diff --git a/dereferenced/deref-sailpoint-api.v3.yaml b/dereferenced/deref-sailpoint-api.v3.yaml index b8c19cf7..064d54f0 100644 --- a/dereferenced/deref-sailpoint-api.v3.yaml +++ b/dereferenced/deref-sailpoint-api.v3.yaml @@ -160,6 +160,8 @@ tags: - Password Change: These include password changes on sources. Refer to [Account Activity](https://documentation.sailpoint.com/saas/help/search/index.html#account-activity) for more information about account activities. + - name: Auth User + description: Authentication service user retrieval and user capabilities update - name: Certification Campaigns description: | Use this API to implement certification campaign functionality. @@ -364,7 +366,7 @@ tags: description: | Use this API to implement OAuth client functionality. With this functionality in place, users with the appropriate security scopes can create and configure OAuth clients to use as a way to obtain authorization to use the IdentityNow REST API. - Refer to [Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information about OAuth and how it works with the IdentityNow REST API. + Refer to [Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information about OAuth and how it works with the IdentityNow REST API. - name: Password Configuration description: | Use this API to implement organization password configuration functionality. @@ -16486,742 +16488,242 @@ paths: - locale: en-US localeOrigin: DEFAULT text: An internal fault occurred. - /campaigns: + '/auth-users/{id}': get: - operationId: getActiveCampaigns + operationId: getAuthUser tags: - - Certification Campaigns - summary: List Campaigns - description: Gets campaigns and returns them in a list. Can provide increased level of detail for each campaign if provided the correct query. - security: - - UserContextAuth: - - 'idn:campaign-list:read' + - Auth User + summary: Auth User Details + description: |- + This API returns the specified user's authentication system details. + Requires security scope of: 'sp:auth-user:read' parameters: - - in: query - name: detail - schema: - type: string - enum: - - SLIM - - FULL - required: false - description: 'Determines whether slim, or increased level of detail is provided for each campaign in the returned list. Slim is the default behavior.' - example: FULL - - in: query - name: limit - description: |- - Max number of results to return. - See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. - required: false - example: 250 - schema: - type: integer - format: int32 - minimum: 0 - maximum: 250 - default: 250 - - in: query - name: offset - description: |- - Offset into the full result set. Usually specified with *limit* to paginate through the results. - See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. - required: false - example: 0 - schema: - type: integer - format: int32 - minimum: 0 - default: 0 - - in: query - name: count - description: |- - If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. - - Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. - - See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. - required: false - example: true - schema: - type: boolean - default: false - - in: query - name: filters - schema: - type: string - required: false - description: |- - Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) - - Filtering is supported for the following fields and operators: - - **id**: *eq, in* - - **name**: *eq, sw* - - **status**: *eq, in* - example: name eq "Manager Campaign" - - in: query - name: sorters + - in: path + name: id + description: Identity ID + required: true schema: type: string - format: comma-separated - required: false - description: |- - Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) - - Sorting is supported for the following fields: **name**, **created** - example: name + example: ef38f94347e94562b5bb8424a56397d8 + security: + - oauth2: + - 'sp:auth-user:read' responses: '200': - description: A list of campaign objects. + description: The specified user's authentication system details. content: application/json: schema: - type: array - items: - oneOf: - - type: object - title: Slim Campaign - required: - - name - - description - - type + type: object + properties: + tenant: + type: string + description: Tenant name. + example: test-tenant + id: + type: string + description: Identity ID. + example: 2c91808458ae7a4f0158b1bbf8af0628 + uid: + type: string + description: Identity unique identitifier. + example: will.smith + profile: + type: string + description: ID of the auth profile associated with this auth user. + example: 2c91808458ae7a4f0158b1bbf8af0756 + identificationNumber: + type: string + description: Auth user employee number. + example: 19-5588452 + email: + type: string + description: Auth user's email. + example: william.smith@example.com + phone: + type: string + description: Auth user's phone number. + example: '5555555555' + workPhone: + type: string + description: Auth user's work phone number. + example: '5555555555' + personalEmail: + type: string + description: Auth user's personal email. + example: william.smith@example.com + firstname: + type: string + description: Auth user's first name. + example: Will + lastname: + type: string + description: Auth user's last name. + example: Smith + displayName: + type: string + description: Auth user's name in displayed format. + example: Will Smith + alias: + type: string + description: Auth user's alias. + example: will.smith + lastPasswordChangeDate: + type: string + description: the date of last password change + example: '2021-03-08T22:37:33.901Z' + lastLoginTimestamp: + description: Timestamp of the last login (long type value). + type: integer + format: int64 + example: 1656327185832 + currentLoginTimestamp: + description: Timestamp of the current login (long type value). + type: integer + format: int64 + example: 1656327185832 + capabilities: + description: Array of capabilities for this auth user. + type: array + items: + type: string + example: ORG_ADMIN + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object properties: - id: + locale: type: string - readOnly: true - description: Id of the campaign - example: 2c9079b270a266a60170a2779fcb0007 - name: - description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: type: string - example: Manager Campaign - description: + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: type: string - description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' - example: Everyone needs to be reviewed by their manager - deadline: + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: type: string - format: date-time - description: The campaign's completion deadline. - example: '2020-03-15T10:00:01.456Z' - type: + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: type: string - description: The type of campaign. Could be extended in the future. enum: - - MANAGER - - SOURCE_OWNER - - SEARCH - - ROLE_COMPOSITION - example: MANAGER - emailNotificationEnabled: - type: boolean - description: Enables email notification for this campaign - default: false - example: false - autoRevokeAllowed: - type: boolean - description: Allows auto revoke for this campaign - default: false - example: false - recommendationsEnabled: - type: boolean - description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. - default: false - example: true - status: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: type: string - description: The campaign's current status. - readOnly: true enum: - - PENDING - - STAGED - - CANCELING - - ACTIVATING - - ACTIVE - - COMPLETING - - COMPLETED - - ERROR - - ARCHIVED - example: ACTIVE - correlatedStatus: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: type: string - description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). enum: - - CORRELATED - - UNCORRELATED - example: CORRELATED - - type: object - title: Campaign - allOf: - - type: object - title: Slim Campaign - required: - - name - - description - - type - properties: - id: - type: string - readOnly: true - description: Id of the campaign - example: 2c9079b270a266a60170a2779fcb0007 - name: - description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' - type: string - example: Manager Campaign - description: - type: string - description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' - example: Everyone needs to be reviewed by their manager - deadline: - type: string - format: date-time - description: The campaign's completion deadline. - example: '2020-03-15T10:00:01.456Z' - type: - type: string - description: The type of campaign. Could be extended in the future. - enum: - - MANAGER - - SOURCE_OWNER - - SEARCH - - ROLE_COMPOSITION - example: MANAGER - emailNotificationEnabled: - type: boolean - description: Enables email notification for this campaign - default: false - example: false - autoRevokeAllowed: - type: boolean - description: Allows auto revoke for this campaign - default: false - example: false - recommendationsEnabled: - type: boolean - description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. - default: false - example: true - status: - type: string - description: The campaign's current status. - readOnly: true - enum: - - PENDING - - STAGED - - CANCELING - - ACTIVATING - - ACTIVE - - COMPLETING - - COMPLETED - - ERROR - - ARCHIVED - example: ACTIVE - correlatedStatus: - type: string - description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). - enum: - - CORRELATED - - UNCORRELATED - example: CORRELATED - - type: object - properties: - created: - type: string - readOnly: true - format: date-time - description: Created time of the campaign - example: '2020-03-03T22:15:13.611Z' - modified: - type: string - readOnly: true - format: date-time - description: Modified time of the campaign - example: '2020-03-03T22:20:12.674Z' - correlatedStatus: - description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). - enum: - - CORRELATED - - UNCORRELATED - example: CORRELATED - filter: - type: object - description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. - properties: - id: - type: string - description: The ID of whatever type of filter is being used. - example: 0fbe863c063c4c88a35fd7f17e8a3df5 - type: - type: string - description: Type of the filter - enum: - - CAMPAIGN_FILTER - - RULE - example: CAMPAIGN_FILTER - name: - type: string - description: Name of the filter - example: Test Filter - sunsetCommentsRequired: - type: boolean - description: Determines if comments on sunset date changes are required. - default: true - example: true - sourceOwnerCampaignInfo: - type: object - description: Must be set only if the campaign type is SOURCE_OWNER. - properties: - sourceIds: - type: array - description: The list of sources to be included in the campaign. - items: - type: string - example: - - 0fbe863c063c4c88a35fd7f17e8a3df5 - searchCampaignInfo: - type: object - description: Must be set only if the campaign type is SEARCH. - properties: - type: - type: string - description: The type of search campaign represented. - enum: - - IDENTITY - - ACCESS - example: ACCESS - description: - type: string - description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.' - example: Search Campaign description - reviewer: - description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - - WORKGROUP - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - - type: object - query: - type: string - description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. - example: Search Campaign query description - identityIds: - type: array - description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. - items: - type: string - maxItems: 1000 - example: - - 0fbe863c063c4c88a35fd7f17e8a3df5 - accessConstraints: - type: array - description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. - items: - type: object - properties: - type: - type: string - enum: - - ENTITLEMENT - - ACCESS_PROFILE - - ROLE - description: Type of Access - example: ENTITLEMENT - ids: - description: Must be set only if operator is SELECTED. - type: array - items: - type: string - example: - - 2c90ad2a70ace7d50170acf22ca90010 - operator: - type: string - enum: - - ALL - - SELECTED - description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. - example: SELECTED - required: - - type - - operator - maxItems: 1000 - required: - - type - roleCompositionCampaignInfo: - type: object - description: Optional configuration options for role composition campaigns. - properties: - reviewer: - description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - - WORKGROUP - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - - type: object - roleIds: - type: array - description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' - items: - type: string - example: - - 2c90ad2a70ace7d50170acf22ca90010 - remediatorRef: - type: object - description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.' - properties: - type: - type: string - enum: - - IDENTITY - description: Legal Remediator Type - example: IDENTITY - id: - type: string - description: The ID of the remediator. - example: 2c90ad2a70ace7d50170acf22ca90010 - name: - type: string - description: The name of the remediator. - readOnly: true - example: Role Admin - required: - - type - - id - query: - type: string - description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' - example: Search Query - description: - type: string - description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.' - example: Role Composition Description - required: - - remediatorRef - alerts: - type: array - description: A list of errors and warnings that have accumulated. - readOnly: true - items: - type: object - properties: - level: - type: string - enum: - - ERROR - - WARN - - INFO - description: Denotes the level of the message - example: ERROR - localizations: - type: array - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - totalCertifications: - type: integer - description: The total number of certifications in this campaign. - readOnly: true - example: 100 - completedCertifications: - type: integer - description: The number of completed certifications in this campaign. - readOnly: true - example: 10 - sourcesWithOrphanEntitlements: - type: array - description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). - readOnly: true - items: - type: object - properties: - id: - type: string - description: Id of the source - example: 2c90ad2a70ace7d50170acf22ca90010 - type: - type: string - enum: - - SOURCE - description: Type - example: SOURCE - name: - type: string - description: Name of the source - example: Source with orphan entitlements - mandatoryCommentRequirement: - type: string - description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.' - enum: - - ALL_DECISIONS - - REVOKE_ONLY_DECISIONS - - NO_DECISIONS - example: NO_DECISIONS + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. examples: - Slim Campaign: - description: List of Slim Campaigns that would result from not specifying *detail* or specifying SLIM - value: - - id: 2c918086719eec070171a7e3355a360a - name: Manager Review - description: A review of everyone's access by their manager. - deadline: '2020-12-25T06:00:00.123Z' - type: MANAGER - status: ACTIVE - emailNotificationEnabled: false - autoRevokeAllowed: false - recommendationsEnabled: false - - id: 7e1a731e3fb845cfbe58112ba4673ee4 - name: Search Campaign - description: Search Campaign Info - deadline: 2022-07-26T15:42:44.000Z - type: SEARCH - status: ACTIVE - emailNotificationEnabled: false - autoRevokeAllowed: false - recommendationsEnabled: false - - id: 2c918086719eec070171a7e3355a412b - name: AD Source Review - description: A review of our AD source. - deadline: '2020-12-25T06:00:00.123Z' - type: SOURCE_OWNER - status: STAGED - emailNotificationEnabled: true - autoRevokeAllowed: false - recommendationsEnabled: false - correlatedStatus: CORRELATED - - id: 3b2e2e5821e84127b6d693d41c40623b - name: Role Composition Campaign - description: A review done by a role owner. - deadline: 2020-12-25T06:00:00.468Z - type: ROLE_COMPOSITION - status: ACTIVE - emailNotificationEnabled: false - autoRevokeAllowed: false - recommendationsEnabled: false - Full Campaign: - description: List of Campaigns that would result from specifying *detail* as FULL + '403': + summary: An example of a 403 response object value: - - id: 078696a575e045c68d6722ccdb9f101d - name: Role Composition Campaign - description: A review done by a role owner. - deadline: 2020-12-25T06:00:00.468Z - type: ROLE_COMPOSITION - status: ERROR - emailNotificationEnabled: false - autoRevokeAllowed: false - recommendationsEnabled: false - created: 2022-08-02T20:29:51.065Z - modified: 2022-08-02T20:29:51.331Z - filter: - type: CAMPAIGN_FILTER - id: 0fbe863c063c4c88a35fd7f17e8a3df5 - name: Test Role Composition Filter - sunsetCommentsRequired: true - sourceOwnerCampaignInfo: null - searchCampaignInfo: null - roleCompositionCampaignInfo: - remediatorRef: - type: IDENTITY - id: 7ec252acbd4245548bc25df22348cb75 - name: SailPoint Support - reviewerId: null - reviewer: null - roleIds: - - b15d609fc5c8434b865fe552315fda8f - query: null - description: null - alerts: - - level: ERROR - localizations: - - locale: en - localeOrigin: DEFAULT - text: Composite criterion must have children non-composite criterion must not. - totalCertifications: 0 - completedCertifications: 0 - sourcesWithOrphanEntitlements: null - mandatoryCommentRequirement: NO_DECISIONS - - id: 1be8fc1103914bf0a4e14e316b6a7b7c - name: Manager Review - description: A review of everyone's access by their manager. - deadline: 2020-12-25T06:00:00.468Z - type: MANAGER - status: STAGED - emailNotificationEnabled: false - autoRevokeAllowed: false - recommendationsEnabled: false - created: 2022-08-02T19:00:27.731Z - modified: 2022-08-02T19:00:34.391Z - filter: - type: CAMPAIGN_FILTER - id: 0fbe863c063c4c88a35fd7f17e8a3df5 - name: Test Manager Filter - sunsetCommentsRequired: true - sourceOwnerCampaignInfo: null - searchCampaignInfo: null - roleCompositionCampaignInfo: null - alerts: null - totalCertifications: 5 - completedCertifications: 0 - sourcesWithOrphanEntitlements: [] - mandatoryCommentRequirement: NO_DECISIONS - - id: 7e1a731e3fb845cfbe58112ba4673ee4 - name: Search Campaign - description: Search Campaign for Identities - deadline: 2022-07-26T15:42:44.000Z - type: SEARCH - status: ACTIVE - emailNotificationEnabled: false - autoRevokeAllowed: false - recommendationsEnabled: false - created: 2022-07-25T15:42:18.276Z - modified: 2022-07-25T15:42:53.718Z - filter: - type: CAMPAIGN_FILTER - id: 0fbe863c063c4c88a35fd7f17e8a3df5 - name: Test Search Filter - sunsetCommentsRequired: true - sourceOwnerCampaignInfo: null - searchCampaignInfo: - type: IDENTITY - description: Example of Search Campaign - reviewer: - type: IDENTITY - id: 7ec252acbd4245548bc25df22348cb75 - name: null - query: user - identityIds: null - accessConstraints: [] - roleCompositionCampaignInfo: null - alerts: null - totalCertifications: 6 - completedCertifications: 0 - sourcesWithOrphanEntitlements: [] - mandatoryCommentRequirement: NO_DECISIONS - - id: ad3cf3dd50394b1bad646de4bc51b999 - name: Source Owner Campaign - description: Example for Source Owner Campaign - deadline: 2022-08-10T17:09:02.000Z - type: SOURCE_OWNER - status: ACTIVE - emailNotificationEnabled: true - autoRevokeAllowed: false - recommendationsEnabled: false - created: 2022-07-27T17:04:19.027Z - modified: 2022-07-27T17:09:13.925Z - filter: - type: CAMPAIGN_FILTER - id: 0fbe863c063c4c88a35fd7f17e8a3df5 - name: Test Source Owner Filter - sunsetCommentsRequired: true - sourceOwnerCampaignInfo: - sourceIds: - - 2c91808781fd5aea01821200dc88318e - searchCampaignInfo: null - roleCompositionCampaignInfo: null - alerts: null - totalCertifications: 2 - completedCertifications: 0 - sourcesWithOrphanEntitlements: [] - correlatedStatus: CORRELATED - mandatoryCommentRequirement: NO_DECISIONS - '400': - description: Client Error - Returned if the request body is invalid. + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist content: application/json: schema: @@ -17277,18 +16779,28 @@ paths: type: string description: Actual text of the error message in the indicated locale. example: The request was syntactically correct but its content is semantically invalid. - '401': - description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. content: application/json: schema: type: object properties: - error: + message: description: A message describing the error - example: 'JWT validation failed: JWT is expired' - '403': - description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. content: application/json: schema: @@ -17345,27 +16857,174 @@ paths: description: Actual text of the error message in the indicated locale. example: The request was syntactically correct but its content is semantically invalid. examples: - '403': - summary: An example of a 403 response object + '500': + summary: An example of a 500 response object value: - detailCode: 403 Forbidden + detailCode: 500.0 Internal Fault trackingId: b21b1f7ce4da4d639f2c62a57171b427 messages: - locale: en-US localeOrigin: DEFAULT - text: The server understood the request but refuses to authorize it. - '429': - description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + text: An internal fault occurred. + patch: + operationId: patchAuthUser + tags: + - Auth User + summary: Auth User Update + description: Update an existing user in the authentication system with a PATCH request. + security: + - oauth2: + - 'sp:auth-user:update' + parameters: + - in: path + name: id + description: Identity ID + required: true + schema: + type: string + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: | + A list of auth user update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + PATCH can only be applied to the following fields: + * "capabilities" + + A list of valid capabilities can be found using the GET ams/v3/authorization/authorization-capabilities/ endpoint. + Capabilities can only be patched if they are administrator assignable, as indicated by the 'adminAssignable' field from the output of list authorization-capabilities. + Capabilities that have a legacy group ('legacyGroup' field) need to be patched using the legacyGroup name (e.g. 'ORG_ADMIN'). + Capabilities that are adminAssignable but do not have a legacyGroup can be patched using the ams id (e.g. 'cam:new-role'). + + A 400.1.1 Illegal update attempt detail code indicates that you attempted to PATCH a field that is not allowed. + + Requires security scope of 'sp:auth-user:update' + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /capabilities + value: + - ORG_ADMIN + responses: + '200': + description: Auth user updated. content: application/json: schema: type: object properties: - message: - description: A message describing the error - example: ' Rate Limit Exceeded ' - '500': - description: Internal Server Error - Returned if there is an unexpected error. + tenant: + type: string + description: Tenant name. + example: test-tenant + id: + type: string + description: Identity ID. + example: 2c91808458ae7a4f0158b1bbf8af0628 + uid: + type: string + description: Identity unique identitifier. + example: will.smith + profile: + type: string + description: ID of the auth profile associated with this auth user. + example: 2c91808458ae7a4f0158b1bbf8af0756 + identificationNumber: + type: string + description: Auth user employee number. + example: 19-5588452 + email: + type: string + description: Auth user's email. + example: william.smith@example.com + phone: + type: string + description: Auth user's phone number. + example: '5555555555' + workPhone: + type: string + description: Auth user's work phone number. + example: '5555555555' + personalEmail: + type: string + description: Auth user's personal email. + example: william.smith@example.com + firstname: + type: string + description: Auth user's first name. + example: Will + lastname: + type: string + description: Auth user's last name. + example: Smith + displayName: + type: string + description: Auth user's name in displayed format. + example: Will Smith + alias: + type: string + description: Auth user's alias. + example: will.smith + lastPasswordChangeDate: + type: string + description: the date of last password change + example: '2021-03-08T22:37:33.901Z' + lastLoginTimestamp: + description: Timestamp of the last login (long type value). + type: integer + format: int64 + example: 1656327185832 + currentLoginTimestamp: + description: Timestamp of the current login (long type value). + type: integer + format: int64 + example: 1656327185832 + capabilities: + description: Array of capabilities for this auth user. + type: array + items: + type: string + example: ORG_ADMIN + '400': + description: Client Error - Returned if the request body is invalid. content: application/json: schema: @@ -17421,1032 +17080,2539 @@ paths: type: string description: Actual text of the error message in the indicated locale. example: The request was syntactically correct but its content is semantically invalid. - examples: - '500': - summary: An example of a 500 response object - value: - detailCode: 500.0 Internal Fault - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: An internal fault occurred. - post: - operationId: createCampaign - tags: - - Certification Campaigns - summary: Create a campaign - description: Creates a new Certification Campaign with the information provided in the request body. - security: - - UserContextAuth: - - 'idn:campaign:create' - requestBody: - required: true - content: - application/json: - schema: - type: object - title: Campaign - allOf: - - type: object - title: Slim Campaign - required: - - name - - description - - type - properties: - id: - type: string - readOnly: true - description: Id of the campaign - example: 2c9079b270a266a60170a2779fcb0007 - name: - description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' - type: string - example: Manager Campaign - description: - type: string - description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' - example: Everyone needs to be reviewed by their manager - deadline: - type: string - format: date-time - description: The campaign's completion deadline. - example: '2020-03-15T10:00:01.456Z' - type: - type: string - description: The type of campaign. Could be extended in the future. - enum: - - MANAGER - - SOURCE_OWNER - - SEARCH - - ROLE_COMPOSITION - example: MANAGER - emailNotificationEnabled: - type: boolean - description: Enables email notification for this campaign - default: false - example: false - autoRevokeAllowed: - type: boolean - description: Allows auto revoke for this campaign - default: false - example: false - recommendationsEnabled: - type: boolean - description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. - default: false - example: true - status: - type: string - description: The campaign's current status. - readOnly: true - enum: - - PENDING - - STAGED - - CANCELING - - ACTIVATING - - ACTIVE - - COMPLETING - - COMPLETED - - ERROR - - ARCHIVED - example: ACTIVE - correlatedStatus: - type: string - description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). - enum: - - CORRELATED - - UNCORRELATED - example: CORRELATED - - type: object - properties: - created: - type: string - readOnly: true - format: date-time - description: Created time of the campaign - example: '2020-03-03T22:15:13.611Z' - modified: - type: string - readOnly: true - format: date-time - description: Modified time of the campaign - example: '2020-03-03T22:20:12.674Z' - correlatedStatus: - description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). - enum: - - CORRELATED - - UNCORRELATED - example: CORRELATED - filter: + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: type: object - description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. properties: - id: + locale: type: string - description: The ID of whatever type of filter is being used. - example: 0fbe863c063c4c88a35fd7f17e8a3df5 - type: + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: type: string - description: Type of the filter enum: - - CAMPAIGN_FILTER - - RULE - example: CAMPAIGN_FILTER - name: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: type: string - description: Name of the filter - example: Test Filter - sunsetCommentsRequired: - type: boolean - description: Determines if comments on sunset date changes are required. - default: true - example: true - sourceOwnerCampaignInfo: + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: type: object - description: Must be set only if the campaign type is SOURCE_OWNER. properties: - sourceIds: - type: array - description: The list of sources to be included in the campaign. - items: - type: string - example: - - 0fbe863c063c4c88a35fd7f17e8a3df5 - searchCampaignInfo: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: type: object - description: Must be set only if the campaign type is SEARCH. properties: - type: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: type: string - description: The type of search campaign represented. enum: - - IDENTITY - - ACCESS - example: ACCESS - description: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: type: string - description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.' - example: Search Campaign description - reviewer: - description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - - WORKGROUP - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - - type: object - query: + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: type: string - description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. - example: Search Campaign query description - identityIds: - type: array - description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. - items: - type: string - maxItems: 1000 - example: - - 0fbe863c063c4c88a35fd7f17e8a3df5 - accessConstraints: - type: array - description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. - items: - type: object - properties: - type: - type: string - enum: - - ENTITLEMENT - - ACCESS_PROFILE - - ROLE - description: Type of Access - example: ENTITLEMENT - ids: - description: Must be set only if operator is SELECTED. - type: array - items: - type: string - example: - - 2c90ad2a70ace7d50170acf22ca90010 - operator: - type: string - enum: - - ALL - - SELECTED - description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. - example: SELECTED - required: - - type - - operator - maxItems: 1000 - required: - - type - roleCompositionCampaignInfo: + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: type: object - description: Optional configuration options for role composition campaigns. properties: - reviewer: - description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - - WORKGROUP - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - - type: object - roleIds: - type: array - description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' - items: - type: string - example: - - 2c90ad2a70ace7d50170acf22ca90010 - remediatorRef: - type: object - description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.' - properties: - type: - type: string - enum: - - IDENTITY - description: Legal Remediator Type - example: IDENTITY - id: - type: string - description: The ID of the remediator. - example: 2c90ad2a70ace7d50170acf22ca90010 - name: - type: string - description: The name of the remediator. - readOnly: true - example: Role Admin - required: - - type - - id - query: + locale: type: string - description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' - example: Search Query - description: + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: type: string - description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.' - example: Role Composition Description - required: - - remediatorRef - alerts: - type: array - description: A list of errors and warnings that have accumulated. - readOnly: true - items: - type: object - properties: - level: - type: string - enum: - - ERROR - - WARN - - INFO - description: Denotes the level of the message - example: ERROR - localizations: - type: array - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - totalCertifications: - type: integer - description: The total number of certifications in this campaign. - readOnly: true - example: 100 - completedCertifications: - type: integer - description: The number of completed certifications in this campaign. - readOnly: true - example: 10 - sourcesWithOrphanEntitlements: - type: array - description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). - readOnly: true - items: - type: object - properties: - id: - type: string - description: Id of the source - example: 2c90ad2a70ace7d50170acf22ca90010 - type: - type: string - enum: - - SOURCE - description: Type - example: SOURCE - name: - type: string - description: Name of the source - example: Source with orphan entitlements - mandatoryCommentRequirement: - type: string - description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.' - enum: - - ALL_DECISIONS - - REVOKE_ONLY_DECISIONS - - NO_DECISIONS - example: NO_DECISIONS - examples: - Manager: - value: - name: Manager Review - description: A review of everyone's access by their manager. - deadline: 2020-12-25T06:00:00.468Z - type: MANAGER - emailNotificationEnabled: false - autoRevokeAllowed: false - recommendationsEnabled: false - filter: - type: CAMPAIGN_FILTER - id: 0c46fb26c6b20967a55517ee90d15b93 - mandatoryCommentRequirement: NO_DECISIONS - Search: - value: - name: Search Campaign - description: Search Campaign - deadline: 2020-12-25T06:00:00.468Z - type: SEARCH - emailNotificationEnabled: false - autoRevokeAllowed: false - recommendationsEnabled: false - filter: - type: CAMPAIGN_FILTER - id: 0c46fb26c6b20967a55517ee90d15b93 - searchCampaignInfo: - type: ACCESS - query: user - mandatoryCommentRequirement: NO_DECISIONS - Source Owner: - value: - name: Source Owner - description: Source Owner Info - deadline: 2020-12-25T06:00:00.468Z - type: SOURCE_OWNER - emailNotificationEnabled: false - autoRevokeAllowed: false - recommendationsEnabled: false - filter: - type: CAMPAIGN_FILTER - id: 0c46fb26c6b20967a55517ee90d15b93 - sourceOwnerCampaignInfo: - sourceIds: - - 612b31b1a0f04aaf83123bdb80e70db6 - correlatedStatus: CORRELATED - mandatoryCommentRequirement: NO_DECISIONS - Role Composition: - value: - name: Role Composition Campaign - description: A review done by a role owner. - deadline: 2020-12-25T06:00:00.468Z - type: ROLE_COMPOSITION - emailNotificationEnabled: false - autoRevokeAllowed: false - recommendationsEnabled: false - filter: - type: CAMPAIGN_FILTER - id: 0c46fb26c6b20967a55517ee90d15b93 - roleCompositionCampaignInfo: - remediatorRef: - type: IDENTITY - id: 7ec252acbd4245548bc25df22348cb75 - name: SailPoint Support - roleIds: - - b15d609fc5c8434b865fe552315fda8f - mandatoryCommentRequirement: NO_DECISIONS + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /campaigns: + get: + operationId: getActiveCampaigns + tags: + - Certification Campaigns + summary: List Campaigns + description: Gets campaigns and returns them in a list. Can provide increased level of detail for each campaign if provided the correct query. + security: + - UserContextAuth: + - 'idn:campaign-list:read' + parameters: + - in: query + name: detail + schema: + type: string + enum: + - SLIM + - FULL + required: false + description: 'Determines whether slim, or increased level of detail is provided for each campaign in the returned list. Slim is the default behavior.' + example: FULL + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + required: false + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *eq, sw* + + **status**: *eq, in* + example: name eq "Manager Campaign" + - in: query + name: sorters + schema: + type: string + format: comma-separated + required: false + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name**, **created** + example: name responses: '200': - description: Indicates that the campaign requested was successfully created and returns its representation. + description: A list of campaign objects. content: application/json: schema: - type: object - title: Campaign - allOf: - - type: object - title: Slim Campaign - required: - - name - - description - - type - properties: - id: - type: string - readOnly: true - description: Id of the campaign - example: 2c9079b270a266a60170a2779fcb0007 - name: - description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' - type: string - example: Manager Campaign - description: - type: string - description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' - example: Everyone needs to be reviewed by their manager - deadline: - type: string - format: date-time - description: The campaign's completion deadline. - example: '2020-03-15T10:00:01.456Z' - type: - type: string - description: The type of campaign. Could be extended in the future. - enum: - - MANAGER - - SOURCE_OWNER - - SEARCH - - ROLE_COMPOSITION - example: MANAGER - emailNotificationEnabled: - type: boolean - description: Enables email notification for this campaign - default: false - example: false - autoRevokeAllowed: - type: boolean - description: Allows auto revoke for this campaign - default: false - example: false - recommendationsEnabled: - type: boolean - description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. - default: false - example: true - status: - type: string - description: The campaign's current status. - readOnly: true - enum: - - PENDING - - STAGED - - CANCELING - - ACTIVATING - - ACTIVE - - COMPLETING - - COMPLETED - - ERROR - - ARCHIVED - example: ACTIVE - correlatedStatus: - type: string - description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). - enum: - - CORRELATED - - UNCORRELATED - example: CORRELATED - - type: object - properties: - created: - type: string - readOnly: true - format: date-time - description: Created time of the campaign - example: '2020-03-03T22:15:13.611Z' - modified: - type: string - readOnly: true - format: date-time - description: Modified time of the campaign - example: '2020-03-03T22:20:12.674Z' - correlatedStatus: - description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). - enum: - - CORRELATED - - UNCORRELATED - example: CORRELATED - filter: - type: object - description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. - properties: - id: - type: string - description: The ID of whatever type of filter is being used. - example: 0fbe863c063c4c88a35fd7f17e8a3df5 - type: - type: string - description: Type of the filter - enum: - - CAMPAIGN_FILTER - - RULE - example: CAMPAIGN_FILTER - name: - type: string - description: Name of the filter - example: Test Filter - sunsetCommentsRequired: - type: boolean - description: Determines if comments on sunset date changes are required. - default: true - example: true - sourceOwnerCampaignInfo: - type: object - description: Must be set only if the campaign type is SOURCE_OWNER. - properties: - sourceIds: - type: array - description: The list of sources to be included in the campaign. - items: + type: array + items: + oneOf: + - type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + default: false + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + default: false + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + default: false + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + - type: object + title: Campaign + allOf: + - type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: type: string - example: - - 0fbe863c063c4c88a35fd7f17e8a3df5 - searchCampaignInfo: - type: object - description: Must be set only if the campaign type is SEARCH. - properties: - type: - type: string - description: The type of search campaign represented. - enum: - - IDENTITY - - ACCESS - example: ACCESS - description: - type: string - description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.' - example: Search Campaign description - reviewer: - description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - - WORKGROUP - example: IDENTITY - id: - type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: - type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - - type: object - query: - type: string - description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. - example: Search Campaign query description - identityIds: - type: array - description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. - items: + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' type: string - maxItems: 1000 - example: - - 0fbe863c063c4c88a35fd7f17e8a3df5 - accessConstraints: - type: array - description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. - items: + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + default: false + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + default: false + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + default: false + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + - type: object + properties: + created: + type: string + readOnly: true + format: date-time + description: Created time of the campaign + example: '2020-03-03T22:15:13.611Z' + modified: + type: string + readOnly: true + format: date-time + description: Modified time of the campaign + example: '2020-03-03T22:20:12.674Z' + correlatedStatus: + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + filter: type: object + description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. properties: + id: + type: string + description: The ID of whatever type of filter is being used. + example: 0fbe863c063c4c88a35fd7f17e8a3df5 type: type: string + description: Type of the filter enum: - - ENTITLEMENT - - ACCESS_PROFILE - - ROLE - description: Type of Access - example: ENTITLEMENT - ids: - description: Must be set only if operator is SELECTED. + - CAMPAIGN_FILTER + - RULE + example: CAMPAIGN_FILTER + name: + type: string + description: Name of the filter + example: Test Filter + sunsetCommentsRequired: + type: boolean + description: Determines if comments on sunset date changes are required. + default: true + example: true + sourceOwnerCampaignInfo: + type: object + description: Must be set only if the campaign type is SOURCE_OWNER. + properties: + sourceIds: type: array + description: The list of sources to be included in the campaign. items: type: string example: - - 2c90ad2a70ace7d50170acf22ca90010 - operator: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + searchCampaignInfo: + type: object + description: Must be set only if the campaign type is SEARCH. + properties: + type: type: string + description: The type of search campaign represented. enum: - - ALL - - SELECTED - description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. - example: SELECTED + - IDENTITY + - ACCESS + example: ACCESS + description: + type: string + description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.' + example: Search Campaign description + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + - WORKGROUP + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + query: + type: string + description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. + example: Search Campaign query description + identityIds: + type: array + description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. + items: + type: string + maxItems: 1000 + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + accessConstraints: + type: array + description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + description: Type of Access + example: ENTITLEMENT + ids: + description: Must be set only if operator is SELECTED. + type: array + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + operator: + type: string + enum: + - ALL + - SELECTED + description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. + example: SELECTED + required: + - type + - operator + maxItems: 1000 required: - type - - operator - maxItems: 1000 - required: - - type - roleCompositionCampaignInfo: - type: object - description: Optional configuration options for role composition campaigns. - properties: - reviewer: - description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' - allOf: - - type: object - properties: - type: - description: DTO type - type: string - enum: - - ACCOUNT_CORRELATION_CONFIG - - ACCESS_PROFILE - - ACCESS_REQUEST_APPROVAL - - ACCOUNT - - APPLICATION - - CAMPAIGN - - CAMPAIGN_FILTER - - CERTIFICATION - - CLUSTER - - CONNECTOR_SCHEMA - - ENTITLEMENT - - GOVERNANCE_GROUP - - IDENTITY - - IDENTITY_PROFILE - - IDENTITY_REQUEST - - LIFECYCLE_STATE - - PASSWORD_POLICY - - ROLE - - RULE - - SOD_POLICY - - SOURCE - - TAG - - TAG_CATEGORY - - TASK_RESULT - - REPORT_RESULT - - SOD_VIOLATION - - ACCOUNT_ACTIVITY - - WORKGROUP - example: IDENTITY - id: + roleCompositionCampaignInfo: + type: object + description: Optional configuration options for role composition campaigns. + properties: + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + - WORKGROUP + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + roleIds: + type: array + description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + items: type: string - description: ID of the object to which this reference applies - example: 2c91808568c529c60168cca6f90c1313 - name: + example: + - 2c90ad2a70ace7d50170acf22ca90010 + remediatorRef: + type: object + description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.' + properties: + type: + type: string + enum: + - IDENTITY + description: Legal Remediator Type + example: IDENTITY + id: + type: string + description: The ID of the remediator. + example: 2c90ad2a70ace7d50170acf22ca90010 + name: + type: string + description: The name of the remediator. + readOnly: true + example: Role Admin + required: + - type + - id + query: + type: string + description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + example: Search Query + description: + type: string + description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.' + example: Role Composition Description + required: + - remediatorRef + alerts: + type: array + description: A list of errors and warnings that have accumulated. + readOnly: true + items: + type: object + properties: + level: type: string - description: Human-readable display name of the object to which this reference applies - example: William Wilson - - type: object - roleIds: - type: array - description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' - items: - type: string - example: - - 2c90ad2a70ace7d50170acf22ca90010 - remediatorRef: - type: object - description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.' - properties: - type: - type: string - enum: - - IDENTITY - description: Legal Remediator Type - example: IDENTITY - id: - type: string - description: The ID of the remediator. - example: 2c90ad2a70ace7d50170acf22ca90010 - name: - type: string - description: The name of the remediator. - readOnly: true - example: Role Admin - required: - - type - - id - query: - type: string - description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' - example: Search Query - description: - type: string - description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.' - example: Role Composition Description - required: - - remediatorRef - alerts: - type: array - description: A list of errors and warnings that have accumulated. - readOnly: true - items: - type: object - properties: - level: - type: string - enum: - - ERROR - - WARN - - INFO - description: Denotes the level of the message - example: ERROR - localizations: + enum: + - ERROR + - WARN + - INFO + description: Denotes the level of the message + example: ERROR + localizations: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + totalCertifications: + type: integer + description: The total number of certifications in this campaign. + readOnly: true + example: 100 + completedCertifications: + type: integer + description: The number of completed certifications in this campaign. + readOnly: true + example: 10 + sourcesWithOrphanEntitlements: type: array + description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). + readOnly: true items: type: object properties: - locale: + id: type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: + description: Id of the source + example: 2c90ad2a70ace7d50170acf22ca90010 + type: type: string enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: + - SOURCE + description: Type + example: SOURCE + name: type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - totalCertifications: - type: integer - description: The total number of certifications in this campaign. - readOnly: true - example: 100 - completedCertifications: - type: integer - description: The number of completed certifications in this campaign. - readOnly: true - example: 10 - sourcesWithOrphanEntitlements: - type: array - description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). - readOnly: true - items: - type: object - properties: - id: - type: string - description: Id of the source - example: 2c90ad2a70ace7d50170acf22ca90010 - type: + description: Name of the source + example: Source with orphan entitlements + mandatoryCommentRequirement: type: string + description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.' enum: - - SOURCE - description: Type - example: SOURCE - name: - type: string - description: Name of the source - example: Source with orphan entitlements - mandatoryCommentRequirement: - type: string - description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.' - enum: - - ALL_DECISIONS - - REVOKE_ONLY_DECISIONS - - NO_DECISIONS - example: NO_DECISIONS + - ALL_DECISIONS + - REVOKE_ONLY_DECISIONS + - NO_DECISIONS + example: NO_DECISIONS + examples: + Slim Campaign: + description: List of Slim Campaigns that would result from not specifying *detail* or specifying SLIM + value: + - id: 2c918086719eec070171a7e3355a360a + name: Manager Review + description: A review of everyone's access by their manager. + deadline: '2020-12-25T06:00:00.123Z' + type: MANAGER + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + - id: 7e1a731e3fb845cfbe58112ba4673ee4 + name: Search Campaign + description: Search Campaign Info + deadline: 2022-07-26T15:42:44.000Z + type: SEARCH + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + - id: 2c918086719eec070171a7e3355a412b + name: AD Source Review + description: A review of our AD source. + deadline: '2020-12-25T06:00:00.123Z' + type: SOURCE_OWNER + status: STAGED + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + correlatedStatus: CORRELATED + - id: 3b2e2e5821e84127b6d693d41c40623b + name: Role Composition Campaign + description: A review done by a role owner. + deadline: 2020-12-25T06:00:00.468Z + type: ROLE_COMPOSITION + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + Full Campaign: + description: List of Campaigns that would result from specifying *detail* as FULL + value: + - id: 078696a575e045c68d6722ccdb9f101d + name: Role Composition Campaign + description: A review done by a role owner. + deadline: 2020-12-25T06:00:00.468Z + type: ROLE_COMPOSITION + status: ERROR + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-08-02T20:29:51.065Z + modified: 2022-08-02T20:29:51.331Z + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Role Composition Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: + remediatorRef: + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + reviewerId: null + reviewer: null + roleIds: + - b15d609fc5c8434b865fe552315fda8f + query: null + description: null + alerts: + - level: ERROR + localizations: + - locale: en + localeOrigin: DEFAULT + text: Composite criterion must have children non-composite criterion must not. + totalCertifications: 0 + completedCertifications: 0 + sourcesWithOrphanEntitlements: null + mandatoryCommentRequirement: NO_DECISIONS + - id: 1be8fc1103914bf0a4e14e316b6a7b7c + name: Manager Review + description: A review of everyone's access by their manager. + deadline: 2020-12-25T06:00:00.468Z + type: MANAGER + status: STAGED + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-08-02T19:00:27.731Z + modified: 2022-08-02T19:00:34.391Z + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Manager Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: 5 + completedCertifications: 0 + sourcesWithOrphanEntitlements: [] + mandatoryCommentRequirement: NO_DECISIONS + - id: 7e1a731e3fb845cfbe58112ba4673ee4 + name: Search Campaign + description: Search Campaign for Identities + deadline: 2022-07-26T15:42:44.000Z + type: SEARCH + status: ACTIVE + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-07-25T15:42:18.276Z + modified: 2022-07-25T15:42:53.718Z + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Search Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: + type: IDENTITY + description: Example of Search Campaign + reviewer: + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: null + query: user + identityIds: null + accessConstraints: [] + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: 6 + completedCertifications: 0 + sourcesWithOrphanEntitlements: [] + mandatoryCommentRequirement: NO_DECISIONS + - id: ad3cf3dd50394b1bad646de4bc51b999 + name: Source Owner Campaign + description: Example for Source Owner Campaign + deadline: 2022-08-10T17:09:02.000Z + type: SOURCE_OWNER + status: ACTIVE + emailNotificationEnabled: true + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-07-27T17:04:19.027Z + modified: 2022-07-27T17:09:13.925Z + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Source Owner Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: + sourceIds: + - 2c91808781fd5aea01821200dc88318e + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: 2 + completedCertifications: 0 + sourcesWithOrphanEntitlements: [] + correlatedStatus: CORRELATED + mandatoryCommentRequirement: NO_DECISIONS + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createCampaign + tags: + - Certification Campaigns + summary: Create a campaign + description: Creates a new Certification Campaign with the information provided in the request body. + security: + - UserContextAuth: + - 'idn:campaign:create' + requestBody: + required: true + content: + application/json: + schema: + type: object + title: Campaign + allOf: + - type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + default: false + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + default: false + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + default: false + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + - type: object + properties: + created: + type: string + readOnly: true + format: date-time + description: Created time of the campaign + example: '2020-03-03T22:15:13.611Z' + modified: + type: string + readOnly: true + format: date-time + description: Modified time of the campaign + example: '2020-03-03T22:20:12.674Z' + correlatedStatus: + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + filter: + type: object + description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. + properties: + id: + type: string + description: The ID of whatever type of filter is being used. + example: 0fbe863c063c4c88a35fd7f17e8a3df5 + type: + type: string + description: Type of the filter + enum: + - CAMPAIGN_FILTER + - RULE + example: CAMPAIGN_FILTER + name: + type: string + description: Name of the filter + example: Test Filter + sunsetCommentsRequired: + type: boolean + description: Determines if comments on sunset date changes are required. + default: true + example: true + sourceOwnerCampaignInfo: + type: object + description: Must be set only if the campaign type is SOURCE_OWNER. + properties: + sourceIds: + type: array + description: The list of sources to be included in the campaign. + items: + type: string + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + searchCampaignInfo: + type: object + description: Must be set only if the campaign type is SEARCH. + properties: + type: + type: string + description: The type of search campaign represented. + enum: + - IDENTITY + - ACCESS + example: ACCESS + description: + type: string + description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.' + example: Search Campaign description + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + - WORKGROUP + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + query: + type: string + description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. + example: Search Campaign query description + identityIds: + type: array + description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. + items: + type: string + maxItems: 1000 + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + accessConstraints: + type: array + description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + description: Type of Access + example: ENTITLEMENT + ids: + description: Must be set only if operator is SELECTED. + type: array + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + operator: + type: string + enum: + - ALL + - SELECTED + description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. + example: SELECTED + required: + - type + - operator + maxItems: 1000 + required: + - type + roleCompositionCampaignInfo: + type: object + description: Optional configuration options for role composition campaigns. + properties: + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + - WORKGROUP + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + roleIds: + type: array + description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + remediatorRef: + type: object + description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.' + properties: + type: + type: string + enum: + - IDENTITY + description: Legal Remediator Type + example: IDENTITY + id: + type: string + description: The ID of the remediator. + example: 2c90ad2a70ace7d50170acf22ca90010 + name: + type: string + description: The name of the remediator. + readOnly: true + example: Role Admin + required: + - type + - id + query: + type: string + description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + example: Search Query + description: + type: string + description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.' + example: Role Composition Description + required: + - remediatorRef + alerts: + type: array + description: A list of errors and warnings that have accumulated. + readOnly: true + items: + type: object + properties: + level: + type: string + enum: + - ERROR + - WARN + - INFO + description: Denotes the level of the message + example: ERROR + localizations: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + totalCertifications: + type: integer + description: The total number of certifications in this campaign. + readOnly: true + example: 100 + completedCertifications: + type: integer + description: The number of completed certifications in this campaign. + readOnly: true + example: 10 + sourcesWithOrphanEntitlements: + type: array + description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). + readOnly: true + items: + type: object + properties: + id: + type: string + description: Id of the source + example: 2c90ad2a70ace7d50170acf22ca90010 + type: + type: string + enum: + - SOURCE + description: Type + example: SOURCE + name: + type: string + description: Name of the source + example: Source with orphan entitlements + mandatoryCommentRequirement: + type: string + description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.' + enum: + - ALL_DECISIONS + - REVOKE_ONLY_DECISIONS + - NO_DECISIONS + example: NO_DECISIONS + examples: + Manager: + value: + name: Manager Review + description: A review of everyone's access by their manager. + deadline: 2020-12-25T06:00:00.468Z + type: MANAGER + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + filter: + type: CAMPAIGN_FILTER + id: 0c46fb26c6b20967a55517ee90d15b93 + mandatoryCommentRequirement: NO_DECISIONS + Search: + value: + name: Search Campaign + description: Search Campaign + deadline: 2020-12-25T06:00:00.468Z + type: SEARCH + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + filter: + type: CAMPAIGN_FILTER + id: 0c46fb26c6b20967a55517ee90d15b93 + searchCampaignInfo: + type: ACCESS + query: user + mandatoryCommentRequirement: NO_DECISIONS + Source Owner: + value: + name: Source Owner + description: Source Owner Info + deadline: 2020-12-25T06:00:00.468Z + type: SOURCE_OWNER + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + filter: + type: CAMPAIGN_FILTER + id: 0c46fb26c6b20967a55517ee90d15b93 + sourceOwnerCampaignInfo: + sourceIds: + - 612b31b1a0f04aaf83123bdb80e70db6 + correlatedStatus: CORRELATED + mandatoryCommentRequirement: NO_DECISIONS + Role Composition: + value: + name: Role Composition Campaign + description: A review done by a role owner. + deadline: 2020-12-25T06:00:00.468Z + type: ROLE_COMPOSITION + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + filter: + type: CAMPAIGN_FILTER + id: 0c46fb26c6b20967a55517ee90d15b93 + roleCompositionCampaignInfo: + remediatorRef: + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + roleIds: + - b15d609fc5c8434b865fe552315fda8f + mandatoryCommentRequirement: NO_DECISIONS + responses: + '200': + description: Indicates that the campaign requested was successfully created and returns its representation. + content: + application/json: + schema: + type: object + title: Campaign + allOf: + - type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + default: false + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + default: false + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + default: false + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + - type: object + properties: + created: + type: string + readOnly: true + format: date-time + description: Created time of the campaign + example: '2020-03-03T22:15:13.611Z' + modified: + type: string + readOnly: true + format: date-time + description: Modified time of the campaign + example: '2020-03-03T22:20:12.674Z' + correlatedStatus: + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED + filter: + type: object + description: Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank. + properties: + id: + type: string + description: The ID of whatever type of filter is being used. + example: 0fbe863c063c4c88a35fd7f17e8a3df5 + type: + type: string + description: Type of the filter + enum: + - CAMPAIGN_FILTER + - RULE + example: CAMPAIGN_FILTER + name: + type: string + description: Name of the filter + example: Test Filter + sunsetCommentsRequired: + type: boolean + description: Determines if comments on sunset date changes are required. + default: true + example: true + sourceOwnerCampaignInfo: + type: object + description: Must be set only if the campaign type is SOURCE_OWNER. + properties: + sourceIds: + type: array + description: The list of sources to be included in the campaign. + items: + type: string + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + searchCampaignInfo: + type: object + description: Must be set only if the campaign type is SEARCH. + properties: + type: + type: string + description: The type of search campaign represented. + enum: + - IDENTITY + - ACCESS + example: ACCESS + description: + type: string + description: 'Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.' + example: Search Campaign description + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + - WORKGROUP + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + query: + type: string + description: The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of `query` or `identityIds` must be set. + example: Search Campaign query description + identityIds: + type: array + description: A direct list of identities to include in this campaign. One of `identityIds` or `query` must be set. + items: + type: string + maxItems: 1000 + example: + - 0fbe863c063c4c88a35fd7f17e8a3df5 + accessConstraints: + type: array + description: Further reduces the scope of the campaign by excluding identities (from `query` or `identityIds`) that do not have this access. + items: + type: object + properties: + type: + type: string + enum: + - ENTITLEMENT + - ACCESS_PROFILE + - ROLE + description: Type of Access + example: ENTITLEMENT + ids: + description: Must be set only if operator is SELECTED. + type: array + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + operator: + type: string + enum: + - ALL + - SELECTED + description: Used to determine whether the scope of the campaign should be reduced for selected ids or all. + example: SELECTED + required: + - type + - operator + maxItems: 1000 + required: + - type + roleCompositionCampaignInfo: + type: object + description: Optional configuration options for role composition campaigns. + properties: + reviewer: + description: 'If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP' + allOf: + - type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + - WORKGROUP + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + - type: object + roleIds: + type: array + description: 'Optional list of roles to include in this campaign. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + items: + type: string + example: + - 2c90ad2a70ace7d50170acf22ca90010 + remediatorRef: + type: object + description: 'This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is ''IDENTITY'', and the chosen identity must be a Role Admin or Org Admin.' + properties: + type: + type: string + enum: + - IDENTITY + description: Legal Remediator Type + example: IDENTITY + id: + type: string + description: The ID of the remediator. + example: 2c90ad2a70ace7d50170acf22ca90010 + name: + type: string + description: The name of the remediator. + readOnly: true + example: Role Admin + required: + - type + - id + query: + type: string + description: 'Optional search query to scope this campaign to a set of roles. Only one of `roleIds` and `query` may be set; if neither are set, all roles are included.' + example: Search Query + description: + type: string + description: 'Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.' + example: Role Composition Description + required: + - remediatorRef + alerts: + type: array + description: A list of errors and warnings that have accumulated. + readOnly: true + items: + type: object + properties: + level: + type: string + enum: + - ERROR + - WARN + - INFO + description: Denotes the level of the message + example: ERROR + localizations: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + totalCertifications: + type: integer + description: The total number of certifications in this campaign. + readOnly: true + example: 100 + completedCertifications: + type: integer + description: The number of completed certifications in this campaign. + readOnly: true + example: 10 + sourcesWithOrphanEntitlements: + type: array + description: A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented). + readOnly: true + items: + type: object + properties: + id: + type: string + description: Id of the source + example: 2c90ad2a70ace7d50170acf22ca90010 + type: + type: string + enum: + - SOURCE + description: Type + example: SOURCE + name: + type: string + description: Name of the source + example: Source with orphan entitlements + mandatoryCommentRequirement: + type: string + description: 'Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.' + enum: + - ALL_DECISIONS + - REVOKE_ONLY_DECISIONS + - NO_DECISIONS + example: NO_DECISIONS + examples: + Manager: + value: + id: 5594f43b76804a6980ece5fdccf74be7 + name: Manager Review + description: A review of everyone's access by their manager. + deadline: 2020-12-25T06:00:00.468Z + type: MANAGER + status: PENDING + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-08-02T20:21:18.421Z + modified: null + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Manager Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: 0 + completedCertifications: 0 + sourcesWithOrphanEntitlements: null + mandatoryCommentRequirement: NO_DECISIONS + Search: + value: + id: ec041831cb2147778b594feb9d8db44a + name: Search Campaign + description: Search Campaign + deadline: 2020-12-25T06:00:00.468Z + type: SEARCH + status: PENDING + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-08-03T13:54:34.344Z + modified: null + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Search Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: + type: ACCESS + description: user + reviewer: + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: null + query: user + identityIds: null + accessConstraints: [] + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: 0 + completedCertifications: 0 + sourcesWithOrphanEntitlements: null + mandatoryCommentRequirement: NO_DECISIONS + Source Owner: + value: + id: fd7b76ba4ea042de8a9414aa12fc977a + name: Source Owner + description: Source Owner Info + deadline: 2020-12-25T06:00:00.468Z + type: SOURCE_OWNER + status: PENDING + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-08-03T13:34:19.541Z + modified: null + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Source Owner Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + sourceIds: + - 612b31b1a0f04aaf83123bdb80e70db6 + searchCampaignInfo: null + roleCompositionCampaignInfo: null + alerts: null + totalCertifications: 0 + completedCertifications: 0 + sourcesWithOrphanEntitlements: null + correlatedStatus: CORRELATED + mandatoryCommentRequirement: NO_DECISIONS + Role Composition: + value: + id: 3b2e2e5821e84127b6d693d41c40623b + name: Role Composition Campaign + description: A review done by a role owner. + deadline: 2020-12-25T06:00:00.468Z + type: ROLE_COMPOSITION + status: PENDING + emailNotificationEnabled: false + autoRevokeAllowed: false + recommendationsEnabled: false + created: 2022-08-02T20:30:46.083Z + modified: null + filter: + type: CAMPAIGN_FILTER + id: 0fbe863c063c4c88a35fd7f17e8a3df5 + name: Test Role Composition Filter + sunsetCommentsRequired: true + sourceOwnerCampaignInfo: null + searchCampaignInfo: null + roleCompositionCampaignInfo: + remediatorRef: + type: IDENTITY + id: 7ec252acbd4245548bc25df22348cb75 + name: SailPoint Support + reviewerId: null + reviewer: null + roleIds: + - b15d609fc5c8434b865fe552315fda8f + query: null + description: null + alerts: null + totalCertifications: 0 + completedCertifications: 0 + sourcesWithOrphanEntitlements: null + mandatoryCommentRequirement: NO_DECISIONS + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/campaigns/{id}': + get: + operationId: getCampaign + tags: + - Certification Campaigns + summary: Get a campaign + description: 'Retrieves information for an existing campaign using the campaign''s ID. Authorized callers must be a reviewer for this campaign, an ORG_ADMIN, or a CERT_ADMIN.' + security: + - UserContextAuth: [] + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the campaign to be retrieved + example: 2c91808571bcfcf80171c23e4b4221fc + responses: + '200': + description: A campaign object + content: + application/json: + schema: + type: object + title: Slim Campaign + required: + - name + - description + - type + properties: + id: + type: string + readOnly: true + description: Id of the campaign + example: 2c9079b270a266a60170a2779fcb0007 + name: + description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + type: string + example: Manager Campaign + description: + type: string + description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' + example: Everyone needs to be reviewed by their manager + deadline: + type: string + format: date-time + description: The campaign's completion deadline. + example: '2020-03-15T10:00:01.456Z' + type: + type: string + description: The type of campaign. Could be extended in the future. + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + - ROLE_COMPOSITION + example: MANAGER + emailNotificationEnabled: + type: boolean + description: Enables email notification for this campaign + default: false + example: false + autoRevokeAllowed: + type: boolean + description: Allows auto revoke for this campaign + default: false + example: false + recommendationsEnabled: + type: boolean + description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. + default: false + example: true + status: + type: string + description: The campaign's current status. + readOnly: true + enum: + - PENDING + - STAGED + - CANCELING + - ACTIVATING + - ACTIVE + - COMPLETING + - COMPLETED + - ERROR + - ARCHIVED + example: ACTIVE + correlatedStatus: + type: string + description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). + enum: + - CORRELATED + - UNCORRELATED + example: CORRELATED examples: Manager: value: - id: 5594f43b76804a6980ece5fdccf74be7 + id: 2c918086719eec070171a7e3355a360a name: Manager Review description: A review of everyone's access by their manager. - deadline: 2020-12-25T06:00:00.468Z + deadline: '2020-12-25T06:00:00.123Z' type: MANAGER - status: PENDING + status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false - created: 2022-08-02T20:21:18.421Z - modified: null - filter: - type: CAMPAIGN_FILTER - id: 0fbe863c063c4c88a35fd7f17e8a3df5 - name: Test Manager Filter - sunsetCommentsRequired: true - sourceOwnerCampaignInfo: null - searchCampaignInfo: null - roleCompositionCampaignInfo: null - alerts: null - totalCertifications: 0 - completedCertifications: 0 - sourcesWithOrphanEntitlements: null - mandatoryCommentRequirement: NO_DECISIONS Search: value: - id: ec041831cb2147778b594feb9d8db44a + id: 7e1a731e3fb845cfbe58112ba4673ee4 name: Search Campaign - description: Search Campaign - deadline: 2020-12-25T06:00:00.468Z + description: Search Campaign Info + deadline: 2022-07-26T15:42:44.000Z type: SEARCH - status: PENDING + status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false - created: 2022-08-03T13:54:34.344Z - modified: null - filter: - type: CAMPAIGN_FILTER - id: 0fbe863c063c4c88a35fd7f17e8a3df5 - name: Test Search Filter - sunsetCommentsRequired: true - sourceOwnerCampaignInfo: null - searchCampaignInfo: - type: ACCESS - description: user - reviewer: - type: IDENTITY - id: 7ec252acbd4245548bc25df22348cb75 - name: null - query: user - identityIds: null - accessConstraints: [] - roleCompositionCampaignInfo: null - alerts: null - totalCertifications: 0 - completedCertifications: 0 - sourcesWithOrphanEntitlements: null - mandatoryCommentRequirement: NO_DECISIONS Source Owner: value: - id: fd7b76ba4ea042de8a9414aa12fc977a - name: Source Owner - description: Source Owner Info - deadline: 2020-12-25T06:00:00.468Z + id: 2c918086719eec070171a7e3355a412b + name: AD Source Review + description: A review of our AD source. + deadline: '2020-12-25T06:00:00.123Z' type: SOURCE_OWNER - status: PENDING - emailNotificationEnabled: false + status: STAGED + emailNotificationEnabled: true autoRevokeAllowed: false recommendationsEnabled: false - created: 2022-08-03T13:34:19.541Z - modified: null - filter: - type: CAMPAIGN_FILTER - id: 0fbe863c063c4c88a35fd7f17e8a3df5 - name: Test Source Owner Filter - sunsetCommentsRequired: true - sourceOwnerCampaignInfo: null - sourceIds: - - 612b31b1a0f04aaf83123bdb80e70db6 - searchCampaignInfo: null - roleCompositionCampaignInfo: null - alerts: null - totalCertifications: 0 - completedCertifications: 0 - sourcesWithOrphanEntitlements: null correlatedStatus: CORRELATED - mandatoryCommentRequirement: NO_DECISIONS - Role Composition: + RoleComposition: value: id: 3b2e2e5821e84127b6d693d41c40623b name: Role Composition Campaign description: A review done by a role owner. deadline: 2020-12-25T06:00:00.468Z type: ROLE_COMPOSITION - status: PENDING + status: ACTIVE emailNotificationEnabled: false autoRevokeAllowed: false recommendationsEnabled: false - created: 2022-08-02T20:30:46.083Z - modified: null - filter: - type: CAMPAIGN_FILTER - id: 0fbe863c063c4c88a35fd7f17e8a3df5 - name: Test Role Composition Filter - sunsetCommentsRequired: true - sourceOwnerCampaignInfo: null - searchCampaignInfo: null - roleCompositionCampaignInfo: - remediatorRef: - type: IDENTITY - id: 7ec252acbd4245548bc25df22348cb75 - name: SailPoint Support - reviewerId: null - reviewer: null - roleIds: - - b15d609fc5c8434b865fe552315fda8f - query: null - description: null - alerts: null - totalCertifications: 0 - completedCertifications: 0 - sourcesWithOrphanEntitlements: null - mandatoryCommentRequirement: NO_DECISIONS '400': description: Client Error - Returned if the request body is invalid. content: @@ -18504,18 +19670,85 @@ paths: type: string description: Actual text of the error message in the indicated locale. example: The request was syntactically correct but its content is semantically invalid. - '401': - description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' - content: - application/json: - schema: - type: object - properties: - error: - description: A message describing the error - example: 'JWT validation failed: JWT is expired' - '403': - description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist content: application/json: schema: @@ -18572,15 +19805,15 @@ paths: description: Actual text of the error message in the indicated locale. example: The request was syntactically correct but its content is semantically invalid. examples: - '403': - summary: An example of a 403 response object + '404': + summary: An example of a 404 response object value: - detailCode: 403 Forbidden + detailCode: 404 Not found trackingId: b21b1f7ce4da4d639f2c62a57171b427 messages: - locale: en-US localeOrigin: DEFAULT - text: The server understood the request but refuses to authorize it. + text: The server did not find a current representation for the target resource. '429': description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. content: @@ -18658,26 +19891,89 @@ paths: - locale: en-US localeOrigin: DEFAULT text: An internal fault occurred. - '/campaigns/{id}': - get: - operationId: getCampaign + patch: + operationId: updateCampaign tags: - Certification Campaigns - summary: Get a campaign - description: 'Retrieves information for an existing campaign using the campaign''s ID. Authorized callers must be a reviewer for this campaign, an ORG_ADMIN, or a CERT_ADMIN.' + summary: Update a Campaign + description: 'Allows updating individual fields on a campaign using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.' security: - - UserContextAuth: [] + - UserContextAuth: + - 'idn:campaign:update' + - 'idn:campaign:read' parameters: - in: path name: id schema: type: string required: true - description: The ID of the campaign to be retrieved + description: The ID of the campaign template being modified. example: 2c91808571bcfcf80171c23e4b4221fc + requestBody: + required: true + description: | + A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + The fields that can be patched differ based on the status of the campaign. + + In the *STAGED* status, the following fields can be patched: + * name + * description + * recommendationsEnabled + * deadline + * emailNotificationEnabled + * autoRevokeAllowed + + In the *ACTIVE* status, the following fields can be patched: + * deadline + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /name + value: This field has been updated! + - op: copy + from: /name + path: /description responses: '200': - description: A campaign object + description: 'Indicates the PATCH operation succeeded, and returns the campaign''s new representation.' content: application/json: schema: @@ -19018,15 +20314,165 @@ paths: properties: detailCode: type: string - description: Fine-grained error code providing more detail of the error. - example: 400.1 Bad Request Content - trackingId: + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/campaigns/{id}/reassign': + post: + security: + - UserContextAuth: + - 'idn:certification:write' + operationId: move + tags: + - Certification Campaigns + summary: Reassign Certifications + description: This API reassigns the specified certifications from one identity to another. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The certification campaign ID + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + certificationIds: + description: List of certification IDs to reassign + type: array + items: + type: string + minItems: 1 + maxItems: 250 + example: + - af3859464779471211bb8424a563abc1 + - af3859464779471211bb8424a563abc2 + - af3859464779471211bb8424a563abc3 + reassignTo: + type: object + properties: + id: + type: string + description: The identity ID to which the review is being assigned. + example: ef38f94347e94562b5bb8424a56397d8 + type: + type: string + description: The type of the ID provided. + enum: + - IDENTITY + example: IDENTITY + reason: + type: string + description: Comment to explain why the certification was reassigned + example: reassigned for some reason + responses: + '202': + description: The reassign task that has been submitted. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the certification task. + example: 2c918086719eec070171a7e3355a360a + type: + type: string + description: The type of the certification task. More values may be added in the future. + enum: + - REASSIGN + - ADMIN_REASSIGN + - COMPLETE_CERTIFICATION + - FINISH_CERTIFICATION + - COMPLETE_CAMPAIGN + - ACTIVATE_CAMPAIGN + - CAMPAIGN_CREATE + - CAMPAIGN_DELETE + example: ADMIN_REASSIGN + targetType: + type: string + description: The type of item that is being operated on by this task whose ID is stored in the targetId field. + enum: + - CERTIFICATION + - CAMPAIGN + example: CAMPAIGN + targetId: + type: string + description: The ID of the item being operated on by this task. + example: 2c918086719eec070171a7e3355a834c + status: type: string - description: Unique tracking id for the error. - example: e7eab60924f64aa284175b9fa3309599 - messages: + description: The status of the task. + enum: + - QUEUED + - IN_PROGRESS + - SUCCESS + - ERROR + example: QUEUED + errors: + description: A list of errors that have been encountered by the task. type: array - description: Generic localized reason for error items: type: object properties: @@ -19045,240 +20491,41 @@ paths: type: string description: Actual text of the error message in the indicated locale. example: The request was syntactically correct but its content is semantically invalid. - causes: + reassignmentTrailDTOs: + description: Reassignment trails that lead to self certification identity type: array - description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field items: type: object properties: - locale: + previousOwner: type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: + description: The ID of previous owner identity. + example: ef38f94347e94562b5bb8424a56397d8 + newOwner: type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: + description: The ID of new owner identity. + example: ef38f94347e94562b5bb8424a56397a3 + reassignmentType: type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - examples: - '500': - summary: An example of a 500 response object - value: - detailCode: 500.0 Internal Fault - trackingId: b21b1f7ce4da4d639f2c62a57171b427 - messages: - - locale: en-US - localeOrigin: DEFAULT - text: An internal fault occurred. - patch: - operationId: updateCampaign - tags: - - Certification Campaigns - summary: Update a Campaign - description: 'Allows updating individual fields on a campaign using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.' - security: - - UserContextAuth: - - 'idn:campaign:update' - - 'idn:campaign:read' - parameters: - - in: path - name: id - schema: - type: string - required: true - description: The ID of the campaign template being modified. - example: 2c91808571bcfcf80171c23e4b4221fc - requestBody: - required: true - description: | - A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. - The fields that can be patched differ based on the status of the campaign. - - In the *STAGED* status, the following fields can be patched: - * name - * description - * recommendationsEnabled - * deadline - * emailNotificationEnabled - * autoRevokeAllowed - - In the *ACTIVE* status, the following fields can be patched: - * deadline - content: - application/json-patch+json: - schema: - type: array - items: - type: object - description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' - required: - - op - - path - properties: - op: - type: string - description: The operation to be performed - enum: - - add - - remove - - replace - - move - - copy - - test - example: replace - path: - type: string - description: A string JSON Pointer representing the target path to an element to be affected by the operation - example: /description - value: - anyOf: - - type: string - - type: integer - - type: object - - type: array - items: - anyOf: - - type: string - - type: integer - - type: object - description: 'The value to be used for the operation, required for "add" and "replace" operations' - example: New description - example: - - op: replace - path: /name - value: This field has been updated! - - op: copy - from: /name - path: /description - responses: - '200': - description: 'Indicates the PATCH operation succeeded, and returns the campaign''s new representation.' - content: - application/json: - schema: - type: object - title: Slim Campaign - required: - - name - - description - - type - properties: - id: - type: string - readOnly: true - description: Id of the campaign - example: 2c9079b270a266a60170a2779fcb0007 - name: - description: 'The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' - type: string - example: Manager Campaign - description: - type: string - description: 'The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.' - example: Everyone needs to be reviewed by their manager - deadline: - type: string - format: date-time - description: The campaign's completion deadline. - example: '2020-03-15T10:00:01.456Z' - type: - type: string - description: The type of campaign. Could be extended in the future. - enum: - - MANAGER - - SOURCE_OWNER - - SEARCH - - ROLE_COMPOSITION - example: MANAGER - emailNotificationEnabled: - type: boolean - description: Enables email notification for this campaign - default: false - example: false - autoRevokeAllowed: - type: boolean - description: Allows auto revoke for this campaign - default: false - example: false - recommendationsEnabled: - type: boolean - description: Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future. - default: false - example: true - status: - type: string - description: The campaign's current status. - readOnly: true - enum: - - PENDING - - STAGED - - CANCELING - - ACTIVATING - - ACTIVE - - COMPLETING - - COMPLETED - - ERROR - - ARCHIVED - example: ACTIVE - correlatedStatus: - type: string - description: The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source). - enum: - - CORRELATED - - UNCORRELATED - example: CORRELATED - examples: - Manager: - value: - id: 2c918086719eec070171a7e3355a360a - name: Manager Review - description: A review of everyone's access by their manager. - deadline: '2020-12-25T06:00:00.123Z' - type: MANAGER - status: ACTIVE - emailNotificationEnabled: false - autoRevokeAllowed: false - recommendationsEnabled: false - Search: - value: - id: 7e1a731e3fb845cfbe58112ba4673ee4 - name: Search Campaign - description: Search Campaign Info - deadline: 2022-07-26T15:42:44.000Z - type: SEARCH - status: ACTIVE - emailNotificationEnabled: false - autoRevokeAllowed: false - recommendationsEnabled: false - Source Owner: - value: - id: 2c918086719eec070171a7e3355a412b - name: AD Source Review - description: A review of our AD source. - deadline: '2020-12-25T06:00:00.123Z' - type: SOURCE_OWNER - status: STAGED - emailNotificationEnabled: true - autoRevokeAllowed: false - recommendationsEnabled: false - correlatedStatus: CORRELATED - RoleComposition: - value: - id: 3b2e2e5821e84127b6d693d41c40623b - name: Role Composition Campaign - description: A review done by a role owner. - deadline: 2020-12-25T06:00:00.468Z - type: ROLE_COMPOSITION - status: ACTIVE - emailNotificationEnabled: false - autoRevokeAllowed: false - recommendationsEnabled: false + description: The type of reassignment. + example: AUTOMATIC_REASSIGNMENT + example: + previousOwner: ef38f94347e94562b5bb8424a56397d8 + newOwner: ef38f94347e94562b5bb8424a56397a3 + reassignmentType: AUTOMATIC_REASSIGNMENT + created: + type: string + description: The date and time on which this task was created. + format: date-time + example: '2020-09-24T18:10:47.693Z' + example: + id: 2c918086719eec070171a7e3355a360a + type: ADMIN_REASSIGN + targetType: CAMPAIGN + targetId: 2c918086719eec070171a7e3355a834c + status: QUEUED + errors: [] + created: '2020-09-24T18:10:47.693Z' '400': description: Client Error - Returned if the request body is invalid. content: @@ -19557,160 +20804,46 @@ paths: - locale: en-US localeOrigin: DEFAULT text: An internal fault occurred. - '/campaigns/{id}/reassign': + '/campaigns/{id}/activate': post: - security: - - UserContextAuth: - - 'idn:certification:write' - operationId: move + operationId: startCampaign tags: - Certification Campaigns - summary: Reassign Certifications - description: This API reassigns the specified certifications from one identity to another. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. - parameters: - - in: path - name: id - schema: - type: string - required: true - description: The certification campaign ID - example: ef38f94347e94562b5bb8424a56397d8 + summary: Activate a Campaign + description: |- + Submits a job to activate the campaign with the given Id. The campaign must be staged. + Requires roles of CERT_ADMIN and ORG_ADMIN + security: + - UserContextAuth: + - 'idn:campaign:update' requestBody: - required: true + description: 'Optional. If no timezone is specified, the standard UTC timezone is used (i.e. UTC+00:00). Although this can take any timezone, the intended value is the caller''s timezone. The activation time calculated from the given timezone may cause the campaign deadline time to be modified, but it will remain within the original date. The timezone must be in a valid ISO 8601 format.' + required: false content: application/json: schema: type: object properties: - certificationIds: - description: List of certification IDs to reassign - type: array - items: - type: string - minItems: 1 - maxItems: 250 - example: - - af3859464779471211bb8424a563abc1 - - af3859464779471211bb8424a563abc2 - - af3859464779471211bb8424a563abc3 - reassignTo: - type: object - properties: - id: - type: string - description: The identity ID to which the review is being assigned. - example: ef38f94347e94562b5bb8424a56397d8 - type: - type: string - description: The type of the ID provided. - enum: - - IDENTITY - example: IDENTITY - reason: + timeZone: type: string - description: Comment to explain why the certification was reassigned - example: reassigned for some reason + description: 'The timezone must be in a valid ISO 8601 format. Timezones in ISO 8601 are represented as UTC (represented as ''Z'') or as an offset from UTC. The offset format can be +/-hh:mm, +/-hhmm, or +/-hh.' + default: Z + example: '-05:00' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The campaign id + example: ef38f94347e94562b5bb8424a56397d8 responses: '202': - description: The reassign task that has been submitted. + description: Accepted - Returned if the request was successfully accepted into the system. content: application/json: schema: type: object - properties: - id: - type: string - description: The ID of the certification task. - example: 2c918086719eec070171a7e3355a360a - type: - type: string - description: The type of the certification task. More values may be added in the future. - enum: - - REASSIGN - - ADMIN_REASSIGN - - COMPLETE_CERTIFICATION - - FINISH_CERTIFICATION - - COMPLETE_CAMPAIGN - - ACTIVATE_CAMPAIGN - - CAMPAIGN_CREATE - - CAMPAIGN_DELETE - example: ADMIN_REASSIGN - targetType: - type: string - description: The type of item that is being operated on by this task whose ID is stored in the targetId field. - enum: - - CERTIFICATION - - CAMPAIGN - example: CAMPAIGN - targetId: - type: string - description: The ID of the item being operated on by this task. - example: 2c918086719eec070171a7e3355a834c - status: - type: string - description: The status of the task. - enum: - - QUEUED - - IN_PROGRESS - - SUCCESS - - ERROR - example: QUEUED - errors: - description: A list of errors that have been encountered by the task. - type: array - items: - type: object - properties: - locale: - type: string - description: 'The locale for the message text, a BCP 47 language tag.' - example: en-US - localeOrigin: - type: string - enum: - - DEFAULT - - REQUEST - description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' - example: DEFAULT - text: - type: string - description: Actual text of the error message in the indicated locale. - example: The request was syntactically correct but its content is semantically invalid. - reassignmentTrailDTOs: - description: Reassignment trails that lead to self certification identity - type: array - items: - type: object - properties: - previousOwner: - type: string - description: The ID of previous owner identity. - example: ef38f94347e94562b5bb8424a56397d8 - newOwner: - type: string - description: The ID of new owner identity. - example: ef38f94347e94562b5bb8424a56397a3 - reassignmentType: - type: string - description: The type of reassignment. - example: AUTOMATIC_REASSIGNMENT - example: - previousOwner: ef38f94347e94562b5bb8424a56397d8 - newOwner: ef38f94347e94562b5bb8424a56397a3 - reassignmentType: AUTOMATIC_REASSIGNMENT - created: - type: string - description: The date and time on which this task was created. - format: date-time - example: '2020-09-24T18:10:47.693Z' - example: - id: 2c918086719eec070171a7e3355a360a - type: ADMIN_REASSIGN - targetType: CAMPAIGN - targetId: 2c918086719eec070171a7e3355a834c - status: QUEUED - errors: [] - created: '2020-09-24T18:10:47.693Z' '400': description: Client Error - Returned if the request body is invalid. content: @@ -19989,31 +21122,44 @@ paths: - locale: en-US localeOrigin: DEFAULT text: An internal fault occurred. - '/campaigns/{id}/activate': + '/campaigns/{id}/complete': post: - operationId: startCampaign + operationId: completeCampaign tags: - Certification Campaigns - summary: Activate a Campaign - description: |- - Submits a job to activate the campaign with the given Id. The campaign must be staged. + summary: Complete a Campaign + description: | + :::caution + + This endpoint will run successfully for any campaigns that are **past due**. + + This endpoint will return a content error if the campaign is **not past due**. + + ::: + + Completes a certification campaign. This is provided to admins so that they + can complete a certification even if all items have not been completed. + Requires roles of CERT_ADMIN and ORG_ADMIN security: - - UserContextAuth: + - oauth2: - 'idn:campaign:update' requestBody: - description: 'Optional. If no timezone is specified, the standard UTC timezone is used (i.e. UTC+00:00). Although this can take any timezone, the intended value is the caller''s timezone. The activation time calculated from the given timezone may cause the campaign deadline time to be modified, but it will remain within the original date. The timezone must be in a valid ISO 8601 format.' + description: 'Optional. Default behavior is for the campaign to auto-approve upon completion, unless autoCompleteAction=REVOKE' required: false content: application/json: schema: type: object properties: - timeZone: + autoCompleteAction: + description: Determines whether to auto-approve(APPROVE) or auto-revoke(REVOKE) upon campaign completion. type: string - description: 'The timezone must be in a valid ISO 8601 format. Timezones in ISO 8601 are represented as UTC (represented as ''Z'') or as an offset from UTC. The offset format can be +/-hh:mm, +/-hhmm, or +/-hh.' - default: Z - example: '-05:00' + enum: + - APPROVE + - REVOKE + default: APPROVE + example: REVOKE parameters: - in: path name: id @@ -20307,52 +21453,32 @@ paths: - locale: en-US localeOrigin: DEFAULT text: An internal fault occurred. - '/campaigns/{id}/complete': + /campaigns/delete: post: - operationId: completeCampaign + operationId: deleteCampaigns tags: - Certification Campaigns - summary: Complete a Campaign - description: | - :::caution - - This endpoint will run successfully for any campaigns that are **past due**. - - This endpoint will return a content error if the campaign is **not past due**. - - ::: - - Completes a certification campaign. This is provided to admins so that they - can complete a certification even if all items have not been completed. - - Requires roles of CERT_ADMIN and ORG_ADMIN + summary: Deletes Campaigns + description: Deletes campaigns whose Ids are specified in the provided list of campaign Ids. Authorized callers must be an ORG_ADMIN or a CERT_ADMIN. security: - oauth2: - - 'idn:campaign:update' + - 'idn:campaign:delete' requestBody: - description: 'Optional. Default behavior is for the campaign to auto-approve upon completion, unless autoCompleteAction=REVOKE' - required: false + description: The ids of the campaigns to delete. + required: true content: application/json: schema: type: object properties: - autoCompleteAction: - description: Determines whether to auto-approve(APPROVE) or auto-revoke(REVOKE) upon campaign completion. - type: string - enum: - - APPROVE - - REVOKE - default: APPROVE - example: REVOKE - parameters: - - in: path - name: id - schema: - type: string - required: true - description: The campaign id - example: ef38f94347e94562b5bb8424a56397d8 + ids: + description: The ids of the campaigns to delete + type: array + items: + type: string + example: + - 2c9180887335cee10173490db1776c26 + - 2c9180836a712436016a7125a90c0021 responses: '202': description: Accepted - Returned if the request was successfully accepted into the system.