' - GET Admin Event Details
-
Allows governance administrators to get event details.
Endpoint
{{idmRoot}}/governance/adminCertEventDetails/{{certtype}}/{{usercertificationid}}/{{stageIndex}}/{{eventIndex}}Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Example Request
curl --location -g --request GET '{{idmRoot}}/governance/adminCertEventDetails/ {{certtype}}/ {{usercertificationid}}/{{stageIndex}}/{{eventIndex}}' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - GET Get Scheduled Certification
-
Read a scheduled certification definition.
Endpoint
{{idmRoot}}/governance/scheduledCertification/{{certtype}}/26c64da2-a702-4cea-a79e-9879477049d4Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonExample Request
curl --location -g --request GET '{{idmRoot}}/governance/scheduledCertification/{{certtype}}/26c64da2-a702-4cea-a79e-9879477049d4' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' - GET Get Certification
-
Get a specific certification.
Endpoint
{{idmRoot}}/governance/adminCertification/ {{certtype}}/ {{usercertificationid}}?status={{certStatus}}&pageNumber=0&pageSize={{pageSize}}&sortBy&q={{query}}Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Params
status Cert status ('active' or 'clased') pageNumber 0 (Pagination control) pageSize Page size (Size per page) sortBy (Property to sort by) q Query (Query for name)Example Request
curl --location -g --request GET '{{idmRoot}}/governance/adminCertification/ {{certtype}}/ {{usercertificationid}}?status={{certStatus}}&pageNumber=0&pageSize={{pageSize}}&sortBy=&q={{query}}' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - GET Get Admin Certification List
-
Get the certification list.
Endpoint
{{idmRoot}}/governance/adminCertList/ {{certtype}}/ {{usercertificationid}}?pageSize={{pageSize}}&pageNumber=0Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Params
pageSize Page size (Size per page) pageNumber 0 (Pagination control) sortBy (Property to sort by) q Query (Query for name) selected 0 (Selected stage)
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/adminCertList/ {{certtype}}/ {{usercertificationid}}?pageSize={{pageSize}}&pageNumber=0' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - GET Get Tasks For Specific User
-
Returns a list of tasks of the requested type that are assigned to the logged in user either directly or through a role.
Endpoint
{{idmRoot}}/governance/dashboard/{{userId}}?status=active&type=userHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Params
status active (active or closed) type user (Type of task: user, object, violation) pageNumber 0 (Pagination control) pageSize Page size (Size per page) sortBy (Property to sort by) q Query (Query for name)
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/dashboard/{{userId}}?status=active&type=user' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - GET Get Triggered Certification
-
Read a triggered certification definition.
Endpoint
{{idmRoot}}/governance/triggeredCertification/{{certtype}}/{{triggeredusercertificationid}}Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonExample Request
curl --location -g --request GET '{{idmRoot}}/governance/triggeredCertification/{{certtype}}/{{triggeredusercertificationid}}' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' - GET Query Certifications
-
Query certification definitions.
Endpoint
{{idmRoot}}/governance/adminCertification/ {{certtype}}?status=active&pageNumber=0&pageSize=10&sortBy=nextDeadlineHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Params
status active (active or closed) pageNumber 0 (Pagination control) pageSize 10 (Size per page) sortBy nextDeadline q**
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/adminCertification/ {{certtype}}?status=active&pageNumber=0&pageSize=10&sortBy=nextDeadline' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - GET Query Scheduled Certifications
-
Query scheduled certification definitions.
Endpoint
{{idmRoot}}/governance/scheduledCertification/{{certtype}}Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
q Filter sortBy Sort by field
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/scheduledCertification/{{certtype}}' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' - GET Query Triggered Certifications
-
Query triggered certification definitions.
Endpoint
{{idmRoot}}/governance/triggeredCertification/ {{certtype}}?pageSize=10&sortBy=name&status=triggered&pageNumber=0Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
pageSize 10 (Size per page) sortBy name (Sort by field) status triggered pageNumber 0
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/triggeredCertification/ {{certtype}}?pageSize=10&sortBy=name&status=triggered&pageNumber=0' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' - POST Reassign Events
-
Bulk reassign events. Include eventIds in body to reassign specific events, else include campaignIds in body to reassign all events for the old certifier ID in the given campaigns. If neither eventIds nor campaignIds is present, will reassign ALL tasks for oldCertifierId to newCertifierId.
Endpoint
{{idmRoot}}/governance/certify/{{certtype}}/reassignHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
queryFilter Target a specific subset of events within the stage
Body raw
{ "newCertifierId": "", "oldCertifierId": "", "campaignIds": [ ], "eventIds": [ ] }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/certify/{{certtype}}/reassign' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "newCertifierId": "", "oldCertifierId": "", "campaignIds": [ ], "eventIds": [ ] }' - POST Remediate Certification
-
Call the basic remediation script on a certification event object. Content of request can be dependent on customizations to remediation script, however the example workflow will pass the entire event object to this endpoint. The OOTB script only requires the properties found in this example.
Endpoint
{{idmRoot}}/governance/remediationHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
field allowBulkCertify (Single setting ID to return)
Body raw
{ "remediationType": "revokeCertification", "stageIndex": 0, "stages": [ { "eventData": { "metadata": [], "application": [], "managedObject": [ { "riskLevel": 0, "comments": null, "attributeValue": "AB123", "values": [], "attributeName": "Job Code", "certifiable": 1, "outcome": "revoke", "objectType": "jobCode" } ] }, "longTargetId": "managed/user/138" } ] }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/remediation' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "remediationType": "revokeCertification", "stageIndex": 0, "stages": [ { "eventData": { "metadata": [], "application": [], "managedObject": [ { "riskLevel": 0, "comments": null, "attributeValue": "AB123", "values": [], "attributeName": "Job Code", "certifiable": 1, "outcome": "revoke", "objectType": "jobCode" } ] }, "longTargetId": "managed/user/138" } ] }' - POST Remediate Violation
-
Call the basic remediation script on a violation object. Content of request can be dependent on customizations to remediation script, however the example workflow will pass the entire violation object to this endpoint. The OOTB script only requires the targetId and the policy expression violated.
Endpoint
{{idmRoot}}/governance/remediationHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
field allowBulkCertify (Single setting ID to return)
Body raw
{ "targetId": "managed/user/1024", "expression": "{'\''operator'\'':'\''EQUALS'\'','\''operand'\'':{'\''targetName'\'':'\''jobCode'\'','\''targetValue'\'':'\''AB123'\''}}", "remediationType": "revokeViolation" }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/remediation' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "targetId": "managed/user/1024", "expression": "{'\''operator'\'':'\''EQUALS'\'','\''operand'\'':{'\''targetName'\'':'\''jobCode'\'','\''targetValue'\'':'\''AB123'\''}}", "remediationType": "revokeViolation" }'
Admin Policy
- POST Cancel Exception
-
Cancel an existing violation exception. Admin action.
Endpoint
{{idmRoot}}/governance/violation/{{violationId}}?_action=cancelexceptionHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
_action cancelexception
Body raw
{}Example Request
curl --location -g --request POST '{{idmRoot}}/governance/violation/{{violationId}}?_action=cancelexception' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ }' - POST Cancel Exception(s)
-
Bulk cancel violations.
Endpoint
{{idmRoot}}/governance/violation?_action=cancelexceptionHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
sortBy Sort key q Query value pageSize Page size(Results per page) pageNumber 0 (Page number of results) _action** cancelexception
Body raw
{ "ids": [ "{{exceptionToCancelId}}" ] }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/violation?_action=cancelexception' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "ids": [ "{{exceptionToCancelId}}" ] }' - POST Cancel Violation
-
Cancel a violation.
Endpoint
{{idmRoot}}/governance/violation/{{violationId}}?_action=cancelHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
_action cancel
Body raw
{}Example Request
curl --location -g --request POST '{{idmRoot}}/governance/violation/{{violationId}}?_action=cancel' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ }' - POST Cancel Violation(s)
-
Bulk cancel violations.
Endpoint
{{idmRoot}}/governance/violation?_action=cancelHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
sortBy Sort key q Query value pageSize Page size (Results per page) pageNumber 0 (Page number of results) _action** cancel
Body raw
{ "ids": [ "{{violationToCancelId}}" ] }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/violation?_action=cancel' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "ids": [ "{{violationToCancelId}}" ] }' - POST Comment on Violation
-
Comment on a violation. Owner action.
Endpoint
{{idmRoot}}/governance/violation/{{violationId}}?_action=commentHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
_action comment
Body raw
{ "comments": "Comments to add" }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/violation/{{violationId}}?_action=comment' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "comments": "Comments to add" }' - POST Configure a Reactive Scan
-
Configure the information for reactive policy scans.
Endpoint
{{idmRoot}}/governance/policyScan?_action=configureHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
_action configure
Body raw
{ "expirationDate":"15 days", "escalationSchedule":[] }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/policyScan?_action=configure' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "expirationDate":"15 days", "escalationSchedule":[] }' - POST Create Ad-hoc Policy Scan
-
Creates and runs an ad-hoc policy scan.
Endpoint
{{idmRoot}}/governance/policyScan?_action=adhocHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
_action adhoc
Body raw
{ "name":"Adhoc Scan", "scanType":"ad-hoc", "schedule":"", "targetFilter":{ "operator":"ALL", "operand":[ ] }, "policies":[ "managed/policy/9b929e44-e120-4988-95b3-6306b4fa0533" ], "expirationDate":"07/31/2020", "escalationSchedule":[ ] }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/policyScan?_action=adhoc' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "name":"Adhoc Scan", "scanType":"ad-hoc", "schedule":"", "targetFilter":{ "operator":"ALL", "operand":[ ] }, "policies":[ "managed/policy/9b929e44-e120-4988-95b3-6306b4fa0533" ], "expirationDate":"07/31/2020", "escalationSchedule":[ ] }' - POST Create Scheduled Policy Scan
-
Creates a scheduled policy scan.
Endpoint
{{idmRoot}}/governance/policyScan?_action=scheduledHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
_action scheduled
Body raw
{ "name":"Scheduled scan monthly", "scanType":"scheduled", "schedule":"28 2 0 1 1/1 ?", "targetFilter":{ "operator":"ALL", "operand":[ ] }, "policies":[ "managed/policy/9b929e44-e120-4988-95b3-6306b4fa0533" ], "expirationDuration":"7 days", "escalationSchedule":[ ] }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/policyScan?_action=scheduled' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "name":"Scheduled scan monthly", "scanType":"scheduled", "schedule":"28 2 0 1 1/1 ?", "targetFilter":{ "operator":"ALL", "operand":[ ] }, "policies":[ "managed/policy/9b929e44-e120-4988-95b3-6306b4fa0533" ], "expirationDuration":"7 days", "escalationSchedule":[ ] }' - POST Create Policy
-
Creates a new policy.
Endpoint
{{idmRoot}}/governance/adminPolicy?action=createHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
action create
Body raw
{ "name":"Policy Name", "description":"Example policy", "expression":"{\"operator\":\"EQUALS\",\"operand\":{\"targetName\":\"roles\",\"targetValue\":\"managed/role/2003\"}}", "riskLevel":"1", "ownerType":"user", "owner":{ "_ref":"managed/user/357" }, "remediationProcess":"{{violationRemediationWorkflow}}", "active":"true" }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/adminPolicy?action=create' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "name":"Policy Name", "description":"Example policy", "expression":"{\"operator\":\"EQUALS\",\"operand\":{\"targetName\":\"roles\",\"targetValue\":\"managed/role/2003\"}}", "riskLevel":"1", "ownerType":"user", "owner":{ "_ref":"managed/user/357" }, "remediationProcess":"{{violationRemediationWorkflow}}", "active":"true" }' - POST Delete Policies
-
Delete policies from the system.
Endpoint
{{idmRoot}}/governance/adminPolicy?action=deleteHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
action delete
Body raw
{ "ids": [ "{{policyToDeleteId}}" ] }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/adminPolicy/policies?action=delete' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "ids": [ "{{policyToDeleteId}}" ] }' - POST Delete Policy Scans
-
Delete scheduled policy scans from the system.
Endpoint
{{idmRoot}}/governance/adminPolicy/policies?action=deleteHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
action delete
Body raw
{ "ids": [ "{{scanToCancelId}}" ] }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/adminPolicy/policies?action=delete' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "ids": [ "{{scanToCancelId}}" ] }' - POST Delete Scheduled Policy Scans
-
Delete policy scan definitions.
Endpoint
{{idmRoot}}/governance/adminPolicy/policies?action=deleteHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
action delete
Body raw
{ "ids": [ "{{scheduledScanId}}" ] }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/policyScan?_action=delete' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "ids": [ "{{scheduledScanId}}" ] }' - POST Edit Policy
-
Edit an existing policy.
Endpoint
{{idmRoot}}/governance/adminPolicy/{{policyId}}?action=updateHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
action update
Body raw
{ "name":"Policy Create Test", "description":"Testing a created policy update", "expression":"{\"operator\":\"EQUALS\",\"operand\":{\"targetName\":\"roles\",\"targetValue\":\"managed/role/2003\"}}", "riskLevel":"1", "ownerType":"user", "owner":{ "_ref":"managed/user/357" }, "remediationProcess":"RevokeResources", "active":"true" }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/adminPolicy/{{policyId}}?action=update' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "name":"Policy Create Test", "description":"Testing a created policy update", "expression":"{\"operator\":\"EQUALS\",\"operand\":{\"targetName\":\"roles\",\"targetValue\":\"managed/role/2003\"}}", "riskLevel":"1", "ownerType":"user", "owner":{ "_ref":"managed/user/357" }, "remediationProcess":"RevokeResources", "active":"true" }' - PUT Edit Scheduled Policy Scan
-
Edit a scheduled policy scan definition.
Endpoint
{{idmRoot}}/governance/policyScan/{{scheduledScanId}}Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonBody raw
{ "name":"Scheduled scan monthly", "scanType":"scheduled", "schedule":"28 2 0 1 1/1 ?", "targetFilter":{ "operator":"ALL", "operand":[ ] }, "policies":[ "managed/policy/9b929e44-e120-4988-95b3-6306b4fa0533" ], "expirationDuration":"7 days", "escalationSchedule":[ ] }'Example Request
curl --location -g --request PUT '{{idmRoot}}/governance/policyScan/{{scheduledScanId}}' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "name":"Scheduled scan monthly", "scanType":"scheduled", "schedule":"28 2 0 1 1/1 ?", "targetFilter":{ "operator":"ALL", "operand":[ ] }, "policies":[ "managed/policy/9b929e44-e120-4988-95b3-6306b4fa0533" ], "expirationDuration":"7 days", "escalationSchedule":[ ] }' - GET get Active Policy Scans
-
Query active policy scans.
Endpoint
{{idmRoot}}/governance/activePolicyScan}Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Example Request
curl --location -g --request GET '{{idmRoot}}/governance/activePolicyScan' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - GET Get Individual Policy Scan
-
Query an individual policy scan.
Endpoint
{{idmRoot}}/governance/activePolicyScan}Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Example Request
curl --location -g --request GET '{{idmRoot}}/governance/activePolicyScan/{{activePolicyScanId}}' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - GET Get Reactive Scan Configuration
-
Read reactive scan configuration.
Endpoint
{{idmRoot}}/governance/policyScan/reactiveHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonExample Request
curl --location -g --request GET '{{idmRoot}}/governance/policyScan/reactive' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' - GET Get Violation
-
Read a specific violation, as governance administrator.
Endpoint
{{idmRoot}}/governance/violation/{{violationId}}Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Example Request
curl --location -g --request GET '{{idmRoot}}/governance/violation/{{violationId}}' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - GET Grant Exception to Violation
-
Grant an exception for the violation. Owner action.
Endpoint
{{idmRoot}}/governance/violation/{{violationId}}?_action=approveHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonBody raw
{ "comments": "Exception justification", "exceptionEndDate": "2020-06-09T10:28:46-04:00" }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/violation/{{violationId}}?_action=approve' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "comments": "Exception justification", "exceptionEndDate": "2020-06-09T10:28:46-04:00" }' - GET Query Policies
-
Query existing policies as a governance administrator.
Endpoint
{{idmRoot}}/governance/adminPolicy/policies?pageSize={{pageSize}}&pageNumber=0Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Params
pageSize Page size (Number of results per page) pageNumber 0 (current results page) sortBy Sort key q Query value
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/adminPolicy/policies?pageSize={{pageSize}}&pageNumber=0' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ - GET Query Policy Scans
-
Query policy scans.
Endpoint
{{idmRoot}}/governance/policyScan?q&pageSize=10&pageNumber=0Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
q Query value pageSize Page size (Number of results per page) pageNumber 0 (current results page) sortBy Field to sort by
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/policyScan?q=&pageSize=10&pageNumber=0' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' - GET Query Violations
-
Query violations as a governance administrator.
Endpoint
{{idmRoot}}/governance/violation/admin?status=activeHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Params
status active (Violation status: active/closed/exception) target Violation target user owner Violation owner sortBy Sort key q Query value pageSize Page size (Number of results per page) pageNumber 0 (current results page) fields Fields to return
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/violation/admin?status=active' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - GET Read Scheduled Policy Scan
-
Read a scheduled policy scan definition.
Endpoint
{{idmRoot}}/governance/policyScan/{{scheduledScanId}}Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonExample Request
curl --location -g --request GET '{{idmRoot}}/governance/policyScan/{{scheduledScanId}}' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' - GET Reassign Violation(s)
-
Bulk reassign violations. Must include a new owner id to reassign to. To reassign select violations, include an array of IDs corresponding to the intended violations. To reassign all of a given user’s violations, include an oldOwnerId in lieu of the IDs array.
Endpoint
{{idmRoot}}/governance/violation?_action=reassignHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
sortBy Sort key q Query value pageSize Page size (Number of results per page) pageNumber 0 (current results page) _action reassign
Body raw
{ "newOwnerId": "{{newOwnerId}}", "ids": [ "{{violationToReassignId}}" ] }'Example Request
curl --location -g --request POST '{{idmRoot}}/governance/violation?_action=reassign' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "newOwnerId": "{{newOwnerId}}", "ids": [ "{{violationToReassignId}}" ] }' - POST Remediate Violation
-
Kick off the remediation process for the violation. Owner action.
Endpoint
{{idmRoot}}/governance/violation/{{violationId}}?_action=remediateHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
_action remediate
Body raw
{}Example Request
curl --location -g --request POST '{{idmRoot}}/governance/violation/{{violationId}}?_action=remediate' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ }' - POST Run Reactive Scan
-
Runs a reactive scan for all policies against a given user.
Endpoint
{{idmRoot}}/governance/policyScan?_action=reactiveHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
_action reactive
Body raw
{ "userId": "{{userId}}" }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/policyScan?_action=reactive' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "userId": "{{userId}}" }'
Admin Dashboard
- GET Get Admin Dashboard Metrics
-
Get the admin dashboard statistics.
Endpoint
{{idmRoot}}/governance/adminDashboardHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Example Request
curl --location -g --request GET '{{idmRoot}}/governance/adminDashboard' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - GET Get Individual Admin Dashboard Metric
-
Query for a single admin dashboard statistic, using the stat ID.
Endpoint
{{idmRoot}}/governance/adminDashboard/{{statId}}Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Example Request
curl --location -g --request GET '{{idmRoot}}/governance/adminDashboard/{{statId}}' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - GET Query Entitlements with History
-
Returns a list of the available entitlements that are stored within the certification history repo object. Used by the admin dashboard to allow the user to query for a specific entitlement’s history.
Endpoint
{{idmRoot}}/governance/adminDashboard?action=getStoredEntitlements&q=Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonParams
field allowBulkCertify (Single setting ID to return)
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/adminDashboard?action=getStoredEntitlements&q=' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - GET Query Policy Violation Results
-
Returns the results of all policy violations, organized by policy. Can provide an optional policy id (e.g. managed/policy/{{ID}}) to get information for a specific policy.
Endpoint
{{idmRoot}}/governance/adminDashboard?action=getPolicyTotalsHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Params
action getPolicyTotals (Dashboard action) id managed/policy/99b41c9e-de1b-447e-92b8-cc2546a8b40 (Policy to search for, in long id format, option)
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/adminDashboard?action=getPolicyTotals' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - GET Get User Certification Profile
-
Get certification profile for a given user.
Endpoint
{{idmRoot}}/governance/userEventData/user/{{userId}}?system=IDMHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}}Params
system IDM
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/userEventData/user/{{userId}}?system=IDM' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' - GET Get Entitlement Certification History
-
Get certification history for a single entitlement.
Endpoint
{{idmRoot}}/governance/userEventData/object?targetId={{entitlementId}}Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}}Params
targetId entitlementId (Entitlement to get certification history for) history true (Return individual certification history of item)
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/userEventData/object?targetId={{entitlementId}}' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}'
Admin Settings
- PUT Edit Notification
-
Update a specific governance notification.
Endpoint
{{idmRoot}}/governance/notification/{{notificationId}}Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type: application/jsonBody raw
{ "_id":"CERTIFICATION_CREATED_ADHOC", "displayName":"Certification Creation Adhoc", "from":"governanceNotifier@ForgeRock.com", "to":"${x.toEmailAddress}", "cc":"", "subject":"ATTENTION: Certification Task Assigned", "type":"text/html", "body":"<html><body>A certification task for $x.certificationName was assigned to you from an ad hoc certification campaign.<br><br>Please log into <a href=\\\"http://$x.hostName/governance/\\\">FRGovernance</a> as soon as you are able to review and complete the certification Task.</body></html>", "enabled":true }Example Request
curl --location -g --request PUT '{{idmRoot}}/governance/notification/{{notificationId}}' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "_id":"CERTIFICATION_CREATED_ADHOC", "displayName":"Certification Creation Adhoc", "from":"governanceNotifier@ForgeRock.com", "to":"${x.toEmailAddress}", "cc":"", "subject":"ATTENTION: Certification Task Assigned", "type":"text/html", "body":"<html><body>A certification task for $x.certificationName was assigned to you from an ad hoc certification campaign.<br><br>Please log into <a href=\\\"http://$x.hostName/governance/\\\">FRGovernance</a> as soon as you are able to review and complete the certification Task.</body></html>", "enabled":true }' - GET Get Access Review System Settings
-
Get access review settings.
Endpoint
{{idmRoot}}/governance/systemSettingsHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Params
**field allowBulkCertify (Single setting ID to return)
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/systemSettings' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - GET Query Access Review Notifications
-
Query for governance notifications.
Endpoint
{{idmRoot}}/governance/notification?_queryId=query-all-idsHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Params
_queryId query-all-ids **type role (Single managed object to fetch)
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/notification?_queryId=query-all-ids' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - GET Read Notification
-
Read a specific governance notification.
Endpoint
{{idmRoot}}/governance/notification/{{notificationId}}Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Params
**type role (Single managed object to fetch)
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/notification/{{notificationId}}' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - POST Update Access Review System Settings
-
Update the governance settings.
Endpoint
{{idmRoot}}/governance/systemSettingsHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type application/jsonParams
**field allowBulkCertify (Single setting ID to return)
Body raw
{ "_id": "", "systemSettings": [ { "section": "General", "fields": [ { "id": "allowBulkCertify", "type": "boolean", "value": false } ] }, { "section": "Display", "fields": [ { "id": "userDisplayFormat", "type": "string", "value": "{{givenName}} {{sn}} ({{userName}})" } ] }, { "section": "Delegation", "fields": [ { "id": "delegationEnabled", "type": "boolean", "value": false }, { "id": "userDelegate", "type": "dropdown", "value": "manager" } ] }, { "section": "Risk Level Management", "fields": [ { "id": "riskLevel", "type": "dblSlider", "value": { "lower": 5, "higher": 6 } } ] }, { "section": "Custom attribute mapping", "fields": [ { "id": "userAttrMappings", "type": "dropdown", "attributes": [ { "id": "givenName", "value": "givenName" }, { "id": "sn", "value": "sn" }, { "id": "mail", "value": "mail" } ] } ] }, { "section": "Menu Management", "fields": [ { "id": "menuManagement", "type": "string", "value": [] } ] } ] }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/systemSettings' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "_id": "", "systemSettings": [ { "section": "General", "fields": [ { "id": "allowBulkCertify", "type": "boolean", "value": false } ] }, { "section": "Display", "fields": [ { "id": "userDisplayFormat", "type": "string", "value": "{{givenName}} {{sn}} ({{userName}})" } ] }, { "section": "Delegation", "fields": [ { "id": "delegationEnabled", "type": "boolean", "value": false }, { "id": "userDelegate", "type": "dropdown", "value": "manager" } ] }, { "section": "Risk Level Management", "fields": [ { "id": "riskLevel", "type": "dblSlider", "value": { "lower": 5, "higher": 6 } } ] }, { "section": "Custom attribute mapping", "fields": [ { "id": "userAttrMappings", "type": "dropdown", "attributes": [ { "id": "givenName", "value": "givenName" }, { "id": "sn", "value": "sn" }, { "id": "mail", "value": "mail" } ] } ] }, { "section": "Menu Management", "fields": [ { "id": "menuManagement", "type": "string", "value": [] } ] } ] }'
Certifier
- POST Event Action - Certify
-
Certify an entire event.
Endpoint
{{idmRoot}}/governance/certify/ {{certtype}}/ {{usercertificationid}}/{{stageIndex}}/{{eventIndex}}?action=certify&actingId={{certifierId}}Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type: application/jsonParams
_action certify (Action to take: certify, revoke, abstain, certify-remaining, reset, comment, claim, reassign) actingId {{certifierId}} (ID of acting certifier (user or role) queryFilter Target a specific subset of events within the stageBody raw
{}Example Request
curl --location -g --request POST '{{idmRoot}}/governance/certify/ {{certtype}}/ {{usercertificationid}}/{{stageIndex}}/{{eventIndex}}?action=certify&actingId={{certifierId}}' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{}' - GET Get Certification List
-
Get the certifier view of the events in a campaign.
Endpoint
{{idmRoot}}/governance/certificationList/ {{certtype}}/ {{usercertificationid}}?pageSize={{pageSize}}&pageNumber=0Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}}Params
pageSize Page size pageNumber 0 sortBy q selected 0 (selected stage)
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/certificationList/ {{certtype}}/ {{usercertificationid}}?pageSize={{pageSize}}&pageNumber=0' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' - GET Get Certifier Event Details
-
Get the certifier view of an event.
Endpoint
{{idmRoot}}/governance/certificationEventDetails/ {{certtype}}/ {{usercertificationid}}/{{stageIndex}}/{{eventIndex}}Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}}Example Request
curl --location -g --request GET '{{idmRoot}}/governance/certificationEventDetails/ {{certtype}}/ {{usercertificationid}}/{{stageIndex}}/{{eventIndex}}' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' - GET Get User Tasks
-
Returns a list of tasks of the requested type that are assigned to the logged in user either directly or through a role.
Endpoint
{{idmRoot}}/governance/dashboard?status=active&type=userHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}}Params
status active (Active or closed) type user (Type of task: user, object, violation) pageNumber 0 (Page number) pageSize Page size (Number of results per page) sortBy Property to sorty by q String to sort by
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/dashboard?status=active&type=user' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' - POST Stage Action - Certify Remaining
-
Certify remaining events in a stage.
Endpoint
{{idmRoot}}/governance/certify/ {{certtype}}/ {{usercertificationid}}/{{stageIndex}}?action=certify-remaining&actingId={{certifierId}}Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
action certify-remaining (action to take: certify-remaining, reset, sign-off) actingId {{certifierId}} (ID of acting certifier: user or role) queryFilter Target a specific subset of events within the stageBody raw
{}Example Request
curl --location -g --request POST '{{idmRoot}}/governance/certify/ {{certtype}}/ {{usercertificationid}}/{{stageIndex}}?action=certify-remaining&actingId={{certifierId}}' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{}' - POST Stage Action - Reset
-
Reset events in a stage.
Endpoint
{{idmRoot}}/governance/certify/ {{certtype}}/ {{usercertificationid}}/{{stageIndex}}?action=reset&actingId={{certifierId}}Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
action reset (action to take: certify-remaining, reset, sign-off) actingId {{certifierId}} (ID of acting certifier: user or role) queryFilter Target a specific subset of events within the stageBody raw
{}Example Request
curl --location -g --request POST '{{idmRoot}}/governance/certify/ {{certtype}}/ {{usercertificationid}}/{{stageIndex}}?action=reset&actingId={{certifierId}}' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{}' - POST Stage Action - Sign-off
-
Sign-off completed events in a stage.
Endpoint
{{idmRoot}}/governance/certify/ {{certtype}}/ {{usercertificationid}}/{{stageIndex}}?action=sign-off&actingId={{certifierId}}Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
action sign-off (action to take: certify-remaining, reset, sign-off) actingId {{certifierId}} (ID of acting certifier: user or role) queryFilter Target a specific subset of events within the stageBody raw
{}Example Request
curl --location -g --request POST '{{idmRoot}}/governance/certify/ {{certtype}}/ {{usercertificationid}}/{{stageIndex}}?action=sign-off&actingId={{certifierId}}' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{}' - GET Get User Violation Tasks
-
Get the violations that belong to the logged in user.
Endpoint
{{idmRoot}}/governance/violation?status=activeHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}}Params
status active (Violation status: active, closed, exception) sortBy Sort key q Query value pageSize Page size (Results per page) pageNumber 0 (page number of results)
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/violation?status=active' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}'
Utility
- GET Get Candidates For Object Attribute
-
Get possible values for the given attribute on the given managed object type.
Endpoint
{{idmRoot}}/governance/getRelationshipObjects?managedObject=user&attribute=authzRolesHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type application/jsonParams
managedObject user attribute authzRoles pageNumber 0 (page number of results) pageSize Page size (Results per page) sortKey ascOrder
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/getRelationshipObjects?managedObject=user&attribute=authzRoles' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' - POST Get Candidates For Object Attribute With Filter
-
Get possible values for the given attribute on the given managed object type, filtered by provided query.
Endpoint
{{idmRoot}}/governance/getRelationshipObjects?managedObject=user&attribute=authzRolesHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type application/jsonParams
managedObject user attribute authzRoles pageNumber 0 (page number of results) pageSize Page size (Results per page) sortKey ascOrder
Body raw
{ "query": [ { "attribute": "name", "operator": "co", "path": "managed/role", "value": "Admin" } ] }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/getRelationshipObjects?managedObject=user&attribute=authzRoles' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "query": [ { "attribute": "name", "operator": "co", "path": "managed/role", "value": "Admin" } ] }' - GET Get Managed Object and System Information
-
Get the schema and configuration for managed objects and configured systems.
Endpoint
{{idmRoot}}/governance/managedObjectConfigHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}}Params
type role (Single managed object to fetch)
Example Request
curl --location -g --request GET '{{idmRoot}}/governance/managedObjectConfig' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' - POST Parse Target Filter
-
Run expression parser on given managed object type.
Endpoint
{{idmRoot}}/governance/expressionParser/user?_action=parseHeaders
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type application/jsonParams
_action parse
Body raw
{ "operator":"EQUALS", "operand": { "targetName":"accountStatus", "targetValue":"active" } }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/expressionParser/user?_action=parse' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "operator":"EQUALS", "operand": { "targetName":"accountStatus", "targetValue":"active" } }' - POST Send Access Review Notification
-
Get possible values for the given attribute on the given managed object type, filtered by provided query.
Endpoint
{{idmRoot}}/governance/sendNotification/{{notificationId}}Headers
X-OpenIDM-Username {{governanceAdminUsername}} X-OpenIDM-Password {{gpvernanceAdminPassword}} Content-Type application/jsonParams
pageNumber 0 (page number of results) pageSize Page size (Results per page) sortKey ascOrder
Body raw
{ "toEmailAddress": "managed/user/1024", "certificationName": "Example Certification" }Example Request
curl --location -g --request POST '{{idmRoot}}/governance/sendNotification/{{notificationId}}' \ --header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \ --header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "toEmailAddress": "managed/user/1024", "certificationName": "Example Certification" }'