Access Review

The following are Identity Governance API Access Review endpoints:

Admin Certification

POST Cancel Certification(s)

Allows governance administrators to cancel certifications.

Endpoint

{{idmRoot}}/governance/adminCancelCert/{{certType}}

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type      application/json

Body

{
	"ids": [
		"{{certtocancelid}}"
	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/adminCancelCert/{{certtype}}' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"ids": [
		"{{certtocancelid}}"
	]
}'
POST Cancel Ad-hoc User Certification

Create an ad-hoc user certification campaign.

Endpoint

{{idmRoot}}/governance/certification/user

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type      application/json

Body

{
   "certObjectType":"user",
   "name":"Quarterly Certification",
   "description":"Scheduled certification to run every three months",
   "frequency":"scheduled",
   "schedule":"47 0 0 1 1/3 ?",
   "targetFilter":{
      "operator":"AND",
      "operand":[
         {
            "operator":"EQUALS",
            "operand":{
               "targetName":"roles",
               "targetValue":"managed/role/2005"
            }
         }
      ]
   },
   "stages":[
      {
         "name":"Stage 1",
         "entitlementFilter":{
            "attributes":{
               "roles":{
                  "selected":true
               }
            }
         },
         "certifierName":"managed/role/2007",
         "certifierType":"authzRoles",
         "certifierKey":"",
         "deadline":"14 days",
         "escalationSchedule":[

         ],
         "riskLevelFilter":[

         ]
      }
   ],
   "onExpire":"stageOnly",
   "remediationProcess":"RemoveEntitlements"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/scheduledCertification/{{certtype}}' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "certObjectType":"user",
   "name":"Quarterly Certification",
   "description":"Scheduled certification to run every three months",
   "frequency":"scheduled",
   "schedule":"47 0 0 1 1/3 ?",
   "targetFilter":{
      "operator":"AND",
      "operand":[
         {
            "operator":"EQUALS",
            "operand":{
               "targetName":"roles",
               "targetValue":"managed/role/2005"
            }
         }
      ]
   },
   "stages":[
      {
         "name":"Stage 1",
         "entitlementFilter":{
            "attributes":{
               "roles":{
                  "selected":true
               }
            }
         },
         "certifierName":"managed/role/2007",
         "certifierType":"authzRoles",
         "certifierKey":"",
         "deadline":"14 days",
         "escalationSchedule":[

         ],
         "riskLevelFilter":[

         ]
      }
   ],
   "onExpire":"stageOnly",
   "remediationProcess":"RemoveEntitlements"
}'
POST Create Ad-hoc Object Certification

Create an ad-hoc object certification campaign.

Endpoint

{{idmRoot}}/governance/certification/object

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type      application/json

Body

{
   "certObjectType":"role",
   "name":"Object Certification",
   "description":"Example object cert",
   "frequency":"ad-hoc",
   "targetFilter":{
      "operator":"AND",
      "operand":[
         {
            "operator":"EQUALS",
            "operand":{
               "targetName":"name",
               "targetValue":"Finance Lead"
            }
         }
      ]
   },
   "stages":[
      {
         "name":"Stage 1",
         "entitlementFilter":{
            "attributes":{
               "members":{
                  "selected":true
               },
               "description":{
                  "selected":true
               },
               "assignments":{
                  "selected":true
               }
            },
            "certifyMetadata":true
         },
         "certifierName":"aclark",
         "certifierType":"user",
         "certifierKey":"",
         "deadline":"2020-08-06T13:30:00-04:00",
         "escalationSchedule":[

         ],
         "riskLevelFilter":[

         ]
      }
   ],
   "defaultCertifierType":"authzRoles",
   "defaultCertifierName":"internal/role/governance-administrator",
   "onExpire":"stageOnly",
   "remediationProcess":"RemoveEntitlements"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/certification/object' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "certObjectType":"role",
   "name":"Object Certification",
   "description":"Example object cert",
   "frequency":"ad-hoc",
   "targetFilter":{
      "operator":"AND",
      "operand":[
         {
            "operator":"EQUALS",
            "operand":{
               "targetName":"name",
               "targetValue":"Finance Lead"
            }
         }
      ]
   },
   "stages":[
      {
         "name":"Stage 1",
         "entitlementFilter":{
            "attributes":{
               "members":{
                  "selected":true
               },
               "description":{
                  "selected":true
               },
               "assignments":{
                  "selected":true
               }
            },
            "certifyMetadata":true
         },
         "certifierName":"aclark",
         "certifierType":"user",
         "certifierKey":"",
         "deadline":"2020-08-06T13:30:00-04:00",
         "escalationSchedule":[

         ],
         "riskLevelFilter":[

         ]
      }
   ],
   "defaultCertifierType":"authzRoles",
   "defaultCertifierName":"internal/role/governance-administrator",
   "onExpire":"stageOnly",
   "remediationProcess":"RemoveEntitlements"
}'
POST Create Scheduled Certification

Create a scheduled certification definition.

Endpoint

{{idmRoot}}/governance/scheduledCertification/{{certtype}}

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type      application/json

Body

{
   "certObjectType":"user",
   "name":"Quarterly Certification",
   "description":"Scheduled certification to run every three months",
   "frequency":"scheduled",
   "schedule":"47 0 0 1 1/3 ?",
   "targetFilter":{
      "operator":"AND",
      "operand":[
         {
            "operator":"EQUALS",
            "operand":{
               "targetName":"roles",
               "targetValue":"managed/role/2005"
            }
         }
      ]
   },
   "stages":[
      {
         "name":"Stage 1",
         "entitlementFilter":{
            "attributes":{
               "roles":{
                  "selected":true
               }
            }
         },
         "certifierName":"managed/role/2007",
         "certifierType":"authzRoles",
         "certifierKey":"",
         "deadline":"14 days",
         "escalationSchedule":[

         ],
         "riskLevelFilter":[

         ]
      }
   ],
   "onExpire":"stageOnly",
   "remediationProcess":"RemoveEntitlements"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/scheduledCertification/{{certtype}}' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "certObjectType":"user",
   "name":"Quarterly Certification",
   "description":"Scheduled certification to run every three months",
   "frequency":"scheduled",
   "schedule":"47 0 0 1 1/3 ?",
   "targetFilter":{
      "operator":"AND",
      "operand":[
         {
            "operator":"EQUALS",
            "operand":{
               "targetName":"roles",
               "targetValue":"managed/role/2005"
            }
         }
      ]
   },
   "stages":[
      {
         "name":"Stage 1",
         "entitlementFilter":{
            "attributes":{
               "roles":{
                  "selected":true
               }
            }
         },
         "certifierName":"managed/role/2007",
         "certifierType":"authzRoles",
         "certifierKey":"",
         "deadline":"14 days",
         "escalationSchedule":[

         ],
         "riskLevelFilter":[

         ]
      }
   ],
   "onExpire":"stageOnly",
   "remediationProcess":"RemoveEntitlements"
}'
POST Create Triggered Certification

Create a triggered certification definition.

Endpoint

{{idmRoot}}/governance/triggeredCertification/user?_action=create

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type      application/json

Params

_action             create

Body

{
   "certObjectType":"user",
   "name":"Event Based Cert",
   "description":"Test",
   "frequency":"event-based",
   "expression":"{\"operator\":\"changed\",\"operand\":{\"field\":\"manager\",\"value\":\"\"}}",
   "targetFilter":{
      "operator":"AND",
      "operand":[
         {
            "operator":"EQUALS",
            "operand":{
               "targetName":"roles",
               "targetValue":""
            }
         }
      ]
   },
   "stages":[
      {
         "name":"Stage 1",
         "entitlementFilter":{
            "attributes":{
               "roles":{
                  "selected":true
               }
            }
         },
         "certifierName":"",
         "certifierType":"manager",
         "certifierKey":"",
         "deadline":"14 days",
         "escalationSchedule":[

         ],
         "riskLevelFilter":[

         ]
      }
   ],
   "onExpire":"stageOnly",
   "remediationProcess":"RemoveEntitlements"
}'

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/triggeredCertification/user?_action=create' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "certObjectType":"user",
   "name":"Event Based Cert",
   "description":"Test",
   "frequency":"event-based",
   "expression":"{\"operator\":\"changed\",\"operand\":{\"field\":\"manager\",\"value\":\"\"}}",
   "targetFilter":{
      "operator":"AND",
      "operand":[
         {
            "operator":"EQUALS",
            "operand":{
               "targetName":"roles",
               "targetValue":""
            }
         }
      ]
   },
   "stages":[
      {
         "name":"Stage 1",
         "entitlementFilter":{
            "attributes":{
               "roles":{
                  "selected":true
               }
            }
         },
         "certifierName":"",
         "certifierType":"manager",
         "certifierKey":"",
         "deadline":"14 days",
         "escalationSchedule":[

         ],
         "riskLevelFilter":[

         ]
      }
   ],
   "onExpire":"stageOnly",
   "remediationProcess":"RemoveEntitlements"
}'
POST Delete Scheduled Certification

Delete scheduled certification definitions.

Endpoint

{{idmRoot}}/governance/scheduledCertification/{{certtype}}?_action=delete

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type      application/json

Params

_action             delete

Body

{
	"ids": [
		"26c64da2-a702-4cea-a79e-9879477049d4"
	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/scheduledCertification/{{certtype}}?_action=delete' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"ids": [
		"26c64da2-a702-4cea-a79e-9879477049d4"
	]
}'
POST Delete Triggered Certification

Delete triggered certification definitions.

Endpoint

{{idmRoot}}/governance/triggeredCertification/{{certtype}}?_action=delete

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type      application/json

Params

_action             delete

Body

{
	"ids": [
		"26c64da2-a702-4cea-a79e-9879477049d4"
	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/triggeredCertification/{{certtype}}?_action=delete' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"ids": [
		"26c64da2-a702-4cea-a79e-9879477049d4"
	]
}'
POST Edit Scheduled Certification

Update a scheduled certification definition.

Endpoint

{{idmRoot}}/governance/scheduledCertification/{{certtype}}/26c64da2-a702-4cea-a79e-9879477049d4?_action=update

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type      application/json

Params

_action             update

Body

{
   "certObjectType":"user",
   "name":"Quarterly Certification",
   "description":"Scheduled certification to run every three months",
   "frequency":"scheduled",
   "schedule":"47 0 0 1 1/3 ?",
   "targetFilter":{
      "operator":"AND",
      "operand":[
         {
            "operator":"EQUALS",
            "operand":{
               "targetName":"roles",
               "targetValue":"managed/role/2005"
            }
         }
      ]
   },
   "stages":[
      {
         "name":"Stage 1",
         "entitlementFilter":{
            "attributes":{
               "roles":{
                  "selected":true
               }
            }
         },
         "certifierName":"managed/role/2007",
         "certifierType":"authzRoles",
         "certifierKey":"",
         "deadline":"14 days",
         "escalationSchedule":[

         ],
         "riskLevelFilter":[

         ]
      }
   ],
   "onExpire":"stageOnly",
   "remediationProcess":"RemoveEntitlements"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/scheduledCertification/{{certtype}}/26c64da2-a702-4cea-a79e-9879477049d4?_action=update' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "certObjectType":"user",
   "name":"Quarterly Certification",
   "description":"Scheduled certification to run every three months",
   "frequency":"scheduled",
   "schedule":"47 0 0 1 1/3 ?",
   "targetFilter":{
      "operator":"AND",
      "operand":[
         {
            "operator":"EQUALS",
            "operand":{
               "targetName":"roles",
               "targetValue":"managed/role/2005"
            }
         }
      ]
   },
   "stages":[
      {
         "name":"Stage 1",
         "entitlementFilter":{
            "attributes":{
               "roles":{
                  "selected":true
               }
            }
         },
         "certifierName":"managed/role/2007",
         "certifierType":"authzRoles",
         "certifierKey":"",
         "deadline":"14 days",
         "escalationSchedule":[

         ],
         "riskLevelFilter":[

         ]
      }
   ],
   "onExpire":"stageOnly",
   "remediationProcess":"RemoveEntitlements"
}'
POST Edit Triggered Certification

Update a triggered certification definition.

Endpoint

{{idmRoot}}/governance/triggeredCertification/{{certtype}}/{{triggeredusercertificationid}}?_action=update

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type      application/json

Params

_action             update

Body

{
   "certObjectType":"user",
   "name":"Event Based Certification",
   "description":"Test",
   "frequency":"event-based",
   "expression":"{\"operator\":\"changed\",\"operand\":{\"field\":\"manager\",\"value\":\"\"}}",
   "targetFilter":{
      "operator":"AND",
      "operand":[
         {
            "operator":"EQUALS",
            "operand":{
               "targetName":"roles",
               "targetValue":""
            }
         }
      ]
   },
   "stages":[
      {
         "name":"Stage 1",
         "entitlementFilter":{
            "attributes":{
               "roles":{
                  "selected":true
               }
            }
         },
         "certifierName":"",
         "certifierType":"manager",
         "certifierKey":"",
         "deadline":"14 days",
         "escalationSchedule":[

         ],
         "riskLevelFilter":[

         ]
      }
   ],
   "onExpire":"stageOnly",
   "remediationProcess":"RemoveEntitlements"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/triggeredCertification/{{certtype}}/{{triggeredusercertificationid}}?_action=update' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "certObjectType":"user",
   "name":"Event Based Certification",
   "description":"Test",
   "frequency":"event-based",
   "expression":"{\"operator\":\"changed\",\"operand\":{\"field\":\"manager\",\"value\":\"\"}}",
   "targetFilter":{
      "operator":"AND",
      "operand":[
         {
            "operator":"EQUALS",
            "operand":{
               "targetName":"roles",
               "targetValue":""
            }
         }
      ]
   },
   "stages":[
      {
         "name":"Stage 1",
         "entitlementFilter":{
            "attributes":{
               "roles":{
                  "selected":true
               }
            }
         },
         "certifierName":"",
         "certifierType":"manager",
         "certifierKey":"",
         "deadline":"14 days",
         "escalationSchedule":[

         ],
         "riskLevelFilter":[

         ]
      }
   ],
   "onExpire":"stageOnly",
   "remediationProcess":"RemoveEntitlements"
}'
GET Admin Event Details

Allows governance administrators to get event details.

Endpoint

{{idmRoot}}/governance/adminCertEventDetails/{{certtype}}/{{usercertificationid}}/{{stageIndex}}/{{eventIndex}}

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/adminCertEventDetails/
{{certtype}}/
{{usercertificationid}}/{{stageIndex}}/{{eventIndex}}' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
GET Get Scheduled Certification

Read a scheduled certification definition.

Endpoint

{{idmRoot}}/governance/scheduledCertification/{{certtype}}/26c64da2-a702-4cea-a79e-9879477049d4

Headers

X-OpenIDM-Username  {{endUserUsername}}
X-OpenIDM-Password  {{endUserPassword}}
Content-Type      application/json

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/scheduledCertification/{{certtype}}/26c64da2-a702-4cea-a79e-9879477049d4' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json'
GET Get Certification

Get a specific certification.

Endpoint

{{idmRoot}}/governance/adminCertification/
{{certtype}}/
{{usercertificationid}}?status={{certStatus}}&pageNumber=0&pageSize={{pageSize}}&sortBy&q={{query}}

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Params

status             Cert status ('active' or 'clased')
pageNumber         0 (Pagination control)
pageSize           Page size (Size per page)
sortBy             (Property to sort by)
q                  Query (Query for name)

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/adminCertification/
{{certtype}}/
{{usercertificationid}}?status={{certStatus}}&pageNumber=0&pageSize={{pageSize}}&sortBy=&q={{query}}' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
GET Get Admin Certification List

Get the certification list.

Endpoint

{{idmRoot}}/governance/adminCertList/
{{certtype}}/
{{usercertificationid}}?pageSize={{pageSize}}&pageNumber=0

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Params

pageSize           Page size (Size per page)
pageNumber         0 (Pagination control)
sortBy             (Property to sort by)
q                  Query (Query for name)
selected           0 (Selected stage)

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/adminCertList/
{{certtype}}/
{{usercertificationid}}?pageSize={{pageSize}}&pageNumber=0' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
GET Get Tasks For Specific User

Returns a list of tasks of the requested type that are assigned to the logged in user either directly or through a role.

Endpoint

{{idmRoot}}/governance/dashboard/{{userId}}?status=active&type=user

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Params

status             active (active or closed)
type               user (Type of task: user, object, violation)
pageNumber         0 (Pagination control)
pageSize           Page size (Size per page)
sortBy             (Property to sort by)
q                  Query (Query for name)

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/dashboard/{{userId}}?status=active&type=user' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
GET Get Triggered Certification

Read a triggered certification definition.

Endpoint

{{idmRoot}}/governance/triggeredCertification/{{certtype}}/{{triggeredusercertificationid}}

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/triggeredCertification/{{certtype}}/{{triggeredusercertificationid}}' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json'
GET Query Certifications

Query certification definitions.

Endpoint

{{idmRoot}}/governance/adminCertification/
{{certtype}}?status=active&pageNumber=0&pageSize=10&sortBy=nextDeadline

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Params

status             active (active or closed)
pageNumber         0 (Pagination control)
pageSize           10 (Size per page)
sortBy             nextDeadline
q**

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/adminCertification/
{{certtype}}?status=active&pageNumber=0&pageSize=10&sortBy=nextDeadline' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
GET Query Scheduled Certifications

Query scheduled certification definitions.

Endpoint

{{idmRoot}}/governance/scheduledCertification/{{certtype}}

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

q                  Filter
sortBy             Sort by field

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/scheduledCertification/{{certtype}}' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json'
GET Query Triggered Certifications

Query triggered certification definitions.

Endpoint

{{idmRoot}}/governance/triggeredCertification/
{{certtype}}?pageSize=10&sortBy=name&status=triggered&pageNumber=0

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

pageSize           10 (Size per page)
sortBy             name (Sort by field)
status             triggered
pageNumber         0

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/triggeredCertification/
{{certtype}}?pageSize=10&sortBy=name&status=triggered&pageNumber=0' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json'
POST Reassign Events

Bulk reassign events. Include eventIds in body to reassign specific events, else include campaignIds in body to reassign all events for the old certifier ID in the given campaigns. If neither eventIds nor campaignIds is present, will reassign ALL tasks for oldCertifierId to newCertifierId.

Endpoint

{{idmRoot}}/governance/certify/{{certtype}}/reassign

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

queryFilter          Target a specific subset of events within the stage

Body raw

{
  "newCertifierId": "",
  "oldCertifierId": "",
  "campaignIds": [

  	],
  "eventIds": [

  	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/certify/{{certtype}}/reassign' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
  "newCertifierId": "",
  "oldCertifierId": "",
  "campaignIds": [

  	],
  "eventIds": [

  	]
}'
POST Remediate Certification

Call the basic remediation script on a certification event object. Content of request can be dependent on customizations to remediation script, however the example workflow will pass the entire event object to this endpoint. The OOTB script only requires the properties found in this example.

Endpoint

{{idmRoot}}/governance/remediation

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

field                allowBulkCertify (Single setting ID to return)

Body raw

{
	"remediationType": "revokeCertification",
	"stageIndex": 0,
	"stages": [
        {
            "eventData": {
                "metadata": [],
                "application": [],
                "managedObject": [
                    {
                        "riskLevel": 0,
                        "comments": null,
                        "attributeValue": "AB123",
                        "values": [],
                        "attributeName": "Job Code",
                        "certifiable": 1,
                        "outcome": "revoke",
                        "objectType": "jobCode"
                    }
                ]
            },
            "longTargetId": "managed/user/138"
       }
    ]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/remediation' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"remediationType": "revokeCertification",
	"stageIndex": 0,
	"stages": [
        {
            "eventData": {
                "metadata": [],
                "application": [],
                "managedObject": [
                    {
                        "riskLevel": 0,
                        "comments": null,
                        "attributeValue": "AB123",
                        "values": [],
                        "attributeName": "Job Code",
                        "certifiable": 1,
                        "outcome": "revoke",
                        "objectType": "jobCode"
                    }
                ]
            },
            "longTargetId": "managed/user/138"
       }
    ]
}'
POST Remediate Violation

Call the basic remediation script on a violation object. Content of request can be dependent on customizations to remediation script, however the example workflow will pass the entire violation object to this endpoint. The OOTB script only requires the targetId and the policy expression violated.

Endpoint

{{idmRoot}}/governance/remediation

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

field                allowBulkCertify (Single setting ID to return)

Body raw

{
	"targetId": "managed/user/1024",
	"expression": "{'\''operator'\'':'\''EQUALS'\'','\''operand'\'':{'\''targetName'\'':'\''jobCode'\'','\''targetValue'\'':'\''AB123'\''}}",
	"remediationType": "revokeViolation"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/remediation' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"targetId": "managed/user/1024",
	"expression": "{'\''operator'\'':'\''EQUALS'\'','\''operand'\'':{'\''targetName'\'':'\''jobCode'\'','\''targetValue'\'':'\''AB123'\''}}",
	"remediationType": "revokeViolation"
}'

Admin Policy

POST Cancel Exception

Cancel an existing violation exception. Admin action.

Endpoint

{{idmRoot}}/governance/violation/{{violationId}}?_action=cancelexception

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

_action              cancelexception

Body raw

{}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/violation/{{violationId}}?_action=cancelexception' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{

}'
POST Cancel Exception(s)

Bulk cancel violations.

Endpoint

{{idmRoot}}/governance/violation?_action=cancelexception

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

sortBy              Sort key
q                   Query value
pageSize            Page size(Results per page)
pageNumber          0 (Page number of results)
_action**             cancelexception

Body raw

{
	"ids": [
		"{{exceptionToCancelId}}"
	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/violation?_action=cancelexception' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"ids": [
		"{{exceptionToCancelId}}"
	]
}'
POST Cancel Violation

Cancel a violation.

Endpoint

{{idmRoot}}/governance/violation/{{violationId}}?_action=cancel

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

_action             cancel

Body raw

{}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/violation/{{violationId}}?_action=cancel' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{

}'
POST Cancel Violation(s)

Bulk cancel violations.

Endpoint

{{idmRoot}}/governance/violation?_action=cancel

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

sortBy              Sort key
q                   Query value
pageSize            Page size (Results per page)
pageNumber          0 (Page number of results)
_action**             cancel

Body raw

{
	"ids": [
		"{{violationToCancelId}}"
	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/violation?_action=cancel' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"ids": [
		"{{violationToCancelId}}"
	]
}'
POST Comment on Violation

Comment on a violation. Owner action.

Endpoint

{{idmRoot}}/governance/violation/{{violationId}}?_action=comment

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

_action             comment

Body raw

{
	"comments": "Comments to add"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/violation/{{violationId}}?_action=comment' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"comments": "Comments to add"
}'
POST Configure a Reactive Scan

Configure the information for reactive policy scans.

Endpoint

{{idmRoot}}/governance/policyScan?_action=configure

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

_action             configure

Body raw

{
	"expirationDate":"15 days",
	"escalationSchedule":[]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/policyScan?_action=configure' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"expirationDate":"15 days",
	"escalationSchedule":[]
}'
POST Create Ad-hoc Policy Scan

Creates and runs an ad-hoc policy scan.

Endpoint

{{idmRoot}}/governance/policyScan?_action=adhoc

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

_action             adhoc

Body raw

{
   "name":"Adhoc Scan",
   "scanType":"ad-hoc",
   "schedule":"",
   "targetFilter":{
      "operator":"ALL",
      "operand":[

      ]
   },
   "policies":[
      "managed/policy/9b929e44-e120-4988-95b3-6306b4fa0533"
   ],
   "expirationDate":"07/31/2020",
   "escalationSchedule":[

   ]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/policyScan?_action=adhoc' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "name":"Adhoc Scan",
   "scanType":"ad-hoc",
   "schedule":"",
   "targetFilter":{
      "operator":"ALL",
      "operand":[

      ]
   },
   "policies":[
      "managed/policy/9b929e44-e120-4988-95b3-6306b4fa0533"
   ],
   "expirationDate":"07/31/2020",
   "escalationSchedule":[

   ]
}'
POST Create Scheduled Policy Scan

Creates a scheduled policy scan.

Endpoint

{{idmRoot}}/governance/policyScan?_action=scheduled

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

_action             scheduled

Body raw

{
   "name":"Scheduled scan monthly",
   "scanType":"scheduled",
   "schedule":"28 2 0 1 1/1 ?",
   "targetFilter":{
      "operator":"ALL",
      "operand":[

      ]
   },
   "policies":[
      "managed/policy/9b929e44-e120-4988-95b3-6306b4fa0533"
   ],
   "expirationDuration":"7 days",
   "escalationSchedule":[

   ]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/policyScan?_action=scheduled' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "name":"Scheduled scan monthly",
   "scanType":"scheduled",
   "schedule":"28 2 0 1 1/1 ?",
   "targetFilter":{
      "operator":"ALL",
      "operand":[

      ]
   },
   "policies":[
      "managed/policy/9b929e44-e120-4988-95b3-6306b4fa0533"
   ],
   "expirationDuration":"7 days",
   "escalationSchedule":[

   ]
}'
POST Create Policy

Creates a new policy.

Endpoint

{{idmRoot}}/governance/adminPolicy?action=create

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

action             create

Body raw

{
   "name":"Policy Name",
   "description":"Example policy",
   "expression":"{\"operator\":\"EQUALS\",\"operand\":{\"targetName\":\"roles\",\"targetValue\":\"managed/role/2003\"}}",
   "riskLevel":"1",
   "ownerType":"user",
   "owner":{
      "_ref":"managed/user/357"
   },
   "remediationProcess":"{{violationRemediationWorkflow}}",
   "active":"true"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/adminPolicy?action=create' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "name":"Policy Name",
   "description":"Example policy",
   "expression":"{\"operator\":\"EQUALS\",\"operand\":{\"targetName\":\"roles\",\"targetValue\":\"managed/role/2003\"}}",
   "riskLevel":"1",
   "ownerType":"user",
   "owner":{
      "_ref":"managed/user/357"
   },
   "remediationProcess":"{{violationRemediationWorkflow}}",
   "active":"true"
}'
POST Delete Policies

Delete policies from the system.

Endpoint

{{idmRoot}}/governance/adminPolicy?action=delete

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

action             delete

Body raw

{
	"ids": [
		"{{policyToDeleteId}}"
	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/adminPolicy/policies?action=delete' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"ids": [
		"{{policyToDeleteId}}"
	]
}'
POST Delete Policy Scans

Delete scheduled policy scans from the system.

Endpoint

{{idmRoot}}/governance/adminPolicy/policies?action=delete

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

action             delete

Body raw

{
	"ids": [
		"{{scanToCancelId}}"
	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/adminPolicy/policies?action=delete' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"ids": [
		"{{scanToCancelId}}"
	]
}'
POST Delete Scheduled Policy Scans

Delete policy scan definitions.

Endpoint

{{idmRoot}}/governance/adminPolicy/policies?action=delete

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

action             delete

Body raw

{
   "ids": [
   		"{{scheduledScanId}}"
   	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/policyScan?_action=delete' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "ids": [
   		"{{scheduledScanId}}"
   	]
}'
POST Edit Policy

Edit an existing policy.

Endpoint

{{idmRoot}}/governance/adminPolicy/{{policyId}}?action=update

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

action             update

Body raw

{
   "name":"Policy Create Test",
   "description":"Testing a created policy update",
   "expression":"{\"operator\":\"EQUALS\",\"operand\":{\"targetName\":\"roles\",\"targetValue\":\"managed/role/2003\"}}",
   "riskLevel":"1",
   "ownerType":"user",
   "owner":{
      "_ref":"managed/user/357"
   },
   "remediationProcess":"RevokeResources",
   "active":"true"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/adminPolicy/{{policyId}}?action=update' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "name":"Policy Create Test",
   "description":"Testing a created policy update",
   "expression":"{\"operator\":\"EQUALS\",\"operand\":{\"targetName\":\"roles\",\"targetValue\":\"managed/role/2003\"}}",
   "riskLevel":"1",
   "ownerType":"user",
   "owner":{
      "_ref":"managed/user/357"
   },
   "remediationProcess":"RevokeResources",
   "active":"true"
}'
PUT Edit Scheduled Policy Scan

Edit a scheduled policy scan definition.

Endpoint

{{idmRoot}}/governance/policyScan/{{scheduledScanId}}

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Body raw

{
   "name":"Scheduled scan monthly",
   "scanType":"scheduled",
   "schedule":"28 2 0 1 1/1 ?",
   "targetFilter":{
      "operator":"ALL",
      "operand":[

      ]
   },
   "policies":[
      "managed/policy/9b929e44-e120-4988-95b3-6306b4fa0533"
   ],
   "expirationDuration":"7 days",
   "escalationSchedule":[

   ]
}'

Example Request

curl --location -g --request PUT '{{idmRoot}}/governance/policyScan/{{scheduledScanId}}' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "name":"Scheduled scan monthly",
   "scanType":"scheduled",
   "schedule":"28 2 0 1 1/1 ?",
   "targetFilter":{
      "operator":"ALL",
      "operand":[

      ]
   },
   "policies":[
      "managed/policy/9b929e44-e120-4988-95b3-6306b4fa0533"
   ],
   "expirationDuration":"7 days",
   "escalationSchedule":[

   ]
}'
GET get Active Policy Scans

Query active policy scans.

Endpoint

{{idmRoot}}/governance/activePolicyScan}

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/activePolicyScan' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
GET Get Individual Policy Scan

Query an individual policy scan.

Endpoint

{{idmRoot}}/governance/activePolicyScan}

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/activePolicyScan/{{activePolicyScanId}}' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
GET Get Reactive Scan Configuration

Read reactive scan configuration.

Endpoint

{{idmRoot}}/governance/policyScan/reactive

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/policyScan/reactive' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json'
GET Get Violation

Read a specific violation, as governance administrator.

Endpoint

{{idmRoot}}/governance/violation/{{violationId}}

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/violation/{{violationId}}' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
GET Grant Exception to Violation

Grant an exception for the violation. Owner action.

Endpoint

{{idmRoot}}/governance/violation/{{violationId}}?_action=approve

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Body raw

{
	"comments": "Exception justification",
	"exceptionEndDate": "2020-06-09T10:28:46-04:00"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/violation/{{violationId}}?_action=approve' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"comments": "Exception justification",
	"exceptionEndDate": "2020-06-09T10:28:46-04:00"
}'
GET Query Policies

Query existing policies as a governance administrator.

Endpoint

{{idmRoot}}/governance/adminPolicy/policies?pageSize={{pageSize}}&pageNumber=0

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Params

pageSize            Page size (Number of results per page)
pageNumber          0 (current results page)
sortBy              Sort key
q                   Query value

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/adminPolicy/policies?pageSize={{pageSize}}&pageNumber=0' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
GET Query Policy Scans

Query policy scans.

Endpoint

{{idmRoot}}/governance/policyScan?q&pageSize=10&pageNumber=0

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

q                    Query value
pageSize             Page size (Number of results per page)
pageNumber           0 (current results page)
sortBy               Field to sort by

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/policyScan?q=&pageSize=10&pageNumber=0' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json'
GET Query Violations

Query violations as a governance administrator.

Endpoint

{{idmRoot}}/governance/violation/admin?status=active

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Params

status               active (Violation status: active/closed/exception)
target               Violation target user
owner                Violation owner
sortBy               Sort key
q                    Query value
pageSize             Page size (Number of results per page)
pageNumber           0 (current results page)
fields               Fields to return

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/violation/admin?status=active' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
GET Read Scheduled Policy Scan

Read a scheduled policy scan definition.

Endpoint

{{idmRoot}}/governance/policyScan/{{scheduledScanId}}

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/policyScan/{{scheduledScanId}}' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json'
GET Reassign Violation(s)

Bulk reassign violations. Must include a new owner id to reassign to. To reassign select violations, include an array of IDs corresponding to the intended violations. To reassign all of a given user’s violations, include an oldOwnerId in lieu of the IDs array.

Endpoint

{{idmRoot}}/governance/violation?_action=reassign

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

sortBy               Sort key
q                    Query value
pageSize             Page size (Number of results per page)
pageNumber           0 (current results page)
_action              reassign

Body raw

{
	"newOwnerId": "{{newOwnerId}}",
	"ids": [
		"{{violationToReassignId}}"
	]
}'

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/violation?_action=reassign' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"newOwnerId": "{{newOwnerId}}",
	"ids": [
		"{{violationToReassignId}}"
	]
}'
POST Remediate Violation

Kick off the remediation process for the violation. Owner action.

Endpoint

{{idmRoot}}/governance/violation/{{violationId}}?_action=remediate

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

_action              remediate

Body raw

{}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/violation/{{violationId}}?_action=remediate' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{

}'
POST Run Reactive Scan

Runs a reactive scan for all policies against a given user.

Endpoint

{{idmRoot}}/governance/policyScan?_action=reactive

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

_action              reactive

Body raw

{
   "userId": "{{userId}}"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/policyScan?_action=reactive' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "userId": "{{userId}}"
}'

Admin Dashboard

GET Get Admin Dashboard Metrics

Get the admin dashboard statistics.

Endpoint

{{idmRoot}}/governance/adminDashboard

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/adminDashboard' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
GET Get Individual Admin Dashboard Metric

Query for a single admin dashboard statistic, using the stat ID.

Endpoint

{{idmRoot}}/governance/adminDashboard/{{statId}}

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/adminDashboard/{{statId}}' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
GET Query Entitlements with History

Returns a list of the available entitlements that are stored within the certification history repo object. Used by the admin dashboard to allow the user to query for a specific entitlement’s history.

Endpoint

{{idmRoot}}/governance/adminDashboard?action=getStoredEntitlements&q=

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Params

field               allowBulkCertify (Single setting ID to return)

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/adminDashboard?action=getStoredEntitlements&q=' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
GET Query Policy Violation Results

Returns the results of all policy violations, organized by policy. Can provide an optional policy id (e.g. managed/policy/{{ID}}) to get information for a specific policy.

Endpoint

{{idmRoot}}/governance/adminDashboard?action=getPolicyTotals

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Params

action               getPolicyTotals (Dashboard action)
id                   managed/policy/99b41c9e-de1b-447e-92b8-cc2546a8b40 (Policy to search for, in long id format, option)

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/adminDashboard?action=getPolicyTotals' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
GET Get User Certification Profile

Get certification profile for a given user.

Endpoint

{{idmRoot}}/governance/userEventData/user/{{userId}}?system=IDM

Headers

X-OpenIDM-Username  {{endUserUsername}}
X-OpenIDM-Password  {{endUserPassword}}

Params

system               IDM

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/userEventData/user/{{userId}}?system=IDM' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}'
GET Get Entitlement Certification History

Get certification history for a single entitlement.

Endpoint

{{idmRoot}}/governance/userEventData/object?targetId={{entitlementId}}

Headers

X-OpenIDM-Username  {{endUserUsername}}
X-OpenIDM-Password  {{endUserPassword}}

Params

targetId             entitlementId (Entitlement to get certification history for)
history              true (Return individual certification history of item)

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/userEventData/object?targetId={{entitlementId}}' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}'

Admin Settings

PUT Edit Notification

Update a specific governance notification.

Endpoint

{{idmRoot}}/governance/notification/{{notificationId}}

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type:       application/json

Body raw

{
   "_id":"CERTIFICATION_CREATED_ADHOC",
   "displayName":"Certification Creation Adhoc",
   "from":"governanceNotifier@forgerock.com",
   "to":"${x.toEmailAddress}",
   "cc":"",
   "subject":"ATTENTION: Certification Task Assigned",
   "type":"text/html",
   "body":"<html><body>A certification task for $x.certificationName was assigned to you from an ad hoc certification campaign.<br><br>Please log into <a href=\\\"http://$x.hostName/governance/\\\">FRGovernance</a> as soon as you are able to review and complete the certification Task.</body></html>",
   "enabled":true
}

Example Request

curl --location -g --request PUT '{{idmRoot}}/governance/notification/{{notificationId}}' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "_id":"CERTIFICATION_CREATED_ADHOC",
   "displayName":"Certification Creation Adhoc",
   "from":"governanceNotifier@forgerock.com",
   "to":"${x.toEmailAddress}",
   "cc":"",
   "subject":"ATTENTION: Certification Task Assigned",
   "type":"text/html",
   "body":"<html><body>A certification task for $x.certificationName was assigned to you from an ad hoc certification campaign.<br><br>Please log into <a href=\\\"http://$x.hostName/governance/\\\">FRGovernance</a> as soon as you are able to review and complete the certification Task.</body></html>",
   "enabled":true
}'
GET Get Access Review System Settings

Get access review settings.

Endpoint

{{idmRoot}}/governance/systemSettings

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Params

**field                allowBulkCertify (Single setting ID to return)

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/systemSettings' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
GET Query Access Review Notifications

Query for governance notifications.

Endpoint

{{idmRoot}}/governance/notification?_queryId=query-all-ids

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Params

_queryId             query-all-ids
**type                 role (Single managed object to fetch)

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/notification?_queryId=query-all-ids' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
GET Read Notification

Read a specific governance notification.

Endpoint

{{idmRoot}}/governance/notification/{{notificationId}}

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Params

**type                 role (Single managed object to fetch)

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/notification/{{notificationId}}' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
POST Update Access Review System Settings

Update the governance settings.

Endpoint

{{idmRoot}}/governance/systemSettings

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type      application/json

Params

**field                allowBulkCertify (Single setting ID to return)

Body raw

{
    "_id": "",
    "systemSettings": [
        {
            "section": "General",
            "fields": [
                {
                    "id": "allowBulkCertify",
                    "type": "boolean",
                    "value": false
                }
            ]
        },
        {
            "section": "Display",
            "fields": [
                {
                    "id": "userDisplayFormat",
                    "type": "string",
                    "value": "{{givenName}} {{sn}} ({{userName}})"
                }
            ]
        },
        {
            "section": "Delegation",
            "fields": [
                {
                    "id": "delegationEnabled",
                    "type": "boolean",
                    "value": false
                },
                {
                    "id": "userDelegate",
                    "type": "dropdown",
                    "value": "manager"
                }
            ]
        },
        {
            "section": "Risk Level Management",
            "fields": [
                {
                    "id": "riskLevel",
                    "type": "dblSlider",
                    "value": {
                        "lower": 5,
                        "higher": 6
                    }
                }
            ]
        },
        {
            "section": "Custom attribute mapping",
            "fields": [
                {
                    "id": "userAttrMappings",
                    "type": "dropdown",
                    "attributes": [
                        {
                            "id": "givenName",
                            "value": "givenName"
                        },
                        {
                            "id": "sn",
                            "value": "sn"
                        },
                        {
                            "id": "mail",
                            "value": "mail"
                        }
                    ]
                }
            ]
        },
        {
            "section": "Menu Management",
            "fields": [
                {
                    "id": "menuManagement",
                    "type": "string",
                    "value": []
                }
            ]
        }
    ]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/systemSettings' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "_id": "",
    "systemSettings": [
        {
            "section": "General",
            "fields": [
                {
                    "id": "allowBulkCertify",
                    "type": "boolean",
                    "value": false
                }
            ]
        },
        {
            "section": "Display",
            "fields": [
                {
                    "id": "userDisplayFormat",
                    "type": "string",
                    "value": "{{givenName}} {{sn}} ({{userName}})"
                }
            ]
        },
        {
            "section": "Delegation",
            "fields": [
                {
                    "id": "delegationEnabled",
                    "type": "boolean",
                    "value": false
                },
                {
                    "id": "userDelegate",
                    "type": "dropdown",
                    "value": "manager"
                }
            ]
        },
        {
            "section": "Risk Level Management",
            "fields": [
                {
                    "id": "riskLevel",
                    "type": "dblSlider",
                    "value": {
                        "lower": 5,
                        "higher": 6
                    }
                }
            ]
        },
        {
            "section": "Custom attribute mapping",
            "fields": [
                {
                    "id": "userAttrMappings",
                    "type": "dropdown",
                    "attributes": [
                        {
                            "id": "givenName",
                            "value": "givenName"
                        },
                        {
                            "id": "sn",
                            "value": "sn"
                        },
                        {
                            "id": "mail",
                            "value": "mail"
                        }
                    ]
                }
            ]
        },
        {
            "section": "Menu Management",
            "fields": [
                {
                    "id": "menuManagement",
                    "type": "string",
                    "value": []
                }
            ]
        }
    ]
}'

Certifier

POST Event Action - Certify

Certify an entire event.

Endpoint

{{idmRoot}}/governance/certify/
{{certtype}}/
{{usercertificationid}}/{{stageIndex}}/{{eventIndex}}?action=certify&actingId={{certifierId}}

Headers

X-OpenIDM-Username  {{endUserUsername}}
X-OpenIDM-Password  {{endUserPassword}}
Content-Type:       application/json

Params

_action              certify (Action to take: certify, revoke, abstain, certify-remaining, reset, comment, claim, reassign)

actingId             {{certifierId}} (ID of acting certifier (user or role)

queryFilter          Target a specific subset of events within the stage

Body raw

{}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/certify/
{{certtype}}/
{{usercertificationid}}/{{stageIndex}}/{{eventIndex}}?action=certify&actingId={{certifierId}}' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{}'
GET Get Certification List

Get the certifier view of the events in a campaign.

Endpoint

{{idmRoot}}/governance/certificationList/
{{certtype}}/
{{usercertificationid}}?pageSize={{pageSize}}&pageNumber=0

Headers

X-OpenIDM-Username  {{endUserUsername}}
X-OpenIDM-Password  {{endUserPassword}}

Params

pageSize            Page size
pageNumber          0
sortBy
q
selected            0 (selected stage)

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/certificationList/
{{certtype}}/
{{usercertificationid}}?pageSize={{pageSize}}&pageNumber=0' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}'
GET Get Certifier Event Details

Get the certifier view of an event.

Endpoint

{{idmRoot}}/governance/certificationEventDetails/
{{certtype}}/
{{usercertificationid}}/{{stageIndex}}/{{eventIndex}}

Headers

X-OpenIDM-Username  {{endUserUsername}}
X-OpenIDM-Password  {{endUserPassword}}

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/certificationEventDetails/
{{certtype}}/
{{usercertificationid}}/{{stageIndex}}/{{eventIndex}}' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}'
GET Get User Tasks

Returns a list of tasks of the requested type that are assigned to the logged in user either directly or through a role.

Endpoint

{{idmRoot}}/governance/dashboard?status=active&type=user

Headers

X-OpenIDM-Username  {{endUserUsername}}
X-OpenIDM-Password  {{endUserPassword}}

Params

status              active (Active or closed)
type                user (Type of task: user, object, violation)
pageNumber          0 (Page number)
pageSize            Page size (Number of results per page)

sortBy              Property to sorty by
q                   String to sort by

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/dashboard?status=active&type=user' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}'
POST Stage Action - Certify Remaining

Certify remaining events in a stage.

Endpoint

{{idmRoot}}/governance/certify/
{{certtype}}/
{{usercertificationid}}/{{stageIndex}}?action=certify-remaining&actingId={{certifierId}}

Headers

X-OpenIDM-Username  {{endUserUsername}}
X-OpenIDM-Password  {{endUserPassword}}
Content-Type      application/json

Params

action              certify-remaining (action to take: certify-remaining, reset, sign-off)
actingId            {{certifierId}} (ID of acting certifier: user or role)
queryFilter         Target a specific subset of events within the stage

Body raw

{}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/certify/
{{certtype}}/
{{usercertificationid}}/{{stageIndex}}?action=certify-remaining&actingId={{certifierId}}' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{}'
POST Stage Action - Reset

Reset events in a stage.

Endpoint

{{idmRoot}}/governance/certify/
{{certtype}}/
{{usercertificationid}}/{{stageIndex}}?action=reset&actingId={{certifierId}}

Headers

X-OpenIDM-Username  {{endUserUsername}}
X-OpenIDM-Password  {{endUserPassword}}
Content-Type      application/json

Params

action              reset (action to take: certify-remaining, reset, sign-off)
actingId            {{certifierId}} (ID of acting certifier: user or role)
queryFilter         Target a specific subset of events within the stage

Body raw

{}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/certify/
{{certtype}}/
{{usercertificationid}}/{{stageIndex}}?action=reset&actingId={{certifierId}}' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{}'
POST Stage Action - Sign-off

Sign-off completed events in a stage.

Endpoint

{{idmRoot}}/governance/certify/
{{certtype}}/
{{usercertificationid}}/{{stageIndex}}?action=sign-off&actingId={{certifierId}}

Headers

X-OpenIDM-Username  {{endUserUsername}}
X-OpenIDM-Password  {{endUserPassword}}
Content-Type      application/json

Params

action              sign-off (action to take: certify-remaining, reset, sign-off)
actingId            {{certifierId}} (ID of acting certifier: user or role)
queryFilter         Target a specific subset of events within the stage

Body raw

{}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/certify/
{{certtype}}/
{{usercertificationid}}/{{stageIndex}}?action=sign-off&actingId={{certifierId}}' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{}'
GET Get User Violation Tasks

Get the violations that belong to the logged in user.

Endpoint

{{idmRoot}}/governance/violation?status=active

Headers

X-OpenIDM-Username  {{endUserUsername}}
X-OpenIDM-Password  {{endUserPassword}}

Params

status             active  (Violation status: active, closed, exception)
sortBy             Sort key
q                  Query value
pageSize           Page size (Results per page)
pageNumber         0 (page number of results)

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/violation?status=active' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}'

Utility

GET Get Candidates For Object Attribute

Get possible values for the given attribute on the given managed object type.

Endpoint

{{idmRoot}}/governance/getRelationshipObjects?managedObject=user&attribute=authzRoles

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type      application/json

Params

managedObject       user
attribute           authzRoles
pageNumber          0 (page number of results)
pageSize            Page size (Results per page)
sortKey
ascOrder

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/getRelationshipObjects?managedObject=user&attribute=authzRoles' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json'
POST Get Candidates For Object Attribute With Filter

Get possible values for the given attribute on the given managed object type, filtered by provided query.

Endpoint

{{idmRoot}}/governance/getRelationshipObjects?managedObject=user&attribute=authzRoles

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type      application/json

Params

managedObject       user
attribute           authzRoles
pageNumber          0 (page number of results)
pageSize            Page size (Results per page)
sortKey
ascOrder

Body raw

{
  "query": [
    {
      "attribute": "name",
      "operator": "co",
      "path": "managed/role",
      "value": "Admin"
    }
  ]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/getRelationshipObjects?managedObject=user&attribute=authzRoles' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
  "query": [
    {
      "attribute": "name",
      "operator": "co",
      "path": "managed/role",
      "value": "Admin"
    }
  ]
}'
GET Get Managed Object and System Information

Get the schema and configuration for managed objects and configured systems.

Endpoint

{{idmRoot}}/governance/managedObjectConfig

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}

Params

type                 role (Single managed object to fetch)

Example Request

curl --location -g --request GET '{{idmRoot}}/governance/managedObjectConfig' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}'
POST Parse Target Filter

Run expression parser on given managed object type.

Endpoint

{{idmRoot}}/governance/expressionParser/user?_action=parse

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type      application/json

Params

_action              parse

Body raw

{
	"operator":"EQUALS",
	"operand": {
		"targetName":"accountStatus",
		"targetValue":"active"
	}
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/expressionParser/user?_action=parse' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"operator":"EQUALS",
	"operand": {
		"targetName":"accountStatus",
		"targetValue":"active"
	}
}'
POST Send Access Review Notification

Get possible values for the given attribute on the given managed object type, filtered by provided query.

Endpoint

{{idmRoot}}/governance/sendNotification/{{notificationId}}

Headers

X-OpenIDM-Username  {{governanceAdminUsername}}
X-OpenIDM-Password  {{gpvernanceAdminPassword}}
Content-Type      application/json

Params

pageNumber         0 (page number of results)
pageSize           Page size (Results per page)
sortKey
ascOrder

Body raw

{
	"toEmailAddress": "managed/user/1024",
	"certificationName": "Example Certification"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/sendNotification/{{notificationId}}' \
--header 'X-OpenIDM-Username: {{governanceAdminUsername}}' \
--header 'X-OpenIDM-Password: {{gpvernanceAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"toEmailAddress": "managed/user/1024",
	"certificationName": "Example Certification"
}'