This Collection details the Supported methods for Saviynt Security Manager v5.5-SP3
\nVersioning
\nSSMv5.5-SP2 :
\nhttps://documenter.getpostman.com/view/1797923/SzzgAepY?version=latest
\nSSMv5.5.0 :
\nhttps://documenter.getpostman.com/view/1797923/SzKN22aV?version=latest
\nThe SSM APIs are versioned APIs. Any updates to a version are considered non-breaking to ensure the integration do not break. Breaking changes such as an addition of a new required field will be released as a new version of the API.
\nSyntax used in the API URLs:
\n{{url}}/ECM/{{path}}/apiName
\nexample -
\n{{url}} - https://example.saviyntcloud.com
{{path}} - Use api/v5 for SSM 5.2 or newer versions, Use api for older versions of SSM.
The Bearer Authentication scheme is dedicated to the authentication using a token and is described by the RFC6750. Even if this scheme comes from an OAuth2 specification, you can still use it as a way to exchange between a client and a server.
The SSM API currently requires the HTTP authentication scheme Bearer for authentication. All requests must have a valid Token specified in the HTTP Authorization header with the Bearer scheme.
\n\n{{url}}/ECM/api/login
\n
A POST request by passing 'username' and 'password' in json text in the body, will return a Token in the response which can be passed in a header variable for subsequent requests
Saviynt Security Manager supports OAuth2.0 . OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications. For more information refer link below.
\n\n","urlObject":{"path":["ECM","oauth","access_token"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"54be6c9c-9776-4cad-a2e6-a31a9a04adf4","name":"Refresh Token","originalRequest":{"method":"POST","header":[],"body":{"mode":"urlencoded","urlencoded":[{"key":"grant_type","value":"refresh_token","type":"text"},{"key":"refresh_token","value":"************","sessionValue":"************","type":"text"}]},"url":"{{url}}/ECM/oauth/access_token","description":"Saviynt Security Manager supports OAuth2.0 . OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications. For more information refer link below.\n\n[OAuth 2.0 documentation](https://oauth.net/2/)\n"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Cache-Control","value":"no-store","name":"Cache-Control","description":"Tells all caching mechanisms from server to client whether they may cache this object. It is measured in seconds"},{"key":"Content-Type","value":"application/json;charset=UTF-8","name":"Content-Type","description":"The mime type of this content"},{"key":"Date","value":"Mon, 20 Aug 2018 17:49:19 GMT","name":"Date","description":"The date and time that the message was sent"},{"key":"Pragma","value":"no-cache","name":"Pragma","description":"Implementation-specific headers that may have various effects anywhere along the request-response chain."},{"key":"Server","value":"Apache-Coyote/1.1","name":"Server","description":"A name for the server"},{"key":"Transfer-Encoding","value":"chunked","name":"Transfer-Encoding","description":"The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity."},{"key":"X-Frame-Options","value":"SAMEORIGIN","name":"X-Frame-Options","description":"Clickjacking protection: \"deny\" - no rendering within a frame, \"sameorigin\" - no rendering if origin mismatch"}],"cookie":[{"expires":"Invalid Date","httpOnly":true,"domain":"localhost","path":"/ECM/","secure":false,"value":"58A49B9FD27B04268096AD97BC3608FF","key":"JSESSIONID"},{"expires":"Invalid Date","httpOnly":false,"domain":"localhost","path":"/","secure":false,"value":"1288a01a-0b90-4d9e-83b4-cbc66ba918be","key":"CCSRF-TOKEN"}],"responseTime":null,"body":"{\n \"username\": \"admin\",\n \"roles\": [\n \"ROLE_ADMIN\"\n ],\n \"token_type\": \"Bearer\",\n \"access_token\": \"newaccesstoken\",\n \"expires_in\": 1800,\n \"refresh_token\": \"\"\n}"}],"_postman_id":"74579b46-f6d9-4aff-add5-e60987093557"}],"id":"805907d6-6279-43a8-ad62-6290c2f41e44","_postman_id":"805907d6-6279-43a8-ad62-6290c2f41e44","description":""},{"name":"2.0 Identity Administration","item":[{"name":"Users","item":[{"name":"Create User","id":"5d5811bd-11a5-42b6-abe2-cd748794a096","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"Authorization","value":"Bearer {{token}}"}],"body":{"mode":"raw","raw":"{\n\"username\":\"johndoe\",\n\"firstname\":\"myfirstname\",\n\"startdate\":\"10-18-2018\",\n\"enddate\":\"10-11-2019\",\n\"statuskey\":\"1\",\n\"passwordExpired\":\"true\",\n\"enabled\": \"true\",\n\"accountExpired\":\"true\",\n\"accountLocked\":\"false\",\n\"allowpastdate\":\"true\"\n}"},"url":"{{url}}/ECM/{{path}}/createUser","description":"This API can be used to on-board or create a new user.
\nThe Authorization must have Bearer followed by Token.
Optional Parameters:
\nvalidateagainstpolicy - Values: Y/N, default is Y. Checks for the password policy,
statuskey - Values:1/0, 0 - Inactive, 1 - Active (default),
allowpastdate - true / false (default). If true, allows startdate to be less than current date,
User params like \n username,\n firstname, \n preferedFirstName,\n lastname,\n middlename,\n street,\n city,\n comments,\n statuskey,\n startdate(MM-dd-yyyy),\n enddate(MM-dd-yyyy),\n manager (manager username),\n password,\n location,\n jobCode,\n jobDescription,\n employeeType,\n departmentNumber,\n title,\n state,\n companyname,\n costcenter,\n departmentname,\n employeeclass,\n entity,\n jobcodedesc,\n locationdesc,\n locationnumber,\n siteid,\n orgunitid,\n region,\n regioncode,\n owner,\n employeeid,\n lastsyncdate,\n createdate,\n email,\n phonenumber,\n job_function,\n country,\n displayname,\n enabled(can be \"1\"/\"true\" or \"0\"/\"false\"),\n passwordExpired(can be \"1\"/\"true\" or \"0\"/\"false\"),\n accountExpired(can be \"1\"/\"true\" or \"0\"/\"false\"),\n accountLocked(can be \"1\"/\"true\" or \"0\"/\"false\"),\n secondaryManager,\n createdBy,\n termDate,\n vendorManager,\n secondaryPhone,\n secondaryEmail,\n customproperty<1-50>,\n hcp<1-5>,\n ecp<1-5>,
securityQuestions -
Example: \n\"securityQuestions\":[\n {\n \"securityQuestion\":\"What is your first Pet's name?\",\n \"securityAnswer\":\"kitty\"\n },\n {\n \"securityQuestion\":\"What is your favorite food?\",\n \"securityAnswer\":\"food\"\n }\n ],
\ninlineruleevaluation - true/ false (default is true), if true then rules will be evaluated immediately, if false rules will be evaluated by a job.
batchidentifier - When inlineruleevaluation=false, this Rule Run Unique Identifier can be set and user update rules can be processed later by calling /api/processrules API
It's highly recommended to pass inlineruleevaluation:\"false\" for bulk load and call processrules api to evaluate and run the rules after the load is done.
\n","urlObject":{"path":["ECM","{{path}}","createUser"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"6def8cc3-0400-4333-9282-e260a5871007","name":"Create User","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"Authorization","value":"Bearer {{token}}"}],"body":{"mode":"raw","raw":"{\n\"username\":\"johndoe\",\n\"firstname\":\"myfirstname\",\n\"startdate\":\"10-18-2018\",\n\"enddate\":\"10-11-2019\",\n\"statuskey\":\"1\",\n\"passwordExpired\":\"true\",\n\"enabled\": \"true\",\n\"accountExpired\":\"true\",\n\"accountLocked\":\"false\",\n\"allowpastdate\":\"true\"\n}"},"url":"{{url}}/ECM/{{path}}/createUser","description":"This API can be used to on-board or create a new user.\r\n\r\nThe `Authorization` must have `Bearer` followed by `Token`. \r\n\r\nOptional Parameters:\r\n\r\n`validateagainstpolicy` - Values: Y/N, default is Y. Checks for the password policy,\r\n\r\n`statuskey` - Values:1/0, 0 - Inactive, 1 - Active (default),\r\n\r\n`allowpastdate` - true / false (default). If true, allows startdate to be less than current date,\r\n\r\n`User params` like \r\n\tusername,\r\n firstname, \r\n preferedFirstName,\r\n lastname,\r\n middlename,\r\n street,\r\n city,\r\n comments,\r\n statuskey,\r\n startdate(MM-dd-yyyy),\r\n enddate(MM-dd-yyyy),\r\n manager (manager username),\r\n password,\r\n location,\r\n jobCode,\r\n jobDescription,\r\n employeeType,\r\n departmentNumber,\r\n title,\r\n state,\r\n companyname,\r\n costcenter,\r\n departmentname,\r\n employeeclass,\r\n entity,\r\n jobcodedesc,\r\n locationdesc,\r\n locationnumber,\r\n siteid,\r\n orgunitid,\r\n region,\r\n regioncode,\r\n owner,\r\n employeeid,\r\n lastsyncdate,\r\n createdate,\r\n email,\r\n phonenumber,\r\n job_function,\r\n country,\r\n displayname,\r\n enabled(can be \"1\"/\"true\" or \"0\"/\"false\"),\r\n passwordExpired(can be \"1\"/\"true\" or \"0\"/\"false\"),\r\n\taccountExpired(can be \"1\"/\"true\" or \"0\"/\"false\"),\r\n\taccountLocked(can be \"1\"/\"true\" or \"0\"/\"false\"),\r\n secondaryManager,\r\n createdBy,\r\n termDate,\r\n vendorManager,\r\n secondaryPhone,\r\n secondaryEmail,\r\n customproperty<1-50>,\r\n hcp<1-5>,\r\n ecp<1-5>,\r\n\r\n`securityQuestions` - \r\n\r\nExample: \r\n\"securityQuestions\":[\r\n\t\t{\r\n\t\t\t\"securityQuestion\":\"What is your first Pet's name?\",\r\n\t\t\t\"securityAnswer\":\"kitty\"\r\n\t\t},\r\n\t\t{\r\n\t\t\t\"securityQuestion\":\"What is your favorite food?\",\r\n\t\t\t\"securityAnswer\":\"food\"\r\n\t\t}\r\n\t\t],\r\n\t\t\r\n`inlineruleevaluation` - true/ false (default is true), if true then rules will be evaluated immediately, if false rules will be evaluated by a job.\r\n\r\n`batchidentifier` - When inlineruleevaluation=false, this Rule Run Unique Identifier can be set and user update rules can be processed later by calling /api/processrules API\r\n\r\n***It's highly recommended to pass inlineruleevaluation:\"false\" for bulk load and call processrules api to evaluate and run the rules after the load is done.***"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"text/json;charset=utf-8","name":"Content-Type","description":"The mime type of this content"},{"key":"Date","value":"Sat, 11 Aug 2018 00:50:48 GMT","name":"Date","description":"The date and time that the message was sent"},{"key":"Server","value":"Apache-Coyote/1.1","name":"Server","description":"A name for the server"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=efce7cb9-bea7-455f-9d19-545da8092b72; Path=/","name":"Set-Cookie","description":"an HTTP cookie"},{"key":"Transfer-Encoding","value":"chunked","name":"Transfer-Encoding","description":"The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity."},{"key":"X-Frame-Options","value":"SAMEORIGIN","name":"X-Frame-Options","description":"Clickjacking protection: \"deny\" - no rendering within a frame, \"sameorigin\" - no rendering if origin mismatch"}],"cookie":[{"expires":"Invalid Date","httpOnly":true,"domain":"localhost","path":"/ECM/","secure":false,"value":"3E51BBD374A6BE5267D929A97E040981","key":"JSESSIONID"},{"expires":"Invalid Date","httpOnly":false,"domain":"localhost","path":"/","secure":false,"value":"efce7cb9-bea7-455f-9d19-545da8092b72","key":"CCSRF-TOKEN"}],"responseTime":null,"body":"{\n \"errorCode\": \"0\",\n \"message\": \" Users created with username johndoe \"\n}"}],"_postman_id":"5d5811bd-11a5-42b6-abe2-cd748794a096"},{"name":"Update User","id":"5e6acb36-5804-4301-bda3-9cf3ba14c402","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"},{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"username\": \"A030592\",\n \"lastname\":\"Tutor\",\n \"firstname\":\"Abel\",\n \"ecp1\":\"ecp12\",\n \"hcp1\":\"hcp12\",\n \"enabled\":\"1\",\n \"manager\":\"A007825\"\n}"},"url":"{{url}}/ECM/{{path}}/updateUser","description":"This method updates a specific \"user\" record in SSM, based on the input parameter username of the relevant user.
All the input parameters it requires are attributes which could be updated for the relevant user record. The attributes which are supplied with valid values as input to the method, will get updated, if the operation is successfully executed.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\n username
Optional params:
\nvalidateagainstpolicy - Values: Y/N, default is Y. Checks for the password policy,
allowpastdate - true / false (default). If true, allows startdate to be less than current date,
statuskey - Values:1/0, 0 - Inactive, 1 - Active,
updatedusername - update username,
User params like\n firstname, \n preferedFirstName,\n lastname,\n middlename,\n street,\n city,\n comments,\n statuskey,\n startdate(MM-dd-yyyy),\n enddate(MM-dd-yyyy),\n manager (manager username),\n password,\n location,\n jobCode,\n jobDescription,\n employeeType,\n systemUserName,\n departmentNumber,\n title,\n state,\n companyname,\n costcenter,\n departmentname,\n employeeclass,\n entity,\n jobcodedesc,\n locationdesc,\n locationnumber,\n siteid,\n orgunitid,\n region,\n regioncode,\n owner,\n employeeid,\n lastsyncdate,\n createdate,\n email,\n phonenumber,\n job_function,\n country,\n displayname,\n enabled(can be \"1\"/\"true\" or \"0\"/\"false\"),\n passwordExpired(can be \"1\"/\"true\" or \"0\"/\"false\"),\n accountExpired(can be \"1\"/\"true\" or \"0\"/\"false\"),\n accountLocked(can be \"1\"/\"true\" or \"0\"/\"false\"),\n secondaryManager,\n createdBy,\n termDate,\n vendorManager,\n secondaryPhone,\n secondaryEmail,\n customproperty<1-50>,\n hcp<1-5>,\n ecp<1-5>,
securityQuestions -
Example: \n\"securityQuestions\":[\n {\n \"securityQuestion\":\"What is your first Pet's name?\",\n \"securityAnswer\":\"kitty\"\n },\n {\n \"securityQuestion\":\"What is your favorite food?\",\n \"securityAnswer\":\"food\"\n }\n ],
\ninlineruleevaluation - true/ false (default is true), if true then rules will be evaluated immediately, if false rules will be evaluated by a job.
batchidentifier - When inlineruleevaluation=false, this Rule Run Unique Identifier can be set and user update rules can be processed later by calling /api/processrules API
batchidentifier - When inlineruleevaluation=false, this Rule Run Unique Identifier can be set and user update rules can be processed later by calling /api/processrules API
It's highly recommended to pass inlineruleevaluation:\"false\" for bulk load and call processrules api to evaluate and run the rules after the load is done.
\n","urlObject":{"path":["ECM","{{path}}","updateUser"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"64e9563a-20e4-4c66-b759-3581081fcd29","name":"Update User - Inactive Manager","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"},{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"username\": \"A030592\",\n \"lastname\":\"Tutor\",\n \"firstname\":\"Abel\",\n \"ecp1\":\"ecp12\",\n \"hcp1\":\"hcp12\",\n \"enabled\":\"1\",\n \"manager\":\"A007825\"\n}"},"url":"{{url}}/ECM/{{path}}/updateUser"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Apache-Coyote/1.1"},{"key":"X-Frame-Options","value":"DENY"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubdomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"same-origin"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"Access-Control-Allow-Origin","value":"http://localhost"},{"key":"Expires","value":"Sun, 7 May 1995 12:00:00 GMT"},{"key":"Cache-Control","value":"no-store, no-cache, must-revalidate"},{"key":"Cache-Control","value":"post-check=0, pre-check=0"},{"key":"Pragma","value":"no-cache"},{"key":"Set-Cookie","value":"JSESSIONID=1B9802B4352622F5EFB015EBC06E55DC; Path=/ECM/; HttpOnly"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=b4c5696d-d9c3-4df2-bc0e-23ef6e0ab870; Path=/"},{"key":"Content-Type","value":"text/json;charset=utf-8"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Fri, 04 Dec 2020 02:16:57 GMT"}],"cookie":[],"responseTime":null,"body":"{\n \"errorCode\": \"0\",\n \"message\": \" manager with username A007825 is inactive. User Updated Successfully\"\n}"},{"id":"df736115-6d99-44f1-b90b-46abadec6a0a","name":"Update User","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"},{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"username\": \"A030592\",\n \"lastname\":\"Tutor\",\n \"firstname\":\"Abel\",\n \"ecp1\":\"ecp12\",\n \"hcp1\":\"hcp12\",\n \"enabled\":\"1\",\n \"manager\":\"A007825\"\n}"},"url":"{{url}}/ECM/{{path}}/updateUser","description":"This method updates a specific \"user\" record in SSM, based on the input parameter `username` of the relevant user. \n\nAll the input parameters it requires are attributes which could be updated for the relevant user record. The attributes which are supplied with valid values as input to the method, will get updated, if the operation is successfully executed.\n\nThe `Authorization` must have `Bearer` followed by `Token`.\n\nMandatory params:\n\t`username`\n\nOptional params:\n\n`validateagainstpolicy` - Values: Y/N, default is Y. Checks for the password policy,\n\n`allowpastdate` - true / false (default). If true, allows startdate to be less than current date,\n\n`statuskey` - Values:1/0, 0 - Inactive, 1 - Active,\n\n`updatedusername` - update username,\n\n`User params` like\n firstname, \n preferedFirstName,\n lastname,\n middlename,\n street,\n city,\n comments,\n statuskey,\n startdate(MM-dd-yyyy),\n enddate(MM-dd-yyyy),\n manager (manager username),\n password,\n location,\n jobCode,\n jobDescription,\n employeeType,\n systemUserName,\n departmentNumber,\n title,\n state,\n companyname,\n costcenter,\n departmentname,\n employeeclass,\n entity,\n jobcodedesc,\n locationdesc,\n locationnumber,\n siteid,\n orgunitid,\n region,\n regioncode,\n owner,\n employeeid,\n lastsyncdate,\n createdate,\n email,\n phonenumber,\n job_function,\n country,\n displayname,\n enabled(can be \"1\"/\"true\" or \"0\"/\"false\"),\n passwordExpired(can be \"1\"/\"true\" or \"0\"/\"false\"),\n\taccountExpired(can be \"1\"/\"true\" or \"0\"/\"false\"),\n\taccountLocked(can be \"1\"/\"true\" or \"0\"/\"false\"),\n secondaryManager,\n createdBy,\n termDate,\n vendorManager,\n secondaryPhone,\n secondaryEmail,\n customproperty<1-50>,\n hcp<1-5>,\n ecp<1-5>,\n \n `securityQuestions` - \n\nExample: \n\"securityQuestions\":[\n\t\t{\n\t\t\t\"securityQuestion\":\"What is your first Pet's name?\",\n\t\t\t\"securityAnswer\":\"kitty\"\n\t\t},\n\t\t{\n\t\t\t\"securityQuestion\":\"What is your favorite food?\",\n\t\t\t\"securityAnswer\":\"food\"\n\t\t}\n\t\t],\n\t\t\n`inlineruleevaluation` - true/ false (default is true), if true then rules will be evaluated immediately, if false rules will be evaluated by a job.\n\n`batchidentifier` - When inlineruleevaluation=false, this Rule Run Unique Identifier can be set and user update rules can be processed later by calling /api/processrules API\n\n`batchidentifier` - When inlineruleevaluation=false, this Rule Run Unique Identifier can be set and user update rules can be processed later by calling /api/processrules API\n\n***It's highly recommended to pass inlineruleevaluation:\"false\" for bulk load and call processrules api to evaluate and run the rules after the load is done.***"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"text/json;charset=utf-8","name":"Content-Type","description":"The mime type of this content"},{"key":"Date","value":"Wed, 08 Aug 2018 01:16:56 GMT","name":"Date","description":"The date and time that the message was sent"},{"key":"Server","value":"Apache-Coyote/1.1","name":"Server","description":"A name for the server"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=7c45cb82-b27f-44bc-8e66-677c2b2ead05; Path=/","name":"Set-Cookie","description":"an HTTP cookie"},{"key":"Transfer-Encoding","value":"chunked","name":"Transfer-Encoding","description":"The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity."},{"key":"X-Frame-Options","value":"SAMEORIGIN","name":"X-Frame-Options","description":"Clickjacking protection: \"deny\" - no rendering within a frame, \"sameorigin\" - no rendering if origin mismatch"}],"cookie":[{"expires":"Invalid Date","httpOnly":true,"domain":"localhost","path":"/ECM/","secure":false,"value":"0FBD55220B37C2F9489B9695C490BFEC","key":"JSESSIONID"},{"expires":"Invalid Date","httpOnly":false,"domain":"localhost","path":"/","secure":false,"value":"7c45cb82-b27f-44bc-8e66-677c2b2ead05","key":"CCSRF-TOKEN"}],"responseTime":null,"body":"{\"errorCode\":\"0\",\"message\":\"SUCCESS User Updated Successfully\"}"}],"_postman_id":"5e6acb36-5804-4301-bda3-9cf3ba14c402"},{"name":"Process Rules","id":"01a1c854-b2bd-4a62-a1be-3382f4ca9945","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Authorization","type":"text","value":"Bearer {{token}}"},{"key":"Content-Type","name":"Content-Type","type":"text","value":"application/json"}],"body":{"mode":"raw","raw":"{\n\t\"jobidstoprocess\" : \"0\",\n\t\"runzerodayrules\" : \"true\",\n\t\"totaljobstorun\" : \"2\",\n\t\"fetchroles\" : \"true\",\n\t\"batchidentifier\" : \"1607981747665\"\n}"},"url":"{{url}}/ECM/api/processrules","description":"This API will process unprocessed data and will be evaulated as per the user update rules defined.
\nThe Authorization must have Bearer followed by Token.
Optional params:
\njobidstoprocess - parent jobid from userrulerundata table
runzerodayrules - Can be true/false(Default - false)
totaljobstorun - Total number of jobs to run (Default - 2)
fetchroles - Can be true/false
batchidentifier - Unique identifier that is defined at the time of createUser/updateUser API call.
This method returns a List of Users in SSM.
The Authorization must have Bearer followed by Token.
Optional params:
\nusername - Specify the username for which you want to get the user attribute details,
responsefields - User attributes which you want to see in the response(for encrypted values, mention ecp<1-5>, and for hashed values, mention hcp<1-5>),
max,
offset,
sort,
order - asc/desc,
manager - username,
secondarymanager - userkey OR secondaryManager - username
showsecurityanswers - \"0\"/\"1\" to display encrypted security answers for the user
\n
filtercriteria - User fields based on which you want to get the user attribute details(including userkey),
OR
\nsearchCriteria - search for a user based on the string passed (eg - “*ab*” or “*ab” or “ab*”) in their firstname, lastname, displayname and username only, example - \"ab*\" - This will return all users with firstname or lastname or username starting with \"ab\"
OR
\nadvsearchcriteria - search for a user based on the string passed (eg - “*ab*” or “*ab” or “ab*”), example - {\"username\":\"a*\", \"firstname\":\"*b\"} - This will return all users with username starting with \"a\" AND firstname ending with \"b\". Exact match search is applicable for types boolean, users, customer. Date can be entered in format - yyyy-MM-dd.
OR
\nuserQuery - Sample: “userQuery”:”user.customproperty1='abc' or user.displayname like '%display%'”.
Note - By default, if no responsefields param is passed, required attrs that will always return are username, email, statuskey, firstname, lastname, employeeid along with other attributes with nonblank values only.
\n","urlObject":{"path":["ECM","{{path}}","getUser"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"92f230eb-978d-4fac-a22e-96d387900242","name":"Get User Details","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"},{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\r\n\"filtercriteria\":{\"email\":\"johndoe@saviynt.com\"},\r\n\"responsefields\":[\"username\",\"statuskey\",\"firstname\"]\r\n}","options":{"raw":{"language":"json"}}},"url":"{{url}}/ECM/{{path}}/getUser"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Apache-Coyote/1.1"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubdomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"same-origin"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"Access-Control-Allow-Origin","value":"http://localhost"},{"key":"Expires","value":"Sun, 7 May 1995 12:00:00 GMT"},{"key":"Cache-Control","value":"no-store, no-cache, must-revalidate"},{"key":"Cache-Control","value":"post-check=0, pre-check=0"},{"key":"Pragma","value":"no-cache"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=fb4678c2-d70f-4f8b-82a4-6fcfe27df66c; Path=/"},{"key":"Content-Type","value":"text/json;charset=utf-8"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Fri, 13 Dec 2019 22:17:30 GMT"}],"cookie":[],"responseTime":null,"body":"{\n \"msg\": \"Successful\",\n \"displaycount\": \"1\",\n \"userlist\": [\n {\n \"firstname\": \"John\",\n \"statuskey\": \"1\",\n \"userKey\": 5,\n \"username\": \"johndoe\"\n }\n ],\n \"totalcount\": \"1\",\n \"errorCode\": \"0\"\n}"},{"id":"a652981e-cbd3-4172-b5d9-c9ee7f177617","name":"Get User Details 2","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"},{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\r\n\"filtercriteria\":{\"username\":\"lmcneil\"},\r\n\"showsecurityanswers\":\"1\"\r\n}"},"url":"{{url}}/ECM/{{path}}/getUser"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Apache-Coyote/1.1"},{"key":"X-Frame-Options","value":"DENY"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubdomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"same-origin"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"Access-Control-Allow-Origin","value":"http://localhost"},{"key":"Expires","value":"Sun, 7 May 1995 12:00:00 GMT"},{"key":"Cache-Control","value":"no-store, no-cache, must-revalidate"},{"key":"Cache-Control","value":"post-check=0, pre-check=0"},{"key":"Pragma","value":"no-cache"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=94589b88-cb05-4e05-a11d-dc62e85bb238; Path=/"},{"key":"Content-Type","value":"text/json;charset=utf-8"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Thu, 23 Jul 2020 18:46:04 GMT"}],"cookie":[],"responseTime":null,"body":"{\n \"msg\": \"Successful\",\n \"displaycount\": \"1\",\n \"userlist\": [\n {\n \"country\": \"USA\",\n \"firstname\": \"Logan\",\n \"city\": \"San Francisco\",\n \"customproperty1\": \"3aa5550b7fe348b98d7b5741afc65534\",\n \"phonenumber\": \"415789-8904\",\n \"createdate\": \"06/08/2020T10:35:46+0000\",\n \"title\": \"Chief Human Resources Officer\",\n \"employeeid\": \"21001\",\n \"failedTries\": \"0\",\n \"enabled\": \"true\",\n \"updatedate\": \"07/23/2020T18:25:58+0000\",\n \"systemUserName\": \"lmcneil\",\n \"lastPasswordUpdateDate\": \"07/23/2020T18:25:58+0000\",\n \"costcenter\": \"GMS USA\",\n \"email\": \"test@gmail.com\",\n \"accountLocked\": \"false\",\n \"savUpdateDate\": \"06/08/2020T10:36:03+0000\",\n \"preferedFirstName\": \"Logan\",\n \"userSource\": \"127\",\n \"userKey\": 12444,\n \"lastname\": \"McNeil\",\n \"encryptedSecurityAnswers\": \"lhCSZZbYyxHaRZN6L9s4IPXAIwx86J87GEXwt5wIutPnEGkywv4W9UImm9u+qlk67bTNecLwHBClApo9olYBEceyC+h4gcLrjWwLOLlJ3Wc=\",\n \"employeeType\": \"Regular\",\n \"companyname\": \"Global Modern Services, Inc. (USA)\",\n \"statuskey\": \"1\",\n \"displayname\": \"Logan McNeil\",\n \"accountExpired\": \"false\",\n \"location\": \"San Francisco\",\n \"passwordExpired\": \"false\",\n \"updateuser\": \"admin\",\n \"customer\": \"testorg\",\n \"username\": \"lmcneil\"\n }\n ],\n \"totalcount\": \"1\",\n \"errorCode\": \"0\"\n}"}],"_postman_id":"b123e8c0-0faf-43ea-8de6-730dbc161ed9"},{"name":"Get List of Users","id":"d1dfc3f5-d265-476b-a747-1d2896cd668b","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"GET","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"url":"{{url}}/ECM/{{path}}/user?q=accountExpired:0&fields=firstname,lastname,username&sort=username&order=desc&offset=2&max=2","description":"This API returns the user information from SSM. This API will return only the user attributes which are not null or blank.
\nYou can search for a user based on any parameters given below and not only the username.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nq
Optional params:\noffset,\nmax,\nsort,\norder,\ncountonly,\nfields\nshowsecurityanswers - \"0\"/\"1\" to display encrypted security answers for the user
This method grants/removes membership of a \"user\" to one or more roles in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nusername - Username for the user to whom the roles are to be granted,
rolename - comma separated values with names of roles that need to be granted,
operation (0/1) - 0:Remove and 1:Add
This API call can be used to get the user details, account details, and details of all the entitlements the user has access to.
\nThis API will return only the entitlement attributes which are not null or not empty.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nusername
Optional params:\nendpoint, max, offset, entitlementtype
This API call can be used to authenticate the user in SSM
\nThe Authorization must have Bearer followed by Token
Mandatory Params:\nusername,\npassword
This API will validate the attribute values of an existing user.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nusername
Optional params:
\nuser properties like customproperty<1-50>, hcp<1-5>, ecp<1-5>, firstname, lastname, statuskey, manager etc.
This API returns the SavRoles of an user in SSM.
\nThe Authorization must have Bearer followed by Token.
Optional params:
\nmax,offset,username
This method returns a List of \"Accounts\" in SSM.
The Authorization must have Bearer followed by Token.
Optional params:\nusername,\nendpoint,\nmax,\noffset,
advsearchcriteria - accountKey,description,comments,accounttype,status,customproperty1-customproperty56,accountID,displayName,name,creator (username),updateuser (username),validfromDate validthrough,createdon,lastlogondate,lastpasswordchange,updatedate,orphan (true/false),\naccountowner - with fields 1. type - user/ usergroup (mandatory), 2. value - username/ usergroup name (mandatory), 3. rank - 1 to 5 (optional)
Sample - \"advsearchcriteria\":{ \"status\":\"ACTIVE\",\"name\":\"john*\",\"createdon\":\"2016-12-13\",\"customproperty12\":\"*Ro*\",\"orphan\":\"true\",\"accountowner\": [\n {\n \"type\": \"user\",\n \"value\": \"janedoe\",\n \"rank\": \"1\"\n }\n ]},
\nDate can be searched with 'yyyy-MM-dd', dates and boolean are exact match.
\n","urlObject":{"path":["ECM","{{path}}","getAccounts"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"7981f771-9ecd-4551-bf59-a2245d3415a8","name":"Get Account Details","originalRequest":{"method":"POST","header":[{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"},{"key":"Authorization","value":"Bearer {{token}}"}],"body":{"mode":"raw","raw":"{\n \"advsearchcriteria\": {\n \"status\": \"ACTIVE\",\n \"name\": \"john*\",\n \"accountowner\": [\n {\n \"type\": \"user\",\n \"value\": \"janedoe\",\n \"rank\": \"1\"\n }\n ]\n }\n}"},"url":"{{url}}/ECM/{{path}}/getAccounts"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Apache-Coyote/1.1"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubdomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"same-origin"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"Access-Control-Allow-Origin","value":"http://localhost"},{"key":"Expires","value":"Sun, 7 May 1995 12:00:00 GMT"},{"key":"Cache-Control","value":"no-store, no-cache, must-revalidate"},{"key":"Cache-Control","value":"post-check=0, pre-check=0"},{"key":"Pragma","value":"no-cache"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=3cde0103-5ccf-4fbf-a610-f75849c9e82e; Path=/"},{"key":"Content-Type","value":"text/json;charset=utf-8"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Fri, 13 Dec 2019 19:53:52 GMT"}],"cookie":[],"responseTime":null,"body":"{\n \"msg\": \"Successful\",\n \"displaycount\": 1,\n \"total\": 1,\n \"Accountdetails\": [\n {\n \"creator\": \"admin\",\n \"endpoint\": \"System1\",\n \"updatedate\": \"12/13/2019\",\n \"accountowner\": [\n {\n \"rank\": 1,\n \"type\": \"user\",\n \"value\": \"janedoe\"\n }\n ],\n \"name\": \"johnWS20\",\n \"updateUser\": \"admin\",\n \"createdon\": \"12/13/2019\",\n \"status\": \"1\",\n \"username\": \"johndoe\"\n }\n ],\n \"errorCode\": \"0\"\n}"}],"_postman_id":"bf45b738-ed6b-4b98-b4a4-dc08db40a2e4"},{"name":"Export Account","id":"7fe9295d-4904-439d-94dc-0687a48bebf7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"body":{"mode":"formdata","formdata":[{"key":"securitysystem","value":"System1","description":"mandatory
\n","type":"text"},{"key":"endpoint","value":"System1","description":"mandatory
\n","type":"text"}]},"url":"{{url}}/ECM/{{path}}/exportAccount","description":"This API call can be used to fetch all the existing accounts in a particular endpoint and security system along with the account attributes.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nendpoint - not the display name,\nsecuritysystem - not the display name
This method creates a new \"account\" for an \"endpoint\" in SSM. All the input parameters it requires are attributes with which the new account record would get created.
\nThe Authorization header variable must be set to Bearer followed by Token.
Mandatory params:
\nsecuritysystem - not display name,\nendpoint - not display name,\nname - account name to be created
Optional params:
\naccountid,\nusername - user for whom the account is created,\nrequestor - user who is creating the account,
accountowner - owner of account
1.type- usergroup / user, mandatory field
2. value - usergroup name / username, mandatory field
3. rank - values from 1-5, optional filed, Default: 1,
description,\ndisplayname,\ncomments,\naccountid,\ncustomproperty<1-56>,\npasswordchangestatus,\nprivileged,\nusergroup,\nstatus - Manually Suspended/Manually Provisioned/SUSPENDED FROM IMPORT SERVICE/1/2/3/4, default: 1\naccounttype - Service Account/Shared Account/FIREFIGHTERID, defaul: null,\nincorrectlogons,\norphan - true/false,\nvalidfrom - MM-dd-yyyy,\nvalidthrough - MM-dd-yyyy,\nlastlogondate - MM-dd-yyyy,\npasswordlockdate- MM-dd-yyyy,\nlastpasswordchange - MM-dd-yyyy
This method updates a particular \"account\" record in Saviynt, based on the account name.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:securitysystem,endpoint,name - account name
Optional params:customproperty<1 to 30>,status,description
accountowner
1.type- usergroup / user, mandatory field
2. value - usergroup name / username, mandatory field
3. rank - values from 1-5, optional filed, Default: 1
4. action - add / remove, mandatory field,
description,displayname,comments,accountid,customproperty<1-56>,passwordchangestatus,privileged,usergroup,
updateuser - username of user who is updating the account,status - Manually Suspended/Manually Provisioned/SUSPENDED FROM IMPORT SERVICE/1/2/3/4, default: 1accounttype - Service Account/Shared Account/FIREFIGHTERID, defaul: null,incorrectlogons,orphan - true/false,validfrom - MM-dd-yyyy,validthrough - MM-dd-yyyy,lastlogondate - MM-dd-yyyy,passwordlockdate- MM-dd-yyyy,lastpasswordchange - MM-dd-yyyy
This method provisions an \"Account\" to a \"User\" in SSM. The \"Account\" corresponds to a particular IT Application (e.g Microsoft Active Directory) which is modeled in SSM as \"Endpoint\" of a \"Security System\".
\nMandatory params:
\nsecuritysystem - Name of the Security System for the relevant IT Application modeled in SSM.
endpoint- Name of the Endpoint corresponding to the Security System.
accountname - Account name for the provisioned account.
username - Username of the user to whom the account has to be provisioned.
The Authorization must have Bearer followed by Token.
This method provisions one or more \"Entitlements\" to an \"Account\". The \"Entitlements\" and \"Account\" correspond to a particular IT Application (e.g Microsoft Active Directory) which is modeled in SSM as \"Endpoint\" of a \"Security System\".
\nMandatory params:\nsecuritysystem - Name of the Security System for the relevant IT Application modeled in SSM.
endpoint- Name of the Endpoint corresponding to the Security System.
accountname - Account name to which the entitlements should be provisioned.
entitlementtype - Entitlement type for the entitlements which are to be provisioned. e.g. AD Groups, EBS Responsibilities, SAP Roles etc.
entitlementvalue - Names of the actual entitlements which are to be provisioned.
The Authorization must have Bearer followed by Token.
This method deprovisions one or more \"Entitlements\" from an \"Account\". The \"Entitlements\" and \"Account\" correspond to a particular IT Application (e.g Microsoft Active Directory) which is modeled in SSM as \"Endpoint\" of a \"Security System\".
\nMandatory params:
\nsecuritysystem - Name of the Security System for the relevant IT Application modeled in SSM.
endpoint- Name of the Endpoint corresponding to the Security System.
accountname - Account name from which the entitlements should be deprovisioned.
entitlementtype - Entitlement type for the entitlements which are to be deprovisioned. e.g. AD Groups, EBS Responsibilities, SAP Roles etc.
entitlementvalue - Names of the actual entitlements which are to be deprovisioned.
The Authorization must have Bearer followed by Token.
This API can be used to get the list of all the entitlements.
\nThis API call can be used to get the list and details of all the entitlements the user has access to.
\nThis API will return only the entitlement attributes which are not null or not empty.
\nThe Authorization must have Bearer followed by Token.
Optional params:\nusername,\nentitlementtype,\nendpoint,\nrequestedObject -\"users\",\"userscount\",\nmax,\noffset,\nentitlementResponseFields,\nuserResponseFields,\nuserfiltercriteria,\naccountname,\nentownerwithrank - if \"true\", returns the list of owners with owner rank for every entitlementValue,\nexactmatch - Default is true. If given as false, it will search based on similar matches,
entitlementfiltercriteria,
OR
\nentQuery - query to support only entitlement_values parameters. Sample - \"ent.description = 'Desc' or ent.displayname like '%display%'\".
Note - Either pass param entitlementfiltercriteria (with or without exactmatch) OR entQuery. Both cannot be passed simultaneously.
\n","urlObject":{"path":["ECM","{{path}}","getEntitlements"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"47f8ac35-8427-4a14-912a-28f60ffe60c6","name":"Get Entitlements","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"Authorization","value":"Bearer {{token}}"}],"body":{"mode":"raw","raw":"\r\n{\r\n\"username\":\"acook\",\r\n\"endpoint\":\"System1\",\r\n\"entitlementtype\":\"Access\",\r\n\"requestedObject\":\"users\",\r\n\"max\":\"5\",\r\n\"offset\":\"0\",\r\n\"entitlementResponseFields\":[\"customproperty1\",\"access\",\"entitlement_value\"],\r\n\"entitlementfiltercriteria\":{\"customproperty1\":\"Eng\",\"status\":\"Active\",\"soxcritical\":\"1\"},\r\n\"userResponseFields\":[\"username\",\"firstname\"],\r\n\"exactmatch\":\"false\"\r\n}"},"url":"{{url}}/ECM/{{path}}/getEntitlements"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Apache-Coyote/1.1"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubdomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"same-origin"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"Access-Control-Allow-Origin","value":"http://localhost"},{"key":"Expires","value":"Sun, 7 May 1995 12:00:00 GMT"},{"key":"Cache-Control","value":"no-store, no-cache, must-revalidate"},{"key":"Cache-Control","value":"post-check=0, pre-check=0"},{"key":"Pragma","value":"no-cache"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=729ced8e-51dd-48f4-9364-3295c7bd1c7f; Path=/"},{"key":"Content-Type","value":"text/json;charset=utf-8"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Fri, 13 Dec 2019 23:46:33 GMT"}],"cookie":[],"responseTime":null,"body":"{\n \"msg\": \"Successful\",\n \"Entitlementdetails\": [\n {\n \"endpoint\": \"System1\",\n \"access\": \"Select\",\n \"entitlement_valuekey\": \"75670\",\n \"requestForm\": \"Request Form Table\",\n \"entitlement_value\": \"Entitlement1\",\n \"entitlementType\": \"Access\",\n \"accounts\": [\n {\n \"enddate\": \"\",\n \"accountname\": \"acook\",\n \"updatedate\": \"2019-04-29 17:57:56\",\n \"startdate\": \"2019-04-29 17:57:56\"\n },\n {\n \"enddate\": \"\",\n \"accountname\": \"tbowers\",\n \"updatedate\": \"2019-06-20 19:17:01\",\n \"startdate\": \"2019-06-20 19:17:01\"\n },\n {\n \"enddate\": \"\",\n \"accountname\": \"mchapman\",\n \"updatedate\": \"2019-06-20 19:33:21\",\n \"startdate\": \"2019-06-20 19:33:21\"\n }\n ]\n },\n {\n \"endpoint\": \"System1\",\n \"access\": \"Select\",\n \"entitlement_valuekey\": \"395504\",\n \"customproperty1\": \"Eng\",\n \"requestForm\": \"Request Form Table\",\n \"entitlement_value\": \"Entitlement2\",\n \"entitlementType\": \"Access\",\n \"accounts\": [\n {\n \"enddate\": \"\",\n \"accountname\": \"mchapman\",\n \"updatedate\": \"2019-05-02 22:11:12\",\n \"startdate\": \"2019-05-02 22:11:12\"\n },\n {\n \"enddate\": \"\",\n \"accountname\": \"acook\",\n \"updatedate\": \"2018-12-18 18:20:43\",\n \"startdate\": \"2018-12-18 18:20:43\"\n },\n {\n \"enddate\": \"\",\n \"accountname\": \"dbailey\",\n \"updatedate\": \"2019-12-03 21:45:55\",\n \"startdate\": \"2019-12-03 21:45:55\"\n },\n {\n \"enddate\": \"\",\n \"accountname\": \"lkrause\",\n \"updatedate\": \"2019-05-08 19:00:19\",\n \"startdate\": \"2019-05-08 19:00:19\"\n },\n {\n \"enddate\": \"\",\n \"accountname\": \"nhowell\",\n \"updatedate\": \"2019-05-14 21:59:54\",\n \"startdate\": \"2019-05-14 21:59:54\"\n },\n {\n \"enddate\": \"\",\n \"accountname\": \"glogan\",\n \"updatedate\": \"2019-05-14 23:04:01\",\n \"startdate\": \"2019-05-14 23:04:01\"\n },\n {\n \"enddate\": \"\",\n \"accountname\": \"crichards\",\n \"updatedate\": \"2019-05-14 23:06:11\",\n \"startdate\": \"2019-05-14 23:06:11\"\n },\n {\n \"enddate\": \"\",\n \"accountname\": \"ahinton\",\n \"updatedate\": \"2019-06-14 17:55:09\",\n \"startdate\": \"2019-06-14 17:55:09\"\n }\n ]\n },\n {\n \"endpoint\": \"System1\",\n \"access\": \"Select\",\n \"entitlement_valuekey\": \"395501\",\n \"customproperty1\": \"Eng\",\n \"requestForm\": \"Request Form Table\",\n \"entitlement_value\": \"Absence Administrator\",\n \"entitlementType\": \"Access\",\n \"accounts\": [\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"mchapman\",\n \"updatedate\": \"2019-06-19 06:33:34\",\n \"startdate\": \"2019-05-02 22:11:12\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"acook\",\n \"updatedate\": \"2019-06-19 06:33:34\",\n \"startdate\": \"2019-06-17 23:38:23\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"dbailey\",\n \"updatedate\": \"2019-06-19 06:33:34\",\n \"startdate\": \"2019-06-17 23:38:23\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"tbowers\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2018-12-18 18:20:43\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"ahinton\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-06-17 23:38:24\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"crichards\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-06-17 23:38:25\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"glogan\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-06-17 23:38:25\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"smarquez\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-06-17 23:38:25\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"bharrell\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-06-17 23:38:26\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"sbryant\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-06-17 23:38:27\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"kkennedy\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-05-08 19:00:20\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"mschulz\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-05-14 21:59:54\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"bmclaughlin\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-06-17 23:38:27\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"dchristensen\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-06-17 23:38:28\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"ajoseph\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-05-14 23:04:01\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"cglass\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-05-14 23:06:11\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"nmccormick\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-06-17 23:38:29\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"mwhitaker\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-06-17 23:38:30\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"fbenitez\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-06-17 23:38:31\"\n },\n {\n \"enddate\": \"2022-06-19 00:00:00\",\n \"accountname\": \"xespinoza\",\n \"updatedate\": \"2019-06-19 06:33:35\",\n \"startdate\": \"2019-06-14 17:55:09\"\n }\n ]\n },\n {\n \"endpoint\": \"System1\",\n \"access\": \"Select\",\n \"entitlement_valuekey\": \"395500\",\n \"customproperty1\": \"Eng\",\n \"requestForm\": \"Request Form Table\",\n \"entitlement_value\": \"1099 Analyst\",\n \"entitlementType\": \"Access\",\n \"accounts\": [\n {\n \"enddate\": \"\",\n \"accountname\": \"kweiss\",\n \"updatedate\": \"2019-04-29 17:57:56\",\n \"startdate\": \"2019-04-29 17:57:56\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"jibarra\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:23\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"awoods\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:24\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"ringram\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:24\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"rbartlett\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:24\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"sbentley\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:25\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"bknox\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:25\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"bboyle\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:26\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"mberg\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:26\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"catkins\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:27\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"awhitaker\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:27\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"lfigueroa\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:27\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"usngom1c\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:28\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"cburch\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:28\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"hbrock\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:29\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"igordon\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:29\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"tlawrence\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:29\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"umeyers\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:30\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"nmercado\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:31\"\n },\n {\n \"enddate\": \"2019-06-22 00:00:00\",\n \"accountname\": \"dmorales\",\n \"updatedate\": \"2019-06-18 22:06:18\",\n \"startdate\": \"2019-06-17 23:38:31\"\n }\n ]\n },\n {\n \"endpoint\": \"System1\",\n \"entitlement_valuekey\": \"395505\",\n \"customproperty1\": \"Eng\",\n \"requestForm\": \"Request Form Table\",\n \"entitlement_value\": \"Accountant\",\n \"entitlementType\": \"Access\",\n \"accounts\": [\n {\n \"enddate\": \"\",\n \"accountname\": \"lmeyers\",\n \"updatedate\": \"2019-05-03 20:15:53\",\n \"startdate\": \"2019-05-03 20:15:53\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"kbonilla\",\n \"updatedate\": \"2019-06-18 18:15:51\",\n \"startdate\": \"2019-06-18 18:15:51\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"jolsen\",\n \"updatedate\": \"2019-06-18 18:15:51\",\n \"startdate\": \"2019-06-18 18:15:51\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"ihooper\",\n \"updatedate\": \"2019-06-18 18:15:52\",\n \"startdate\": \"2019-06-18 18:15:52\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"bbrowman\",\n \"updatedate\": \"2019-06-18 18:15:52\",\n \"startdate\": \"2019-06-18 18:15:52\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"shahn\",\n \"updatedate\": \"2019-06-18 18:15:53\",\n \"startdate\": \"2019-06-18 18:15:53\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"xdunlop\",\n \"updatedate\": \"2019-06-18 18:15:53\",\n \"startdate\": \"2019-06-18 18:15:53\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"rpierce\",\n \"updatedate\": \"2019-06-18 18:15:54\",\n \"startdate\": \"2019-06-18 18:15:54\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"echristian\",\n \"updatedate\": \"2019-06-18 18:15:54\",\n \"startdate\": \"2019-06-18 18:15:54\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"dcarlson\",\n \"updatedate\": \"2019-06-18 18:15:55\",\n \"startdate\": \"2019-06-18 18:15:55\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"dcraig\",\n \"updatedate\": \"2019-06-18 18:15:55\",\n \"startdate\": \"2019-06-18 18:15:55\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"tmerritt\",\n \"updatedate\": \"2019-06-18 18:15:56\",\n \"startdate\": \"2019-06-18 18:15:56\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"usngom1c\",\n \"updatedate\": \"2019-06-18 18:15:57\",\n \"startdate\": \"2019-06-18 18:15:57\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"jpotter\",\n \"updatedate\": \"2019-06-18 18:15:58\",\n \"startdate\": \"2019-06-18 18:15:58\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"ssharp\",\n \"updatedate\": \"2019-06-18 18:15:58\",\n \"startdate\": \"2019-06-18 18:15:58\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"ostone\",\n \"updatedate\": \"2019-06-18 18:15:59\",\n \"startdate\": \"2019-06-18 18:15:59\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"kfrasier\",\n \"updatedate\": \"2019-06-18 18:15:59\",\n \"startdate\": \"2019-06-18 18:15:59\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"elivingston\",\n \"updatedate\": \"2019-06-18 18:16:00\",\n \"startdate\": \"2019-06-18 18:16:00\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"dcabrera\",\n \"updatedate\": \"2019-06-18 18:16:01\",\n \"startdate\": \"2019-06-18 18:16:01\"\n },\n {\n \"enddate\": \"2019-07-18 00:00:00\",\n \"accountname\": \"acohen\",\n \"updatedate\": \"2019-06-18 18:16:01\",\n \"startdate\": \"2019-06-18 18:16:01\"\n },\n {\n \"enddate\": \"\",\n \"accountname\": \"egolden\",\n \"updatedate\": \"2019-06-20 19:17:01\",\n \"startdate\": \"2019-06-20 19:17:01\"\n },\n {\n \"enddate\": \"\",\n \"accountname\": \"cclay\",\n \"updatedate\": \"2019-06-20 19:33:21\",\n \"startdate\": \"2019-06-20 19:33:21\"\n }\n ]\n }\n ],\n \"totalEntitlementCount\": 11,\n \"entitlementsCount\": 5,\n \"UserDetails\": {\n \"firstname\": \"John\",\n \"userKey\": 5,\n \"username\": \"johndoe\"\n },\n \"errorCode\": \"0\"\n}"},{"id":"9be4188b-e900-4d4c-8a32-42ff2d4e2534","name":"Get Entitlements with entownerwithrank","originalRequest":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"Authorization","value":"Bearer {{token}}"}],"body":{"mode":"raw","raw":"\r\n{\r\n\"username\":\"lmcneil\",\r\n\"endpoint\":\"Workday\",\r\n\"entQuery\":\"ent.entitlement_value like '%Report Writer (Report_Writer)%'\",\r\n\"entownerwithrank\":\"true\"\r\n}"},"url":"{{url}}/ECM/{{path}}/getEntitlements"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Apache-Coyote/1.1"},{"key":"X-Frame-Options","value":"DENY"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubdomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"same-origin"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"Access-Control-Allow-Origin","value":"http://localhost"},{"key":"Expires","value":"Sun, 7 May 1995 12:00:00 GMT"},{"key":"Cache-Control","value":"no-store, no-cache, must-revalidate"},{"key":"Cache-Control","value":"post-check=0, pre-check=0"},{"key":"Pragma","value":"no-cache"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=8a56ec8d-a73d-4fd4-b58d-7cb6d0034075; Path=/"},{"key":"Content-Type","value":"text/json;charset=utf-8"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Tue, 21 Jul 2020 18:18:02 GMT"}],"cookie":[],"responseTime":null,"body":"{\n \"msg\": \"Successful\",\n \"Entitlementdetails\": [\n {\n \"syscritical\": \"0\",\n \"entitlement_valuekey\": \"1\",\n \"entitlementID\": \"fcb69001b57c412a9a73089d3fba61f8\",\n \"description\": \"\",\n \"entitlementOwner\": {\n \"Rank 26\": [\n \"lmcneil\",\n \"smorgan\",\n \"Executive Management\",\n \"mschneider\"\n ]\n },\n \"entitlementType\": \"Security-Groups\",\n \"entitlement_glossary\": \"\",\n \"endpoint\": \"Workday\",\n \"requestForm\": \"Request Form Table\",\n \"displayname\": \"\",\n \"soxcritical\": \"0\",\n \"entitlement_value\": \"Report Writer (Report_Writer)\",\n \"status\": \"1\",\n \"accounts\": [\n {\n \"enddate\": \"\",\n \"accountname\": \"lmcneil\",\n \"updatedate\": \"07/11/2020 19:28:04\",\n \"startdate\": \"\"\n }\n ]\n }\n ],\n \"totalEntitlementCount\": 1,\n \"entitlementsCount\": 1,\n \"errorCode\": \"0\"\n}"}],"_postman_id":"4447bb58-287d-4de6-a2ad-e5975e3429ed"},{"name":"Create/Update Entitlement","id":"87d79119-054f-4bb3-8f02-f6727f0520c7","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"},{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\r\n \"endpoint\":\"Workday\",\r\n \"entitlementtype\":\"Security-Groups\",\r\n \"entitlement_value\":\"Accounts Receivable Specialist (Unconstrained)\",\r\n \"status\":1,\r\n \"entitlementID\":\"3f9fc9e54e42458daa84ad725dcae8ff\",\r\n \"updatedentitlement_value\":\"Accounts Receivable Specialist (Unconstrained) Test\"\r\n}"},"url":"{{url}}/ECM/{{path}}/createUpdateEntitlement","description":"This method creates a new \"entitlementvalue\" for an \"endpoint\" in SSM. All the input parameters it requires are attributes with which the new account record would get created.
\nEnsure: The Authorization header variable must be set to Bearer followed by Token.
Mandatory params:
\nendpoint,\nentitlementtype,\nentitlement_value
Optional params:
\nattributes for Entitlement_values,
entitlementowner<N> - N is the rank, entitlementowner modifies entitlementowner with rank 1, entitlementowner3 - modifies entitlementowner with rank 3,
entitlementID,newentitlement_value - used to update the entitlement if multiple entitlements with same entitlement_value are present under the same entitlementtype and endpoint
entitlement_valuekey
updatedentitlement_value - new value for entitlement_value
entitlementmap -
entitlementvalueentitlementtypeendpointrequestfilterexcludeentitlementadddependenttaskremovedependententtaskThis method returns a List of \"EntitlementValues\" for a specific endpoint in SSM.
The Authorization must have Bearer followed by Token.
Mandatory params:\nendpoint
Optional params:\nentitlementType, max, offset,\nentownerwithrank - if \"true\", returns the list of owners with owner rank for every entitlementValue
This API gives the list of privileges for an entitlement type.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nendpoint
Optional params:\nmax, offset, entitlementType
This API adds role to user.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nusername,\nrolename
This API can be used to get the list of all the roles.
\nThis API call can be used to get the list and details of all the roles associated to the user.
\nThe Authorization must have Bearer followed by Token.
Optional params:
\nusername,\ncustomproperty<1 to 60>,\nroletype,\nrequestable,\nstatus,\nrole_name,\ndescription,\ndisplayname,\nglossary,\nmininginstance,\nrisk,\nupdateuser,\nsystemid,\nsoxcritical,\nsyscritical,\nlevel,\npriviliged,\nconfidentiality,\nrequestedObject - contains users and/or entitlement_values
This API can be used to get the list of all the roles.
\nThis API call can be used to get the list and details of all the roles associated to the user.
\nThe Authorization must have Bearer followed by Token.
Optional params:
\nusername,\ncustomproperty<1 to 60>,\nroletype,\nrequestable,\nstatus,\nrole_name,\ndescription,\ndisplayname,\nglossary,\nmininginstance,\nrisk,\nupdateuser,\nsystemid,\nsoxcritical,\nsyscritical,\nlevel,\npriviliged,\nconfidentiality,\nrequestedObject - contains users and/or entitlement_values,\nmax,\noffset\nroleQuery\nhideblankvalues(can be true/false) - If true, will not return fields with blank or null. This parameter will apply to when requestedobject is passed: users/entitlements
This method returns a List of active \"FireFighter\" roles in SSM.
The Authorization must have Bearer followed by Token.
No params
\n","urlObject":{"path":["ECM","{{path}}","getFireFighterRoles"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"7e54a45c-0ea3-4dfc-bc24-706a22b7d391","name":"Get FireFighter Roles","originalRequest":{"header":[]},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"application/json;charset=UTF-8","name":"Content-Type","description":"The mime type of this content"},{"key":"Date","value":"Tue, 07 Aug 2018 20:12:19 GMT","name":"Date","description":"The date and time that the message was sent"},{"key":"Server","value":"Apache-Coyote/1.1","name":"Server","description":"A name for the server"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=a05c45f2-64d1-4521-a5a3-69cb73b94352; Path=/","name":"Set-Cookie","description":"an HTTP cookie"},{"key":"Transfer-Encoding","value":"chunked","name":"Transfer-Encoding","description":"The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity."},{"key":"X-Frame-Options","value":"SAMEORIGIN","name":"X-Frame-Options","description":"Clickjacking protection: \"deny\" - no rendering within a frame, \"sameorigin\" - no rendering if origin mismatch"}],"cookie":[{"expires":"Invalid Date","httpOnly":true,"domain":"localhost","path":"/ECM/","secure":false,"value":"0F504BF7823E5033FA63D93091395A1F","key":"JSESSIONID"},{"expires":"Invalid Date","httpOnly":false,"domain":"localhost","path":"/","secure":false,"value":"a05c45f2-64d1-4521-a5a3-69cb73b94352","key":"CCSRF-TOKEN"}],"responseTime":null,"body":"[{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Roles\",\"id\":125,\"confidentiality\":null,\"customproperty1\":null,\"customproperty10\":null,\"customproperty11\":null,\"customproperty12\":null,\"customproperty13\":null,\"customproperty14\":null,\"customproperty15\":null,\"customproperty16\":null,\"customproperty17\":null,\"customproperty18\":null,\"customproperty19\":null,\"customproperty2\":null,\"customproperty20\":null,\"customproperty21\":null,\"customproperty22\":null,\"customproperty23\":null,\"customproperty24\":null,\"customproperty25\":null,\"customproperty26\":null,\"customproperty27\":null,\"customproperty28\":null,\"customproperty29\":null,\"customproperty3\":null,\"customproperty30\":null,\"customproperty31\":null,\"customproperty32\":null,\"customproperty33\":null,\"customproperty34\":null,\"customproperty35\":null,\"customproperty36\":null,\"customproperty37\":null,\"customproperty38\":null,\"customproperty39\":null,\"customproperty4\":null,\"customproperty40\":null,\"customproperty41\":null,\"customproperty42\":null,\"customproperty43\":null,\"customproperty44\":null,\"customproperty45\":null,\"customproperty46\":null,\"customproperty47\":null,\"customproperty48\":null,\"customproperty49\":null,\"customproperty5\":null,\"customproperty50\":null,\"customproperty51\":null,\"customproperty52\":null,\"customproperty53\":null,\"customproperty54\":null,\"customproperty55\":null,\"customproperty56\":null,\"customproperty57\":null,\"customproperty58\":null,\"customproperty59\":null,\"customproperty6\":null,\"customproperty60\":null,\"customproperty7\":null,\"customproperty8\":null,\"customproperty9\":null,\"defaultTimeFrameHrs\":8,\"description\":\"desc\",\"displayname\":null,\"endpointkey\":null,\"flagexportedtoOIA\":false,\"glossary\":null,\"level\":null,\"maxTimeFrameHrs\":null,\"mininginstance\":null,\"parentroles\":null,\"priviliged\":null,\"requestable\":true,\"risk\":null,\"role_name\":\"Data Administrator\",\"role_user_accounts\":[{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Role_user_account\",\"id\":24}],\"roletype\":3,\"showDynamicAttrs\":null,\"sodflag\":false,\"soxcritical\":0,\"status\":1,\"syscritical\":0,\"systemid\":null,\"updatedate\":\"2017-03-24T20:16:11Z\",\"updateuser\":null},{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Roles\",\"id\":126,\"confidentiality\":null,\"customproperty1\":null,\"customproperty10\":null,\"customproperty11\":null,\"customproperty12\":null,\"customproperty13\":null,\"customproperty14\":null,\"customproperty15\":null,\"customproperty16\":null,\"customproperty17\":null,\"customproperty18\":null,\"customproperty19\":null,\"customproperty2\":null,\"customproperty20\":null,\"customproperty21\":null,\"customproperty22\":null,\"customproperty23\":null,\"customproperty24\":null,\"customproperty25\":null,\"customproperty26\":null,\"customproperty27\":null,\"customproperty28\":null,\"customproperty29\":null,\"customproperty3\":null,\"customproperty30\":null,\"customproperty31\":null,\"customproperty32\":null,\"customproperty33\":null,\"customproperty34\":null,\"customproperty35\":null,\"customproperty36\":null,\"customproperty37\":null,\"customproperty38\":null,\"customproperty39\":null,\"customproperty4\":null,\"customproperty40\":null,\"customproperty41\":null,\"customproperty42\":null,\"customproperty43\":null,\"customproperty44\":null,\"customproperty45\":null,\"customproperty46\":null,\"customproperty47\":null,\"customproperty48\":null,\"customproperty49\":null,\"customproperty5\":null,\"customproperty50\":null,\"customproperty51\":null,\"customproperty52\":null,\"customproperty53\":null,\"customproperty54\":null,\"customproperty55\":null,\"customproperty56\":null,\"customproperty57\":null,\"customproperty58\":null,\"customproperty59\":null,\"customproperty6\":null,\"customproperty60\":null,\"customproperty7\":null,\"customproperty8\":null,\"customproperty9\":null,\"defaultTimeFrameHrs\":8,\"description\":\"desc\",\"displayname\":null,\"endpointkey\":15,\"flagexportedtoOIA\":false,\"glossary\":null,\"level\":null,\"maxTimeFrameHrs\":null,\"mininginstance\":null,\"parentroles\":null,\"priviliged\":null,\"requestable\":true,\"risk\":null,\"role_name\":\"Network Administrator\",\"role_user_accounts\":[{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Role_user_account\",\"id\":61},{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Role_user_account\",\"id\":21},{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Role_user_account\",\"id\":20},{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Role_user_account\",\"id\":46},{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Role_user_account\",\"id\":59}],\"roletype\":3,\"showDynamicAttrs\":null,\"sodflag\":false,\"soxcritical\":0,\"status\":1,\"syscritical\":0,\"systemid\":null,\"updatedate\":\"2017-07-26T03:18:31Z\",\"updateuser\":1},{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Roles\",\"id\":129,\"confidentiality\":null,\"customproperty1\":\"3\",\"customproperty10\":null,\"customproperty11\":null,\"customproperty12\":null,\"customproperty13\":null,\"customproperty14\":null,\"customproperty15\":null,\"customproperty16\":null,\"customproperty17\":null,\"customproperty18\":null,\"customproperty19\":null,\"customproperty2\":null,\"customproperty20\":null,\"customproperty21\":null,\"customproperty22\":null,\"customproperty23\":null,\"customproperty24\":null,\"customproperty25\":null,\"customproperty26\":null,\"customproperty27\":null,\"customproperty28\":null,\"customproperty29\":null,\"customproperty3\":\"4\",\"customproperty30\":null,\"customproperty31\":null,\"customproperty32\":null,\"customproperty33\":null,\"customproperty34\":null,\"customproperty35\":null,\"customproperty36\":null,\"customproperty37\":null,\"customproperty38\":null,\"customproperty39\":null,\"customproperty4\":null,\"customproperty40\":null,\"customproperty41\":null,\"customproperty42\":null,\"customproperty43\":null,\"customproperty44\":null,\"customproperty45\":null,\"customproperty46\":null,\"customproperty47\":null,\"customproperty48\":null,\"customproperty49\":null,\"customproperty5\":\"5\",\"customproperty50\":null,\"customproperty51\":null,\"customproperty52\":null,\"customproperty53\":null,\"customproperty54\":null,\"customproperty55\":null,\"customproperty56\":null,\"customproperty57\":null,\"customproperty58\":null,\"customproperty59\":null,\"customproperty6\":null,\"customproperty60\":null,\"customproperty7\":null,\"customproperty8\":null,\"customproperty9\":null,\"defaultTimeFrameHrs\":8,\"description\":\"desc\",\"displayname\":\"Display Name Role 1\",\"endpointkey\":null,\"flagexportedtoOIA\":false,\"glossary\":\"test update\",\"level\":null,\"maxTimeFrameHrs\":null,\"mininginstance\":null,\"parentroles\":null,\"priviliged\":null,\"requestable\":true,\"risk\":null,\"role_name\":\"Policy Administrator\",\"role_user_accounts\":[{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Role_user_account\",\"id\":35}],\"roletype\":3,\"showDynamicAttrs\":false,\"sodflag\":false,\"soxcritical\":0,\"status\":1,\"syscritical\":0,\"systemid\":null,\"updatedate\":\"2017-12-02T00:45:07Z\",\"updateuser\":1},{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Roles\",\"id\":130,\"confidentiality\":null,\"customproperty1\":null,\"customproperty10\":null,\"customproperty11\":null,\"customproperty12\":null,\"customproperty13\":null,\"customproperty14\":null,\"customproperty15\":null,\"customproperty16\":null,\"customproperty17\":null,\"customproperty18\":null,\"customproperty19\":null,\"customproperty2\":null,\"customproperty20\":null,\"customproperty21\":null,\"customproperty22\":null,\"customproperty23\":null,\"customproperty24\":null,\"customproperty25\":null,\"customproperty26\":null,\"customproperty27\":null,\"customproperty28\":null,\"customproperty29\":null,\"customproperty3\":null,\"customproperty30\":null,\"customproperty31\":null,\"customproperty32\":null,\"customproperty33\":null,\"customproperty34\":null,\"customproperty35\":null,\"customproperty36\":null,\"customproperty37\":null,\"customproperty38\":null,\"customproperty39\":null,\"customproperty4\":null,\"customproperty40\":null,\"customproperty41\":null,\"customproperty42\":null,\"customproperty43\":null,\"customproperty44\":null,\"customproperty45\":null,\"customproperty46\":null,\"customproperty47\":null,\"customproperty48\":null,\"customproperty49\":null,\"customproperty5\":null,\"customproperty50\":null,\"customproperty51\":null,\"customproperty52\":null,\"customproperty53\":null,\"customproperty54\":null,\"customproperty55\":null,\"customproperty56\":null,\"customproperty57\":null,\"customproperty58\":null,\"customproperty59\":null,\"customproperty6\":null,\"customproperty60\":null,\"customproperty7\":null,\"customproperty8\":null,\"customproperty9\":null,\"defaultTimeFrameHrs\":null,\"description\":\"desc\",\"displayname\":null,\"endpointkey\":null,\"flagexportedtoOIA\":false,\"glossary\":null,\"level\":null,\"maxTimeFrameHrs\":null,\"mininginstance\":null,\"parentroles\":null,\"priviliged\":4,\"requestable\":true,\"risk\":null,\"role_name\":\"RoleTest\",\"role_user_accounts\":[{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Role_user_account\",\"id\":34},{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Role_user_account\",\"id\":33},{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Role_user_account\",\"id\":36},{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Role_user_account\",\"id\":37},{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Role_user_account\",\"id\":39}],\"roletype\":3,\"showDynamicAttrs\":null,\"sodflag\":false,\"soxcritical\":0,\"status\":1,\"syscritical\":0,\"systemid\":null,\"updatedate\":\"2017-02-01T05:20:29Z\",\"updateuser\":1},{\"class\":\"com.saviynt.ecm.identitywarehouse.domain.Roles\",\"id\":132,\"confidentiality\":null,\"customproperty1\":null,\"customproperty10\":null,\"customproperty11\":null,\"customproperty12\":null,\"customproperty13\":null,\"customproperty14\":null,\"customproperty15\":null,\"customproperty16\":null,\"customproperty17\":null,\"customproperty18\":null,\"customproperty19\":null,\"customproperty2\":\"hhh\",\"customproperty20\":null,\"customproperty21\":null,\"customproperty22\":null,\"customproperty23\":null,\"customproperty24\":null,\"customproperty25\":null,\"customproperty26\":null,\"customproperty27\":null,\"customproperty28\":null,\"customproperty29\":null,\"customproperty3\":null,\"customproperty30\":null,\"customproperty31\":null,\"customproperty32\":null,\"customproperty33\":null,\"customproperty34\":null,\"customproperty35\":null,\"customproperty36\":null,\"customproperty37\":null,\"customproperty38\":null,\"customproperty39\":null,\"customproperty4\":null,\"customproperty40\":null,\"customproperty41\":null,\"customproperty42\":null,\"customproperty43\":null,\"customproperty44\":null,\"customproperty45\":null,\"customproperty46\":null,\"customproperty47\":null,\"customproperty48\":null,\"customproperty49\":null,\"customproperty5\":null,\"customproperty50\":null,\"customproperty51\":null,\"customproperty52\":null,\"customproperty53\":null,\"customproperty54\":null,\"customproperty55\":null,\"customproperty56\":null,\"customproperty57\":null,\"customproperty58\":null,\"customproperty59\":null,\"customproperty6\":null,\"customproperty60\":null,\"customproperty7\":null,\"customproperty8\":null,\"customproperty9\":null,\"defaultTimeFrameHrs\":null,\"description\":null,\"displayname\":null,\"endpointkey\":15,\"flagexportedtoOIA\":false,\"glossary\":null,\"level\":null,\"maxTimeFrameHrs\":null,\"mininginstance\":null,\"parentroles\":null,\"priviliged\":null,\"requestable\":true,\"risk\":null,\"role_name\":\"test 66\",\"role_user_accounts\":[],\"roletype\":3,\"showDynamicAttrs\":null,\"sodflag\":false,\"soxcritical\":0,\"status\":1,\"syscritical\":0,\"systemid\":null,\"updatedate\":\"2017-07-26T03:21:12Z\",\"updateuser\":1}]"}],"_postman_id":"c2bb0139-a017-41cf-a5c2-965bdde3a537"},{"name":"Remove Role","id":"cf994f79-0244-4ed2-a9a9-132f44c740bf","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}","type":"text"},{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\n\t\"username\" : \"johndoe\",\n\t\"rolename\" : \"RoleTest\"\n}"},"url":"{{url}}/ECM/{{path}}/removerole","description":"This API removes role from user.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nusername,\nrolename
This API creates an endpoint in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nendpointname,\ndisplayName,\nsecuritysystem
Optional params:
\ndescription , \nownerType , \nowner , \nresourceOwnerType ,\nresourceOwner ,\ncustomproperty<N> - N is between 1 to 30,\ncustomproperty<N>Label - N is between 1 to 30 ,\naccountNameRule,\naccessquery ,\nenableCopyAccess,\ndisableNewAccountRequestIfAccountExists , \ndisableRemoveAccount ,\ndisableModifyAccount,\nuserAccountCorrelationRule
This API updates endpoint in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nendpointname
Optional params:
\nsecuritysystem,\ndisplayName , \ndescription , \nownerType , \nowner , \nresourceOwnerType ,\nresourceOwner ,\ncustomproperty<N> - N is between 1 to 30,\ncustomproperty<N>Label - N is between 1 to 30,\naccountNameRule,\naccessquery ,\nenableCopyAccess,\ndisableNewAccountRequestIfAccountExists , \ndisableRemoveAccount ,\ndisableModifyAccount,\nuserAccountCorrelationRule,\ncreateEntTaskforRemoveAcc
This API returns list of Endpoints in SSM.
\nThe Authorization must have Bearer followed by Token.
Optional params:\nconnectionType,\nendpointkey,\nendpointname,\nmax,\noffset,\nfilterCriteria
This API creates Entitlement Type in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nentitlementname,\nendpointname
Optional params:
\nentitlementdescription,\ncustomproperty<N> - customproperty 1 to 5,\nworkflow
This API updates Entitlement Type in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\n entitlementname,\n endpointname,
Optional params:\n entitlementdescription,\n workflow,\n customproperty<N>,\n availableQueryServiceAccount,\n selectedQueryServiceAccount, \n arsRequestableEntitlementQuery, \n arsSelectedEntitlementQuery , \n createTaskAction - it can be one value or list of values. The values can be [\"noAction\",\"removeTaskForExistingEntitlements\", \"enableRollback\"],\n requestDatesConfJson , \n startDateInRevokeRequest , \n startEndDateInRequest ,\n allowRemoveAllEntitlementInRequest , \n orderindex , \n requiredinrequest ,\n hiearchyrequired , \n requestoption
requestoption param values can be - \nSHOW_BUT_NOTREUESTABLESINGLE/ \nSHOW_BUT_NOTREUESTABLEMULTIPLE/ \nNONE/ \nSINGLE/ \nMULTIPLE/ \nTABLE/ \nFREEFORMTEXT/ \nTABLENOREMOVE/ \nRADIOBUTN/ \nCHECKBOXN/ \nREADONLYTABLE/ \nNONE_BUT_CREATETASK
This API returns list of Entitlement Types in SSM.
\nThe Authorization must have Bearer followed by Token.
Optional params:
\nentitlementname,\nmax,\noffset,\nendpointname
This API creates dynamic attributes in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nsecuritysystem
endpoint
updateuser
dynamicattributes - attributename, requesttype(ACCOUNT/PROPOSED ENTITLEMENT OWNER/ENTITLEMENT OWNER ATTESTATION/ROLE/SERVICE ACCOUNT)
Optional params:
\ndynamicattributes - other attributes of dynamic attributes
attributetype(BOOLEAN/NUMBER/STRING/ENUM/MULTIPLE SELECT FROM LIST/MULTIPLE SELECT FROM SQL QUERY/SINGLE SELECT FROM SQL QUERY/PASSWORD/LARGE TEXT/CHECK BOX/DATE)
This API updates dynamic attributes in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nsecuritysystem
endpoint
updateuser
dynamicattributes - attributename
Optional params:
\ndynamicattributes - other attributes of dynamic attributes
attributetype(BOOLEAN/NUMBER/STRING/ENUM/MULTIPLE SELECT FROM LIST/MULTIPLE SELECT FROM SQL QUERY/SINGLE SELECT FROM SQL QUERY/PASSWORD/LARGE TEXT/CHECK BOX/DATE)
requesttype(ACCOUNT/PROPOSED ENTITLEMENT OWNER/ENTITLEMENT OWNER ATTESTATION/ROLE/SERVICE ACCOUNT)
This API fetches the dynamic attributes in SSM.
\nThe Authorization must have Bearer followed by Token.
Optional params:
\nsecuritysystem
endpoint
dynamicattributes
max, offset,
requesttype - can be ['ACCOUNT', 'PROPOSED ENTITLEMENT OWNER', 'ENTITLEMENT OWNER ATTESTATION', 'ROLE', 'SERVICE ACCOUNT','USER'],
loggedinuser
This API deletes dynamic attributes in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nsecuritysystem
endpoint
updateuser
dynamicattributes - attributename list
This API creates Security System in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nsystemname\ndisplayName
Optional params:
\nhostname\nport\naccessAddWorkflow\naccessRemoveWorkflow\naddServiceAccountWorkflow\nremoveServiceAccountWorkflow\nconnectionparameters\nautomatedProvisioning
This API updates Security system in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nsystemname
Optional params:
\ndisplayName,\nhostname,\nport,\naccessAddWorkflow,\naccessRemoveWorkflow,\naddServiceAccountWorkflow,\nremoveServiceAccountWorkflow\nconnectionparameters\nautomatedProvisioning\nconnectionname\nprovisioningConnection\nserviceDeskConnection\nprovisioningcomments\naction - \"enable\" or \"disable\",\ndefaultSystem,\nreconApplication
This API returns list of Security Systems in SSM.
\nThe Authorization must have Bearer followed by Token.
Optional params:
\nsystemname,\nmax,offset,\nconnectionname,\nconnectionType
This API create or update usergroup in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nusergroup,\nusername
Optional params:
\nuser_groupdescription,
users -
username (mandatory),updateType - ADD/REMOVE (optional),entitlements -
endpoint (mandatory),entitlement_type (mandatory),entitlement_value (mandatory),updateType ADD/REMOVE (optional),owners -
username (mandatory),updateType - ADD/REMOVE/SETRANK (optional),rank (optional)This API is used to add or remove user from a usergroup in SSM
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nusername - User which needs to be added/ removed,
user_groupname - Group name to be added/removed,
actionType (0/1) - 0:Add and 1:Remove
This API delete usergroup in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nusername,\nusergroup
This API returns list of UserGroups in SSM.
\nThe Authorization must have Bearer followed by Token.
Optional params:
\nusergroupname,\nusergroupdescription,groupid,\nmax (default value is 5),\noffset (default value is 0)
This API creates an organization in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\norganizationname,\nusername - user who is creating the organization
Optional params:
\nOrganization Detail attributes can be passed like parentorganization, primarycontact, customproperty<1 to 20>, status etc.
organizationtype - Type of Organization. Possible values: DATA SECURITY / GROUPING / REQUEST RULES
endpoints - List of endpoints with params -
endpointnameroles - List of roles with params -
rolenamerules - List of rules with params -
nametype - BUISNESS / TECH / USERUPDATE / NEWUSER / REMOVEUSER / UPDATE_ENTITLEMENT / NEW_ENTITLEMENT / REMOVE_ENTITLEMENT/REQUESTentitlements - List of entitlements with params -
entitlementvalueentitlementtypeendpointusers - List of users with params -
usernameThis API updates an organization in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\norganizationname,\nusername - user who is updating the organization
Optional params:
\nOrganization Detail attributes can be passed like organizationtype, parentorganization, primarycontact, customproperty<1 to 20> etc.
Note: organization status update is not allowed.
\nendpoints - List of endpoints with params -
endpointnameupdatetype - ADD/REMOVEroles - List of roles with params -
rolenameupdatetype - ADD/REMOVErules - List of rules with params -
nametype - BUISNESS/TECH/USERUPDATE/NEWUSER/REMOVEUSER/UPDATE_ENTITLEMENT/NEW_ENTITLEMENT/REMOVE_ENTITLEMENT/REQUEST updatetype - ADD/REMOVEentitlements - List of entitlements with params -
entitlementvalueentitlementtype endpoint updatetype - ADD/REMOVEusers - List of users with params -
username updatetype - ADD/REMOVEThis API returns a list of organizations in SSM.
\nThe Authorization must have Bearer followed by Token.
Optional params:
\norganizationname,\nmax, offset
filtercriteria - organizationname,organizationtype(possible values - Data Security, Request Rules, Grouping, 1, 2, 3),status(\"ACTIVE\"/\"INACTIVE\"),updateuser(username),createuser(username),parentorganization,customproperty<1-20>,description,primarycontact(username),vendormanager(username),location,risk,score
This API deletes organization in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\norganizationname,\nusername
This API returns list of Connections in SSM.
\nThe Authorization must have Bearer followed by Token.
Optional params:\nmax,offset,\nconnectiontype,\nconnectionname
This API returns connection details in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nconnectiontype or connectionname(if both are passed then connectionkey will be considered)
This operation fetches a list of Analytic Controls by Category or Application (\"EndpointName\").
Optional params:\napplication,\ncategory,\nmax,\noffset
The Authorization must have Bearer followed by Token.
This web service API is used to fetch the details of analytics controls.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \ncontrolId - this is the ANALYTICSKEY
Optional params:\nmax, offset
This API is used to run analytics job.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \njobgroup,\njobname,\nanalyticsCategories (start and end with ###)
Optional params:\nanalyticsApplications\nanalyticssubcategories (start and end with ###)
This API is used to fetch runtime analytics data from SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \nanalyticsid OR analyticsname,\nattributes - runtime control params. \nSample : For this query - select * from users where manager = ${manager} and username = ${username}\n\"attributes\":{\n \"manager\":\"4\",\n \"username\":\"johndoe\"\n}
Optional params:\nmax,\noffset,\nloggedinuser
This method fetches a list of Analytic Controls in Elastic.
\nOptional params:
\nsearchcriteria: analytics params to search. Example: {\"analyticsid\": \"9\",\"risk\": \"Medium\",\"category\": \"Usage\",\"status\": \"Active\",\"analyticsname\":\"testESQuery\",\"owner\":\"awsadmin\",\"usergroup\":\"MTSTrade_Approver_BusinessOwner\",\"tags\":\"Tagname\",\"description\":\"desc\",\"recommendations\":\"comm\"},
max, offset
loggedinuser
Note: Security is based on owner, delegate, ROLE_ADMIN, SAV_ROLE's analytics ES category.
\nThe Authorization must have Bearer followed by Token.
This web service API is used to fetch the details of analytics controls ES
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \nanalyticsname/analyticsid
Optional params:
\nfiltercriteria - \nSample : {\n \"status\":[\"Accept\"],\n \"username\": [\n \"acook\",\n \"crichards\"\n ]\n }
max - limit of 10000, default max is 500,offset
loggedinuser
Note: Security is based on owner, delegate, ROLE_ADMIN, SAV_ROLE's analytics ES category.\n\"status\" cannot be keyword in the query, modification of the work can be used like \"userstatus\".
\n","urlObject":{"path":["ECM","{{path}}","fetchControlDetailsES"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"aff5ca54-ea78-43bd-8e0c-c6828edfcec5","name":"Fetch Analytics Details ES","originalRequest":{"method":"GET","header":[{"key":"Authorization","value":"Bearer {{token}}"},{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\r\n\t\"analyticsid\":\"6\",\r\n \"filtercriteria\": {\r\n \t\"status\":[\"Accept\"],\r\n \"username\": [\r\n \"dbailey\",\r\n \"acook\",\r\n \"crichards\"\r\n ],\r\n \"email\": [\r\n \"john.doe@sav.com\",\r\n \"test.user@sav.com\"\r\n ],\r\n \"logindate\": [ \r\n \t\"Feb 03, 2016 00:00:00\",\r\n \"Feb 08, 2016 00:00:00\"\r\n ]\r\n },\r\n \"max\":\"4\",\r\n \"offset\":\"0\",\r\n \"loggedinuser\":\"admin\"\r\n}"},"url":"{{url}}/ECM/{{path}}/fetchControlDetailsES"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Apache-Coyote/1.1"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Strict-Transport-Security","value":"max-age=7776000; includeSubdomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"same-origin"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"Access-Control-Allow-Origin","value":"http://localhost"},{"key":"Expires","value":"Sun, 7 May 1995 12:00:00 GMT"},{"key":"Cache-Control","value":"no-store, no-cache, must-revalidate"},{"key":"Cache-Control","value":"post-check=0, pre-check=0"},{"key":"Pragma","value":"no-cache"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=ef38a9d9-7de7-414f-9764-8e8b35ca8fa8; Path=/"},{"key":"Content-Type","value":"text/json;charset=utf-8"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Tue, 20 Aug 2019 06:42:12 GMT"}],"cookie":[],"responseTime":null,"body":"{\n \"msg\": \"Success\",\n \"analyticstype\": \"SQL\",\n \"lastrun\": \"2019-08-03 00:49:06\",\n \"description\": \"\",\n \"conflictcount\": \"10\",\n \"recommendations\": \"\",\n \"result\": [\n {\n \"firstname\": \"fn\",\n \"updateDate\": \"2019-08-03 00:00:00\",\n \"comments\": \"Accepted on [Jul 29, 2019-fn ln(admin)]This API is used to run analytics ES job.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \njobgroup,\njobname,\nanalyticsid OR analyticsname OR analyticsCategories (start and end with ###),
Optional params:\nanalyticssubcategories (start and end with ###)
This API call can be used for creating update/create user request in the SSM.
\nThe Authorization must have Bearer followed by Token.
Optional params:
\nstatuskey - Values:1/0, 0 - Inactive, 1 - Active
User params can be passed. Example: email, manager, username, firstname, lastname, preferedFirstName, customproperty<1 to 40>
Roles- Specifies the rolename (#### separated) that will be assigned to the newly created user
requestor
This API call can be used for updating user request in the SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nusername - user who has to be modified.
Optional params:
\nupdateuser - Username who is updating the request,
User's dynamic attribute can be passed. \nExample: \"firstname\": \"fn\",\n \"entity\": [\n \"Atlanta\"\n ]
This API fetches the list of user for whom the requestor can request.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nrequestor
Optional params:
\nmax, offset
This API call can be used for creating a new role and assigning an owner to the role.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nroletype - Use the roletype as \"ENTERPRISE\" to Create Enterprise Role Request. (supported roletypes - ENABLER/ TRANSACTIONAL/ FIREFIGHTER/ ENTERPRISE),
role_name,\nrequestor,\nowner (multiple owners separated by comma)
Optional params:\ncustomproperty<1 to 60>,\nendpointname
This API call can be used to update the enterprise role that was already created in the Saviynt Security Manager.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nroletype Use the roletype as \"ENTERPRISE\" to Update Enterprise Role Request. (supported roletypes are - ENABLER/ TRANSACTIONAL/ FIREFIGHTER/ ENTERPRISE),
role_name,\nrequestor,
Optional params:
\ncustomproperty<1 to 60>, \nendpointname,
entitlements -
entitlement_valueentitlementTypeendpointupdateType - ADD/REMOVEowner -
ownerNameupdateType - ADD/REMOVENote : If config for auto approve is ON then request will not be created
\n","urlObject":{"path":["ECM","{{path}}","updateEnterpriseRoleRequest"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"803c7dac-7f7c-4765-a968-002b1af15f73","name":"Update Enterprise Role Request","originalRequest":{"header":[]},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"text/json;charset=utf-8","name":"Content-Type","description":"The mime type of this content"},{"key":"Date","value":"Fri, 17 Aug 2018 19:48:37 GMT","name":"Date","description":"The date and time that the message was sent"},{"key":"Server","value":"Apache-Coyote/1.1","name":"Server","description":"A name for the server"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=0d6a62ae-c064-4970-9a45-92e4b509924a; Path=/","name":"Set-Cookie","description":"an HTTP cookie"},{"key":"Transfer-Encoding","value":"chunked","name":"Transfer-Encoding","description":"The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity."},{"key":"X-Frame-Options","value":"SAMEORIGIN","name":"X-Frame-Options","description":"Clickjacking protection: \"deny\" - no rendering within a frame, \"sameorigin\" - no rendering if origin mismatch"}],"cookie":[{"expires":"Invalid Date","httpOnly":true,"domain":"localhost","path":"/ECM/","secure":false,"value":"B2727F9928B82B70BFB01AB5FF30BF3B","key":"JSESSIONID"},{"expires":"Invalid Date","httpOnly":false,"domain":"localhost","path":"/","secure":false,"value":"0d6a62ae-c064-4970-9a45-92e4b509924a","key":"CCSRF-TOKEN"}],"responseTime":null,"body":"{\n \"errorCode\": \"0\",\n \"message\": \"RoleName Sent For Approval and requestid is 67865\"\n}"}],"_postman_id":"bd4a77ae-e308-490d-8396-ffb8a8cb9115"},{"name":"Request to Add Roles to User","id":"96007153-b13a-4bcd-b46a-d2eec8819234","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"},{"key":"Content-Type","value":"application/json"},{"key":"SAVUSERNAME","value":"admin"}],"body":{"mode":"raw","raw":"{\r\n\"accesstype\":\"ROLES\",\r\n\"username\":\"dbailey\",\r\n\"roletype\":\"ENTERPRISE\",\r\n\"requesttype\":1,\r\n\"roles\":[\r\n\t{ \r\n\"rolename\" : \"Network Administrator\",\r\n\"startdate\" : \"10-11-2018\", \r\n\"enddate\" : \"10-18-2018\",\r\n\"businessJustification\" : \"test justification\"\r\n} ],\r\n\"requestcomments\":\"commemnt\",\r\n\"requestor\":\"ahinton\"\r\n}"},"url":"{{url}}/ECM/{{path}}/createrequest","description":"This API is used to create request to add roles to User in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\naccesstype - ROLES,\nusername,\nroletype - FIREFIGHTER/ENTERPRISE,\nrequesttype - 1,\nrequestcomments,\nrequestor,
roles -
rolenamestartdate (optional, expected date format - MM-dd-yyyy)enddate (optional, expected date format - MM-dd-yyyy)businessJustification (optional)This API is used to create request to remove roles from User in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\naccesstype - ROLES,\nusername,\nroletype - FIREFIGHTER/ENTERPRISE,\nrequesttype - 4,\nroles,\nrequestcomments,\nrequestor
This API is used to create request to add entitlements to user in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nrequesttype - ADD,\nusername,\nendpoint,\nsecuritysystem,
Optional params:\naccountname,\ncomments,\nrequestor,\ncreateaccountifnotexists - true/false,\naccountid - can be used if createaccountifnotexists is true,\nchecksod - true/false, default value is false, this can be used to check basic sod,\naccountnamefromrule - true/false, can be used if createaccountifnotexists is true,
entitlement -
If using older versions of SSM -
\nentitlementType=entitlementValue
\nIf using SSM 5.2 or newer -
\n\"entitlement\":[\n {\"entitlementtype\":\"---\",\"entitlementvalue\":\"---\", \"startdate\":\"MM-dd-yyyy\", \"enddate\":\"MM-dd-yyyy\",\"businessjustification\":\"---\"}\n]\n(startdate, enddate and businessjustification are Optional params),
dynamicattr - { \"attrname\" : \"attrvalue\", .. }
This API is used to create request to remove entitlements from User in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nrequesttype - REMOVE,\nusername,\nendpoint,\nsecuritysystem,
entitlement -
If using older versions of SSM -
\nentitlementType=entitlementValue
\nIf using SSM 5.2 or newer -
\n\"entitlement\":[\n {\"entitlementtype\":\"---\",\"entitlementvalue\":\"---\",\"startdate\":\"MM-dd-yyyy\"}\n]
\n(startdate is Optional param)
Optional params:\naccountname,\ncomments,\nrequestor
This API returns list of entitlements in an application that the user can request based on the existing access and entitlement map exclusion.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: username, endpointname
Optional params:
\nmax,offset
entitlementtype,
entitlementResponseFields - Entitlement_value attributes required in the reponse,
endpointResponseFields - Endpoint attributes required in the response,
includeinflightrequests - If includeinflightrequests is true, API will also consider Entitlement requests in flight (requests that are submitted but not yet approved/rejected),
allowAssignedEntitlement - if allowAssignedEntitlement is true, API will consider the entitlements (and excluded entitlements) that are assigned to the user as requestable.
This API checks if a user is allowed to request for the entitlements given in a list based on the existing access and entitlement map exclusion.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nusername,
endpoint,
entitlementList - List of entitlementtypes and entitlements that needs to be checked.
Optional params:
\nincludeinflightrequests - If includeinflightrequests is true, API will also consider Entitlement requests in flight (requests that are submitted but not yet approved/rejected).
This API is used to create request to create new account and assign it to user in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nrequesttype - NEW,\nusername,\nendpoint,\nsecuritysystem
Optional params:\naccountname,\ncomments,\nrequestor,\nchecksod - true/false, default value is false, this can be used to check basic sod,\naccountnamefromrule - true/false,
entitlement -
If using older versions of SSM -
\nentitlementType=entitlementValue
\nIf using SSM 5.2 or newer -
\n\"entitlement\":[\n {\"entitlementtype\":\"---\",\"entitlementvalue\":\"---\", \"startdate\":\"MM-dd-yyyy\", \"enddate\":\"MM-dd-yyyy\",\"businessjustification\":\"---\"}\n]\n(startdate, enddate and businessjustification are Optional params),
dynamicattr - { \"attrname\" : \"attrvalue\", .. }
This API is used to create request to remove account from user in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nrequesttype - DELETE,\nusername,\nendpoint,\nsecuritysystem
Optional params:\naccountname,\ncomments,\nrequestor
This API creates request for a new service account and assign it to user in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nrequesttype - NEW,\nusername,\nendpoint,\naccountType,\nsecuritysystem,\nentitlement -
If using older versions of SSM -
\nentitlementType=entitlementValue
\nIf using SSM 5.2 or newer -
\n\"entitlement\":[\n {\"entitlementtype\":\"---\",\"entitlementvalue\":\"---\", \"startdate\":\"MM-dd-yyyy\", \"enddate\":\"MM-dd-yyyy\",\"businessjustification\":\"---\"}\n]\n(startdate, enddate and businessjustification are Optional params)
Optional params:
\naccountname,\ncomments,\nrequestor,
owner -
ownerType - mandatory field, values can be USER/USERGROUP,name - mandatory field,rank - optional field, values can be from 1 to 5.This API creates request for updating service account and assign it to user in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nrequesttype - ADD/REMOVE to add/remove entitlements,\nusername,\nendpoint,\naccountType,\nsecuritysystem,\nentitlement -
If using older versions of SSM -
\nentitlementType=entitlementValue
\nIf using SSM 5.2 or newer -
\n\"entitlement\":[\n {\"entitlementtype\":\"---\",\"entitlementvalue\":\"---\", \"startdate\":\"MM-dd-yyyy\", \"enddate\":\"MM-dd-yyyy\",\"businessjustification\":\"---\"}\n]\n(startdate, enddate and businessjustification are Optional params)
Optional params:
\naccountname,\ncomments,\nrequestor,
owner -
ownerType - mandatory field, values can be USER/USERGROUP,name - mandatory field,rank - optional field, values can be from 1 to 5.This API creates request for disabling account in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nrequesttype - DISABLEACCOUNT\naccountname,\nendpoint
Optional params:\n requestor, \n businessjustification
This API creates request for enabling account in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nrequesttype - ENABLEACCOUNT\naccountname,\nendpoint
Optional params:\n requestor, \n businessjustification
This API is used to create AD Group in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\naccesstype - roles,\nroletype - ADGroup,\nrequesttype - create,\nentitlementtype,\nsuffix,\nendpoint,\nsecuritysystem,\ndomain,\napplication
Optional params:
\nrequestor,\ndisplayname,\ncategory,\nenvironment,\nowner -
ownername - mandatoryrankupdatetype - optional, value can be 'add'entitlements -
entitlement_value - mandatoryupdatetype - optional, value can be 'add'parententitlements -
entitlement_value - mandatoryentitlementTypeupdatetype - add/removeaccounts -
accountname - mandatoryupdatetype - add/removeThis API is used to update AD Group in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\naccesstype - roles,\nroletype - ADGroup,\nrequesttype - create/ update,\nentitlementtype,\nrolename
Optional params:
\nrequestor,\ndisplayname,\ncategory,\nenvironment,\ncustomproperty<1 to 60>,\napplication,owner -
ownername - mandatoryrankupdatetype - add/remove, mandatoryentitlements -
entitlement_value - mandatoryupdatetype - add/remove, mandatoryparententitlements -
entitlement_value - mandatoryentitlementTypeupdatetype - add/removeaccounts -
accountname - mandatoryupdatetype - add/removeThis API is used to create role of roletype \"Entitlement\", such as AzureAD/Unix Group in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\naccesstype - roles,\nroletype - 6,\nrequesttype - create,\nentitlementtype,\nendpoint,\nsecuritysystem\nrole_name
Optional params:
\nrequestor,\ndisplayname,\ndescription,\ngrouptype,\nenablemail,\nenablesecurity,\nsoxcritical,\nsyscritical,\nprivileged,\nconfidentiality,\nrequestable,\ncomments,\nowner -
ownername - mandatoryrankupdatetype - optional, value can be 'add'entitlements -
entitlement_value - mandatoryupdatetype - optional, value can be 'add'parententitlements -
entitlement_value - mandatoryentitlementTypeupdatetype - add/removeaccounts -
accountname - mandatoryupdatetype - add/removeThis API is used to update role of roletype \"Entitlement\", such as AzureAD/Unix Group in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\naccesstype - roles,\nroletype - 6,\nrequesttype - update,\nentitlementtype,\nendpoint,\nsecuritysystem\nrole_name
Optional params:
\nrequestor,\ndisplayname,\ndescription,\ngrouptype,\nenablemail,\nenablesecurity,\nsoxcritical,\nsyscritical,\nprivileged,\nconfidentiality,\nrequestable,\ncomments,\nowner -
ownername - mandatoryrankupdatetype - optional, value can be 'add'entitlements -
entitlement_value - mandatoryupdatetype - optional, value can be 'add'parententitlements -
entitlement_value - mandatoryentitlementTypeupdatetype - add/removeaccounts -
accountname - mandatoryupdatetype - add/removeThis API is used to delete role of roletype \"Entitlement\", such as AzureAD/Unix Group in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\naccesstype - roles,\nroletype - 6,\nrequesttype - delete,\nentitlementtype,\nendpoint,\nsecuritysystem\nrole_name
This API call can be used to auto-approve requests for a particular endpoint and security system. These requests can be used to create, update, or delete types of entitlement requests.\nThe auto-approved request is shown in Request History.
\nNote: There should be a workflow with grant access already created with ‘AUTOAPPROVAL’ name and the workflow should be added to externalconfig.properties file with below details:\nsav.autoapprovalwfname=AUTOAPPROVAL.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nusername,\nrequestor,\nrequestaccess - [endpoint,securitysystem, requesttype, accountname]
Optional params:\ncomments,\nrequestaccess - [entitlement (entitlement.ADD, entitlement.REMOVE), requestaccessattr]
This method creates \"Request\" record for a new user in SSM.
\nThe Authorization must have Bearer followed by Token.
Optional params:\nSAVUSERNAME - in header,\nREQUESTTYPE,\nREQUESTER,\nCOMMENTS,\nUSERNAME,\nstartdate,\nenddate,\nSYSTEMNAME,\nENDPOINTS,\nentitlement,\nAPPROVER,\nACCOUNTNAME
This API can be used to add approver to existing request in SSM.
The Authorization must have Bearer followed by Token.
Mandatory params:
\nrequestkey - comma seprated requestkeys
updateapprover - username of the new approver
requestor - user who is updating the request
Optional params:
\noriginalassignee - username of old approver
removeoriginalassignee - true/false(default), if false then the original assignee will remain one of the approvers,\nIf originalassignee is not passed then requestor will be considered as original assignee.
comments,
allowreassign - true/false (default is false)
This API can be used to add dynamic attributes and add/remove entitlements to existing request in SSM.
The Authorization must have Bearer followed by Token.
Mandatory params:
\nrequestkey - comma seprated requestkeys
requestor - user who is updating the request
Optional params:
\ncomments
dynamicattributes -
attributevalueentitlements -
entitlement_valueentitlementtypecommentsaction - add/removeThis API can be used to attach a file to an existing request in SSM.
The Authorization must have Bearer followed by Token.
Mandatory params:
\nrequestkey
file (In Postman, select form-data for body type. Pass \"file\" in key, select the type as File, and upload the file in the value).
Note: File type needs to be configured as allowed file type in Saviynt.
\n","urlObject":{"path":["ECM","{{path}}","updateRequest"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"5311bfac-efc0-459f-a89c-744d192fe0a5","name":"updateRequest Attachment","originalRequest":{"method":"POST","header":[{"key":"Authorization","type":"text","value":"Bearer {{token}}"}],"body":{"mode":"formdata","formdata":[{"key":"file","type":"file"},{"key":"requestkey","type":"text","value":"3364"}]},"url":"{{url}}/ECM/{{path}}/updateRequest"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Apache-Coyote/1.1"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"WWW-Authenticate","value":"Bearer error=\"invalid_token\""},{"key":"Content-Length","value":"0"},{"key":"Date","value":"Wed, 24 Apr 2019 23:53:56 GMT"}],"cookie":[],"responseTime":null,"body":"{\n \"msg\": \"Success\",\n \"errorCode\": \"0\"\n}"}],"_postman_id":"bf64bd7a-7a18-4d89-bb2f-75177732441d"}],"id":"1e73916b-18c5-4b80-910c-caeb1a5cd0cd","_postman_id":"1e73916b-18c5-4b80-910c-caeb1a5cd0cd","description":""},{"name":"Request History","item":[{"name":"Fetch Request History (my pending requests)","id":"e31079aa-da99-425e-8f8e-67d257a24854","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"},{"key":"Content-Type","name":"Content-Type","type":"text","value":"application/json"}],"body":{"mode":"raw","raw":"{\r\n\t\"username\":\"johndoe\",\r\n\t\"status\" : [\"open\",\"expired\",\"completed\"],\r\n\t\"max\":\"1\"\r\n}"},"url":"{{url}}/ECM/{{path}}/fetchRequestHistory","description":"This API call can be used to fetch the request history of all the requests submitted by an user.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nusername - loggedinuser in Saviynt
Optional params:
\nstatus - OPEN/DRAFT/INPROCESS/COMPLETED/EXPIRED/DISCONTINUED. For example: as a list [\"open\",\"expired\"] or a single status like \"open\",
requestkey,\nrequestedfor,\nrequestedby,
sort - requestsubmittedon/duedate/requestid,
order - asc or desc,
requestid,\nduedatestart(MM/dd/yyyy),\nduedateend(MM/dd/yyyy),\nsubmitdatestart(MM/dd/yyyy),\nsubmitdateend(MM/dd/yyyy),\nendpoint,\nsecuritysystem,
firstname (requestedfor user),
lastname (requestedfor user),
assignee - list of usernames,
requesttype - list of requesttypes, (ADD,UPDATEACCOUNT,NEWACCOUNT,DEL,NEWROLEREQUEST,CREATEROLE,MODIFYROLE,CREATEUSER,UPDATEUSER,EXTENDACCESS etc),
approvedby - list of usernames,
rejectedby - list of usernames,
max, offset,
showentitlementdetails - true/false,
entresponsefields - if showentitlementdetails is true, sample - \"entresponsefields\":[\"description\",\"soxcritical\",\"customproperty1\",\"syscritical\",\"risk\",\"privileged\",\"status\",\"confidentiality\"]
This API call can be used to fetch the request history details of a request.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nrequestkey
Optional params:\ntaskmetadatalength - Modifies the character limit of provisioning comments and provisioning metadata upto maximum of 10000.\nhideblankapprovername - If true, prevents printing the firstname/lastname if null in the \"State\" field(Default : false)
Note - Provisioning comments in the response will be limited to 200 characters. Provisioning metadata in the response will be limited to 400 characters.
\n","urlObject":{"path":["ECM","{{path}}","fetchRequestHistoryDetails"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"d2151bbb-57d1-4ef4-925e-134bb350a44e","name":"Fetch Request History Details","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"body":{"mode":"formdata","formdata":[{"key":"requestkey","value":"3","type":"text"}]},"url":"{{url}}/ECM/{{path}}/fetchRequestHistoryDetails"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Apache-Coyote/1.1"},{"key":"X-Frame-Options","value":"DENY"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubdomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"same-origin"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"Access-Control-Allow-Origin","value":"http://localhost"},{"key":"Expires","value":"Sun, 7 May 1995 12:00:00 GMT"},{"key":"Cache-Control","value":"no-store, no-cache, must-revalidate"},{"key":"Cache-Control","value":"post-check=0, pre-check=0"},{"key":"Pragma","value":"no-cache"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=bea6a1b3-21f4-480b-8581-3efbc237a54c; Path=/"},{"key":"Content-Type","value":"text/json;charset=utf-8"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Wed, 23 Dec 2020 01:47:36 GMT"}],"cookie":[],"responseTime":null,"body":"{\n \"requestHistoryDetails\": {\n \"comments\": \"[07/21/17-null null(admin)] test\",\n \"managerapproval\": [\n {\n \"Entitlement Type\": \"\",\n \"Assignee\": \"Anirudh Sen (asen)\",\n \"Start Date\": \"2017-07-21 06:22:51\",\n \"Approve Date\": \"2017-07-21 06:24:20\",\n \"Endpoint\": \"Okta\",\n \"State\": \"Rejected (Saviynt AdminUser(admin))\",\n \"Business Justification\": \"[07/21/17 - (admin)] test\",\n \"endpointname\": \"Okta\",\n \"Access\": \"New Account Request\",\n \"Request Type\": \"Request for Access\"\n }\n ],\n \"Tasks\": [\n {\n \"Entitlement Type\": \"\",\n \"Task ID\": 1,\n \"Account\": \"asrinivasan-Deleted on-10-03-2019 21:11\",\n \"Assignee\": \"\",\n \"Owner\": \"admin\",\n \"User\": \"Abhishek Srinivasan(asrinivasan)\",\n \"tasktype\": \"NEWACCOUNT\",\n \"comments\": \"2362b01d4fc01300858ae9628110c7dcThis API discontinues an open request in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nrequestkey requestor
Optional params:
\ncomments
This method returns a list of \"Pending Requests\" for approver in SSM
\nThe Authorization must have Bearer followed by Token.
Header params:\nSAVUSERNAME - logged-in user
Optional params:\nrequestkey,\nassignee,\nmax,\noffset,\nrequestid,\nrequestedfor,\nrequestedby,\nfirstname,\nlastname,\nsort - requestsubmittedon/duedate/requestid/requestkey,\norder - asc/desc,\nsubmitdatestart,\nsubmitdateend,\nduedatestart,\nduedateend,\nrequestcomments,\nrequestorigin,\nendpoint - list of endpoints,\nsecuritysystem - list of securitysystems,\nassigneeuserkey - list of assignee userkeys,\nassigneeusername - list of usernames,\nrequesttype - list of requesttypes,\nentitlementvaluekey - list of entitlement value keys.
Note : Searchable dates in the format MM/dd/yyyy.
Sample for list of items - [\"value1\",\"value2\"]
This method returns approval details for a given \"RequestId\" (provided in requestKey parameter) and approver (approver provided in userName parameter)
The Authorization must have Bearer followed by Token.
Mandatory params:
\nrequestKey,\nuserName - approver username
Optional params:
\nentresponsefields - It can have syscritical, soxcritical, risk, privileged, confidentiality, status, displayname, description, any customproperty
This API is used to approve/reject requests. Before running this call, first we need to run the API to retrieve request approval details in order to obtain the taskid and taskkey.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \nrequestKey,\napprover,\napprovaldata (taskid, taskkey, action); action:1/2, 1 - approve, 2 - reject
Optional params:\ncomments
Note: enableapprovervalidationinapprovalapi flag(with true/false values) can be added in configuration table to enable/disable validations when approver approvers the request.Default value of enableapprovervalidationinapprovalapi flag is null.
\n","urlObject":{"path":["ECM","{{path}}","ApproveRejectDetailRequest"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"03a3c9f8-87d4-44e4-b9b2-9b5f5dc7bf40","name":"Approve/Reject each line item in a request","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"},{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n\"requestKey\":138,\n\"approver\":\"admin\",\n\"approvaldata\":[\n{\n\"taskid\":\"90363___43d9e862-7e02-4de3-825e-56aa6a49557e\",\n\"taskkey\":326,\n\"action\":1\n},\n{\n\"taskid\":\"90364___43d9e862-7e02-4de3-825e-56aa6a49557e\",\n\"taskkey\":327,\n\"action\":2\n}\n],\n\"comments\":\"approval comment\"\n}"},"url":"{{url}}/ECM/{{path}}/ApproveRejectDetailRequest"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Apache-Coyote/1.1"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Set-Cookie","value":"JSESSIONID=7A3B14A1A7820D58CE7BC60DC76962F5; Path=/ECM/; HttpOnly"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=e0d762c7-d7f1-4076-a3bd-908d3524fb12; Path=/"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"Content-Type","value":"text/json;charset=utf-8"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Wed, 05 Dec 2018 00:34:28 GMT"}],"cookie":[],"responseTime":null,"body":"{\n \"msg\": \"SUCCESSFUL\",\n \"errorCode\": \"0\",\n \"approvalResponse\": [\n {\n \"result\": \"Accepted\",\n \"taskkey\": 326,\n \"taskid\": \"90363___43d9e862-7e02-4de3-825e-56aa6a49557e\"\n },\n {\n \"result\": \"Accepted\",\n \"taskkey\": 327,\n \"taskid\": \"90364___43d9e862-7e02-4de3-825e-56aa6a49557e\"\n }\n ]\n}"}],"_postman_id":"41355c61-35b8-4d3f-8a6c-58f30c21f061"},{"name":"Get Pending Approvals","id":"18c359c3-bab8-49db-8666-74154f20c65d","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"},{"key":"Content-Type","value":"application/json"}],"body":{"mode":"raw","raw":"{\n\"requestkey\":\"2747\",\n\"username\" : \"admin\"\n}"},"url":"{{url}}/ECM/{{path}}/getPendingApprovals","description":"This API returns pending approval details for an approver (approver provided in username parameter).
The Authorization must have Bearer followed by Token.
Mandatory params:
\nusername
Optional params:
\nrequestkey,max, \noffset,\nrequestid,\nrequestedfor,\nrequestedby,\nfirstname,\nlastname,\nsort - requestdate/duedate/requestid/requestkey,\norder - asc/desc,\nsubmitdatestart,\nsubmitdateend,\nduedatestart,\nduedateend,\nrequestcomments,\nrequestorigin,\nendpoint - list of endpoints,\nsecuritysystem - list of securitysystems,\nassignee - list of assignees,\nassigneeusername - list of usernames,
requesttypes - comma-seperated list of requesttype constants
Example :\n\"requesttypes\":\"1,2,3\",
\nentitlementvaluekey - list of entitlement value keys,\nhidecompletedapprovals - true/ false (default is false).
Note : Searchable dates in the format MM/dd/yyyy.
Sample for list of items - [\"value1\",\"value2\"]
This API is used to approve/reject entire request.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \nrequestid or requestkey (if both are passed requestkey will be considered),\nreqaction:1/2, 1 - approve, 2 - reject
Optional params:\napprover (if not passed, the token user is used)\ncomments
This API call can be used to create a new account task for a specific user in a specific endpoint.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \nassignmenttype - ENTITLEMENTS,\ntasktype - NEW,\nusername,\nendpointname,\naccountname
Optional params:\ncomments\nsource(Default : WEBSERVICE)
This API call can be used to create a task for a specific user in a specific endpoint. Depending on the selected task type, it will create a task to create new account, or remove account.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nassignmenttype -ACCOUNTS,\ntasktype - UPDATEACCOUNT/DELETEACCOUNT/ENABLEACCOUNT/DISABLEACCOUNT,\nusername,\nendpointname,\naccountname
Optional params:\ncomments\nsource(Default : WEBSERVICE)
This API call can be used to create a task for a specific user in a specific endpoint. Depending on the selected task type, it will create a task to add an access, or remove access.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \nassignmenttype - ENTITLEMENTS,\ntasktype - NEW/ADD/DEL,\nusername,\nendpointname,\naccountname,\nentitlementtype,\nentitlementvalue
Optional params:\ncomments\nsource(Default : WEBSERVICE)
This API call can be used to create a task for a specific user in a specific endpoint. Depending on the selected task type, it will create a task to create new role or remove role.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \nassignmenttype - ROLES, \ntasktype - NEW/ADD/DEL, \nusername, rolename - can be comma separated list of roles
Optional params: \ncomments\nsource(Default : WEBSERVICE)
This API call can be used to create a new entitlement task in a specific endpoint.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \ntasktype - CREATEENTITLEMENT,\nusername,\nendpointname,\nusername
Optional params:\nassignmenttype - ENTITLEMENTS,\ncomments
This API call can be used to create an update entitlement task in a specific endpoint.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \ntasktype - UPDATEENTITLEMENT,\nusername,\nendpointname,\nusername
Optional params:\nassignmenttype - ENTITLEMENTS,\ncomments
This API call can be used to create an add access update entitlement task in a specific endpoint.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \ntasktype - UPDATEENTITLEMENTACCESSADD,\nusername,\nendpointname,\nusername,\nentitlementvalues
Optional params:\nassignmenttype - ENTITLEMENTS,\ncomments
This API call can be used to create a remove access update entitlement task in a specific endpoint.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \ntasktype - UPDATEENTITLEMENTACCESSREMOVE,\nusername,\nendpointname,\nusername,\nentitlementvalues
Optional params:\nassignmenttype - ENTITLEMENTS,\ncomments
This method closes a single open task in SSM - both in \"New\" and \"InProgress\" state.
\nMandatory params:
\ntaskid - Unique ID of the task.
Optional params:
\nprovisioning - true or false,
updateuser - username of user who is updating the task,
completeassociatedtasks - true or false,
emailto,
notify - use this if you want to pick up data from the task, sample - \"notify\":[\"USER\",\"requestor\",\"MANAGER\"],
emailbody,
subject,
from
The Authorization must have Bearer followed by Token.
This method closes multiple open tasks in SSM - both in \"New\" and \"InProgress\" state.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ntaskkeytocomplete with taskid
Optional params:
\nupdateuser - username of user who is updating the task,
taskkeytocomplete with taskdata - taskdata is password for the task, and provisioningComments
The Authorization must have Bearer followed by Token.
It can update certain params of a task as well as complete a task.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \ntaskKeyToUpdate
Optional params: \nupdatetype (if this is set to \"completetask\" then refer completetask api and pass appropriate params as well),
comments,
provisioningComments,
provisioningMetadata,
password,
status,
ticketId,
taskownerusergroup/taskowneruser,
updateuser - username of user who is updating the task,
completeassociatedtasks - true / false,
emailto,
notify - to pick up data from the task, supported values - \"notify\":[\"USER\",\"requestor\",\"MANAGER\"],
from,
subject,
emailbody
This method discontinues open tasks in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ntaskkeytodiscontinue-
1.taskid
Optional params:
\ntaskkeytodiscontinue-
1.updateuser - username of user who is updating the task,
2.discontinueassociatedtask - true or false,
3.comments
The Authorization must have Bearer followed by Token.
This API can be used to discontinue all pending tasks.
\nThe Authorization must have Bearer followed by Token.
Optional params: \nupdateuser
commentsrequest
This method returns a list of provisioning tasks, that correspond to a particular IT Application (e.g Microsoft Active Directory) modeled in SSM as \"Endpoint\" of a \"Security System\".
The Authorization must have Bearer followed by Token.
Mandatory params:\nTASKSTATUS - PENDING/PENDINGCREATE/COMPLETED/COMPLETED_AND_DISCONTINUE/DISCONTINUE,
Optional params:
\nendpoint - endpoint key,\nendpointname, endpointdescription,
securitysystem - securitysystem key,
loggedinusername - username of user who wants to fetch the tasks,\nupadteuser, \nrequestedby, \nusername, \nfirstname, \nlastname,\naccount - accountname,
entitlement_value, \nentitlement_glossary, \nentitlementowner - entitlementowner key,\nentitlementtypekey,
requestid, \nparenttaskid, \ntaskid, \ntaskowneruser - userkey of owner,\ntaskownerusername - username of owner, \ntaskownerusergroup - usergroup key, \ntaskownerusergroupname - usergroup name, \nmax, offset,\nstatusint - List of comma-seperated integer equivalent task status(3 - Complete, 4 - Discontinue and so on)\nsource - List of comma-seperated source types(REQUEST/WEBSERVICE/CERTIFICATION and so on)\nrequestkey - List of comma-seperated requestkeys\nrequestaccesskey - List of comma-seperated requestaccesskey\ntasktype - List of comma-seperated integer equivalent task types(3 - New Account, 5 - Change Password and so on)\ngetEntitlementObj - Values: true/false, if true returns the entitlement details associated with the task
getAccountObj - Values: true/false, if true returns the account details asociated with the task,
taskmetadatalength - Modifies the charcater limit of provisioning comments and provisioning metadata upto maximum of 10000.
Note - Provisioning comments in the response will be limited to 200 characters. Provisioning metadata in the response will be limited to 400 characters.
\n","urlObject":{"path":["ECM","{{path}}","fetchTasks"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"4400500a-2921-43f4-b8aa-4e487e60f61e","name":"Fetch Task Details","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"body":{"mode":"formdata","formdata":[{"key":"TASKSTATUS","value":"PENDING","type":"text"},{"key":"taskid","value":"26936","type":"text","disabled":true}]},"url":"{{url}}/ECM/{{path}}/fetchTasks"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Apache-Coyote/1.1"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Strict-Transport-Security","value":"max-age=7776000; includeSubdomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"same-origin"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"Access-Control-Allow-Origin","value":"http://localhost"},{"key":"Expires","value":"Sun, 7 May 1995 12:00:00 GMT"},{"key":"Cache-Control","value":"no-store, no-cache, must-revalidate"},{"key":"Cache-Control","value":"post-check=0, pre-check=0"},{"key":"Pragma","value":"no-cache"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=9583c532-fd69-4855-87ec-23e4ac2a62d8; Path=/"},{"key":"Content-Type","value":"text/json;charset=utf-8"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Mon, 05 Aug 2019 21:46:41 GMT"}],"cookie":[],"responseTime":null,"body":"{\n \"msg\": \"Successful\",\n \"errorCode\": \"0\",\n \"totalrecords\": \"2\",\n \"totaltasks\": \"2\",\n \"tasks\": [\n {\n \"TASKID\": \"12066\",\n \"TASKTYPE\": \"Add Access\",\n \"PARENTTASK\": \"\",\n \"USER\": \"ahinton\",\n \"ACCOUNT\": \"ahinton\",\n \"SECURITYSYSTEM\": \"AccessManager\",\n \"ENDPOINT\": \"Access Manager\",\n \"ENTITLEMENT_VALUEKEY\": \"ROLE_ADMIN\",\n \"REQUESTKEY\": \"4790331\",\n \"OWNERKEY\": \"admin\",\n \"CREATIONDATE\": \"2019-06-20 12:35:07\",\n \"STATUS\": \"New\",\n \"upadteuser\": \"\",\n \"STARTDATE\": \"\",\n \"ENDDATE\": \"\",\n \"PROVISIONINGCOMMENTS\": \"\",\n \"PROVISIONINGMETADATA\": \"\",\n \"COMMENTS\": \"Entitlement with new account for this application\",\n \"REQUESTACCESSKEY\": 9560,\n \"ENTITLEMENTTYPE\": \"Role\"\n },\n {\n \"TASKID\": \"12067\",\n \"TASKTYPE\": \"Add Access\",\n \"PARENTTASK\": \"\",\n \"USER\": \"glogan\",\n \"ACCOUNT\": \"glogan\",\n \"SECURITYSYSTEM\": \"AccessManager\",\n \"ENDPOINT\": \"Access Manager\",\n \"ENTITLEMENT_VALUEKEY\": \"AWS_ADMIN\",\n \"REQUESTKEY\": \"4790331\",\n \"OWNERKEY\": \"admin\",\n \"CREATIONDATE\": \"2019-06-20 12:35:07\",\n \"STATUS\": \"New\",\n \"upadteuser\": \"\",\n \"STARTDATE\": \"\",\n \"ENDDATE\": \"\",\n \"PROVISIONINGCOMMENTS\": \"\",\n \"PROVISIONINGMETADATA\": \"\",\n \"COMMENTS\": \"Entitlement with new account for this application\",\n \"REQUESTACCESSKEY\": 9560,\n \"ENTITLEMENTTYPE\": \"Role\"\n }\n ]\n}"},{"id":"b92bf546-1ecc-4c87-a7ca-d7cdcec35b1f","name":"Fetch Task Details 2","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"body":{"mode":"formdata","formdata":[{"key":"statusint","value":"1","type":"text"},{"key":"source","value":"REQUEST","type":"text"},{"key":"tasktype","value":"1","type":"text"},{"key":"requestkey","value":"4120,4427,4438","type":"text"},{"key":"requestaccesskey","value":"7686,8318,8319","type":"text"}]},"url":"{{url}}/ECM/{{path}}/fetchTasks"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Date","value":"Tue, 08 Dec 2020 23:22:20 GMT"},{"key":"Content-Type","value":"text/json;charset=utf-8"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Connection","value":"keep-alive"},{"key":"Set-Cookie","value":"AWSALB=xRyFMWaHIiJQJ0/lEaZPkWJsDJlk3yEkUU3CWg33z4GWMbrCUwtUY7AjUODhMSBoPPUVQ8ageWNpBPxmGSQmjWgf1LiPx9YI+o5KGZLQ5cK5iHk1WBfwQXhkx64J; Expires=Tue, 15 Dec 2020 23:22:20 GMT; Path=/"},{"key":"Set-Cookie","value":"AWSALBCORS=xRyFMWaHIiJQJ0/lEaZPkWJsDJlk3yEkUU3CWg33z4GWMbrCUwtUY7AjUODhMSBoPPUVQ8ageWNpBPxmGSQmjWgf1LiPx9YI+o5KGZLQ5cK5iHk1WBfwQXhkx64J; Expires=Tue, 15 Dec 2020 23:22:20 GMT; Path=/; SameSite=None; Secure"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=48496b2f-265d-4db0-8270-de877b86532b; Path=/"},{"key":"X-Frame-Options","value":"ALLOW-FROM https://ssm-dev-servicenow.saviyntcloud.com/ECM/login/auth"},{"key":"Strict-Transport-Security","value":"max-age=31536000; includeSubdomains"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"X-XSS-Protection","value":"1; mode=block"},{"key":"Referrer-Policy","value":"same-origin"},{"key":"Access-Control-Allow-Credentials","value":"true"},{"key":"Access-Control-Allow-Origin","value":"http://localhost"},{"key":"Expires","value":"Sun, 7 May 1995 12:00:00 GMT"},{"key":"Cache-Control","value":"no-store, no-cache, must-revalidate"},{"key":"Cache-Control","value":"post-check=0, pre-check=0"},{"key":"Pragma","value":"no-cache"}],"cookie":[],"responseTime":null,"body":"{\n \"msg\": \"Successful\",\n \"errorCode\": \"0\",\n \"totalrecords\": \"2\",\n \"totaltasks\": \"2\",\n \"tasks\": [\n {\n \"TASKID\": \"10643080\",\n \"TASKTYPE\": \"Add Access\",\n \"PARENTTASK\": \"10643079-New\",\n \"USER\": \"1000001\",\n \"ACCOUNT\": \"New A/c -1000001\",\n \"SECURITYSYSTEM\": \"AWS\",\n \"ENDPOINT\": \"AWS\",\n \"ENTITLEMENT_VALUEKEY\": \"AOLAuditAccess-AOLAuditRWGroup-R3M3MF\",\n \"REQUESTID\": \"2802231\",\n \"REQUESTKEY\": 4427,\n \"OWNERKEY\": \"admin\",\n \"CREATIONDATE\": \"2020-11-03 12:06:37\",\n \"UPDATEDATE\": \"2020-11-03 12:06:37\",\n \"STATUS\": \"New\",\n \"upadteuser\": \"\",\n \"STARTDATE\": \"2020-11-03 00:00:00\",\n \"ENDDATE\": \"2020-11-19 00:00:00\",\n \"PROVISIONINGCOMMENTS\": \"\",\n \"PROVISIONINGMETADATA\": \"\",\n \"COMMENTS\": \"request\",\n \"REQUESTACCESSKEY\": 8318,\n \"ENTITLEMENTTYPE\": \"AWSGroup\"\n },\n {\n \"TASKID\": \"10643081\",\n \"TASKTYPE\": \"Add Access\",\n \"PARENTTASK\": \"10643079-New\",\n \"USER\": \"1000001\",\n \"ACCOUNT\": \"New A/c -1000001\",\n \"SECURITYSYSTEM\": \"AWS\",\n \"ENDPOINT\": \"AWS\",\n \"ENTITLEMENT_VALUEKEY\": \"AOLAuditAccess-AOLAudit-1TODOQ\",\n \"REQUESTID\": \"2802231\",\n \"REQUESTKEY\": 4427,\n \"OWNERKEY\": \"admin\",\n \"CREATIONDATE\": \"2020-11-03 12:06:37\",\n \"UPDATEDATE\": \"2020-11-03 12:06:37\",\n \"STATUS\": \"New\",\n \"upadteuser\": \"\",\n \"STARTDATE\": \"2020-11-03 00:00:00\",\n \"ENDDATE\": \"2020-11-19 00:00:00\",\n \"PROVISIONINGCOMMENTS\": \"\",\n \"PROVISIONINGMETADATA\": \"\",\n \"COMMENTS\": \"request\",\n \"REQUESTACCESSKEY\": 8319,\n \"ENTITLEMENTTYPE\": \"AWSGroup\"\n }\n ]\n}"}],"_postman_id":"14cede3f-4cbc-424c-ba0a-79ae4584d0e4"},{"name":"Fetch Request Access Attributes","id":"cf5196b6-7797-4ef0-b897-f8c7fb798183","request":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"body":{"mode":"formdata","formdata":[{"key":"requestaccesskey","value":"10","type":"text"}]},"url":"{{url}}/ECM/{{path}}/fetchRequestAccessAttributes","description":"This method returns approval history details for a given \"RequestAccessKey\"(provided in requestaccesskey parameter)
The Authorization must have Bearer followed by Token.
Mandatory params:\nrequestaccesskey
This API can be used to check the task status. Response can return task status as “New/Complete/In Progress/Discontinued”.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \ntaskid
This API call can be used to create a delete entitlement task in a specific endpoint.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \ntasktype - DELETEENTITLEMENT,\nusername,\nendpointname,\nusername
Optional params:\nassignmenttype - ENTITLEMENTS,\ncomments
This API returns list of users that are allowed to be added as delegate for a parentuser in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nparentusername
Optional params:
\nmax, offset,
searchCriteria - example \"t*\" or \"te\" or \"test\" to search in username or firstname or lastname for the delegate user
This method creates a new delegate for a parent User. The input parameters of this method contains the details of the Parent User as well as the one to whom the Delegation is carried out.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nuserName - this is user who is creating the delegation,
name - name of delegate,
delegateusername - this is the user who should be assigned as the delegate of the parent user,
delegatestartdate - in format MMDDYYY,
delegateenddate - in format MMDDYYY
Optional params:
\nparentusername - this is the parent username, if not passed it will consider userName as parentusername,
description
This API is used to retrieve the list of existing delegates and their details.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nuserName - this is the parentusername
Optional params:
\nmax, offset,
status - values can be ACTIVE / INACTIVE
This method is used to edit a specific delegate. The input parameters of this method contain the details of the Parent User as well as the one to whom the Delegation is carried out.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nkey - this is the delegatekey,
userName - this is user who is updating the delegation,
name - name of delegate,
delegateusername - this is the user who should be assigned as the delegate of the parent user,
delegatestartdate - in format MMDDYYY,
delegateenddate - in format MMDDYYY
Optional params:
\nparentusername - this is the parent username, if not passed it will consider userName as parentusername
description
This API is used to delete a specific delegate.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nuserName - this is the user who is deleting the delegate,
key - the is the delegatekey
This API call can be used to fetch Attestation list from SSM for a given user.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \nuserName
Optional params:\nmax, offset
This API call can be used to fetch Attestation details for a particular attestation from SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nuserName - this is the certifier username,
id - this is the attestation id
This API can be used to certify users employment status for user manager attestation.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nverifications -
employee - Username to whom you want to certify
verifier - Indicates the ‘username’ of the approver/verifier
action - Specify the ‘Action’ you want to take for the respective Campaign. Possible values are ‘Works for me’, ‘Does not work for me’, ‘Terminated’, and ‘No response’
id - Indicates the attestation id for which you want to take action specified in the ‘Action’ parameter.
Optional params:
\nverifications -
comments - Specify the comments you want to mention for taking the respective action
This API call can be used to get the details, status, and keys for accounts and entitlements within user manager attestation.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:id - attestation id
This API can be used to approve or reject accounts or entitlements for a user manager attestation.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nattid - attestation id,
id - same as attid,
verifier - Indicates the approver/verifier username verifying the attestation request,
accounts -
1.accattkey - Indicates the account id which you want to approve/reject
2.userattkey - Indicates the user id which you want to approve
3.certified - Select the action you want to perform. For approval, mention ‘Yes’ and for rejecting mention ‘No’
entitlements -
1.accattkey - Indicates the account id for which you want to approve/reject for the respective entitlement
2.userattkey - Indicates the user id which you want to approve
3.certified - Select the action you want to perform. For approval, mention ‘Yes’ and for rejecting mention ‘No’
4.entattkey - Indicates the entitlement attribute key for which you want to approve/reject the respective entitlement
Either accounts or entitlements is mandatory.
\nOptional params:
\nusers -
1.userattkey - Indicates the user id which you want to approve
2.certified - Specify the ‘Action’. Possible values are ‘Works for me’, ‘Does not work for me’, ‘Terminated’, and ‘No response’
comments
This API can be used to lock a completed attestation, which is not locked. Once the attestation is locked using lockAttestation, no changes can be made to the attestation.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nverifier - Indicates the approver/verifier username verifying the attestation request,
attid - Indicates the attestation id
Optional params:
\ncomments
This API returns list of all campaign's pending to be certified.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncertifierUsername
Optional params:
\nmax, offset
This API return details of a particular campaign required for employee verification.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignId
Optional params:
\ncertifierUsername,\ncertkey,\nmax,\noffset
Note: The user attributes in the response is driven by the attributes selected during the campaign launch.
\n","urlObject":{"path":["ECM","{{path}}","fetchCampaignDetails"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"2064f97d-d4ea-4f19-b089-4ad42eb265c7","name":"Fetch Campaign Details","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}","type":"text"},{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{ \r\n\"campaignId\":\"232\" \r\n} "},"url":"{{url}}/ECM/{{path}}/fetchCampaignDetails"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Apache-Coyote/1.1"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=e46e8de2-fe87-4986-8bdb-fb927923a1c1; Path=/"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"Content-Type","value":"text/json;charset=utf-8"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Thu, 25 Apr 2019 20:41:00 GMT"}],"cookie":[],"responseTime":null,"body":"{\n \"msg\": \"successful\",\n \"campaignId\": \"232\",\n \"count\": 1,\n \"errorCode\": \"0\",\n \"Total Preview Certification\": [\n \"testLock2 - dbailey (Damien Bailey)\"\n ],\n \"campaignDetails\": [\n {\n \"certkey\": \"12258\",\n \"certificationame\": \"testLock2 - dbailey (Damien Bailey)\",\n \"certifier\": \"dlogan\",\n \"status\": \"Locked And Task Created\",\n \"progress\": \"100%\",\n \"usercount\": 5,\n \"users\": [\n {\n \"firstname\": \"Tabitha\",\n \"comments\": \"\",\n \"displayname\": \"Tabitha Bowers\",\n \"username\": \"tbowers\",\n \"comment\": \"\",\n \"certfied\": \"WORKSFORME\",\n \"totalaccount\": 5,\n \"updateuser\": \"dbailey\"\n },\n {\n \"firstname\": \"Ariana\",\n \"comments\": \"\",\n \"displayname\": \"Ariana Hinton\",\n \"username\": \"00039016-9acb-495d-8912-7bc289d0af1b\",\n \"comment\": \"[02/26/19-(admin)] test comments for dbailey[02/26/19-(admin)] test comments for dbailey[02/26/19-(admin)] test comments for dbailey[02/26/19-(admin)] test comments for dbailey[02/26/19-(admin)] test comments for dbailey\",\n \"certfied\": \"WORKSFORME\",\n \"totalaccount\": 1,\n \"updateuser\": \"dbailey\"\n },\n {\n \"firstname\": \"Mathew\",\n \"comments\": \"\",\n \"displayname\": \"\",\n \"username\": \"194422\",\n \"comment\": \"[02/26/19-(admin)] test comments for DEWHE0\",\n \"certfied\": \"WORKSFORME\",\n \"totalaccount\": 2,\n \"updateuser\": \"dbailey\"\n },\n {\n \"firstname\": \"Shania\",\n \"comments\": \"\",\n \"displayname\": \"\",\n \"username\": \"194445\",\n \"comment\": \"\",\n \"certfied\": \"WORKSFORME\",\n \"totalaccount\": 2,\n \"updateuser\": \"dbailey\"\n },\n {\n \"firstname\": \"Cody\",\n \"comments\": \"\",\n \"displayname\": \"\",\n \"username\": \"194446\",\n \"comment\": \"\",\n \"certfied\": \"WORKSFORME\",\n \"totalaccount\": 1,\n \"updateuser\": \"dbailey\"\n }\n ]\n }\n ],\n \"complete\": \"Yes\"\n}"}],"_postman_id":"bf70faa9-fbc8-4c90-ae3e-2bef59dfa30f"},{"name":"Certify User Manager for Campaign","id":"e6397c60-921c-4e1e-8b82-180012015c9f","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Authorization","type":"text","value":"Bearer {{token}}"},{"key":"Content-Type","name":"Content-Type","type":"text","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"verifications\": [\n {\n \"campaignId\": \"228\",\n \"certkey\":\"15575\",\n \"employee\": \"acook\",\n \"verifier\": \"dbailey\",\n \"action\": \"DOESNOTWORKFORME\",\n \"comments\": \"test comments for acook\"\n },\n {\n \"campaignId\": \"228\",\n \"certkey\":\"15576\",\n \"employee\": \"crichards\",\n \"verifier\": \"dbailey\",\n \"action\": \"WORKSFORME\",\n \"comments\": \"test comments for crichards\"\n }\n ]\n}"},"url":"{{url}}/ECM/{{path}}/certifyUserManagerforCampaign","description":"This API will do employee verification for a particular campaign.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nverifications -
campaignIdemployee - can be one employee or list of employees like - [\"jdoe\",\"\",\"smith\",\"john\"], verifieraction - Valid actions are WORKSFORME/DOESNOTWORKFORME/NORESPONSE,certkeyOptional params:
\ncomments in the verifications
This API returns user details, account-entitlement details of a particular campaign required for certify/revoke API.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignId
Optional params:
\ncertifierUsername,\ncertkey,\nmax(default is 100),\noffset(default is 0),\nreturnFlatResponse(can be true or false)
Note: The user attributes in the response is driven by the attributes selected during the campaign launch.
\n","urlObject":{"path":["ECM","{{path}}","fetchCampaignAccEntDetails"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"733794a0-2072-47e1-add7-c2cc56184ef1","name":"fetchCampaignAccEntDetails","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}","type":"text"},{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{ \r\n\"campaignId\":\"227\" \r\n} "},"url":"{{url}}/ECM/{{path}}/fetchCampaignAccEntDetails"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Apache-Coyote/1.1"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Set-Cookie","value":"JSESSIONID=7B64760BF23D9D9FD6F019CFDBB30265; Path=/ECM/; HttpOnly"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=1f984e5a-5633-4599-bb73-91714ee57f35; Path=/"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"Content-Type","value":"text/json;charset=utf-8"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Wed, 05 Dec 2018 19:39:59 GMT"}],"cookie":[],"responseTime":null,"body":"{\n \"msg\": \"successful\",\n \"campaignId\": \"227\",\n \"count\": 1,\n \"errorCode\": \"0\",\n \"complete\": \"No\",\n \"campaignAccountEntDetails\": [\n {\n \"certkey\": \"12248\",\n \"certificationname\": \"testAPI1 - dbailey (Damien Bailey)\",\n \"status\": \"In progress\",\n \"usercount\": 2,\n \"users\": [\n {\n \"certuserkey\": 3751,\n \"firstname\": null,\n \"lastname\": null,\n \"username\": \"admin\",\n \"certfied\": \"WORKSFORME\",\n \"comment\": \"\",\n \"accountCount\": 4,\n \"accounts\": [\n {\n \"certaccountkey\": 6167,\n \"accountname\": \"admin\",\n \"endpoint\": \"Endpoint1\",\n \"certified\": \"1\",\n \"certfied\": null,\n \"comments\": null,\n \"entitlementcount\": 2,\n \"entitlements\": [\n {\n \"certEntitlementkey\": 24639,\n \"entname\": \"ROLE_ADMIN\",\n \"enttype\": \"Role\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24647,\n \"entname\": \"ROLE_USERS\",\n \"enttype\": \"Role\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n }\n ]\n },\n {\n \"certaccountkey\": 6177,\n \"accountname\": \"ADMIN\",\n \"endpoint\": \"Endpoint1\",\n \"certified\": \"1\",\n \"certfied\": null,\n \"comments\": null,\n \"entitlementcount\": 1,\n \"entitlements\": [\n {\n \"certEntitlementkey\": 24648,\n \"entname\": \"Roles & Groups Manager\",\n \"enttype\": \"Group\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n }\n ]\n },\n {\n \"certaccountkey\": 6179,\n \"accountname\": \"ADMIN\",\n \"endpoint\": \"Endpoint1\",\n \"certified\": \"1\",\n \"certfied\": null,\n \"comments\": null,\n \"entitlementcount\": 4,\n \"entitlements\": [\n {\n \"certEntitlementkey\": 24650,\n \"entname\": \"Roles & Groups Admin\",\n \"enttype\": \"Group\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24651,\n \"entname\": \"Ent1\",\n \"enttype\": \"Role\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24652,\n \"entname\": \"Ent2\",\n \"enttype\": \"Role\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24653,\n \"entname\": \"Ent3\",\n \"enttype\": \"Role\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n }\n ]\n },\n {\n \"certaccountkey\": 6180,\n \"accountname\": \"ADMIN\",\n \"endpoint\": \"Endpoint1\",\n \"certified\": \"1\",\n \"certfied\": null,\n \"comments\": null,\n \"entitlementcount\": 3,\n \"entitlements\": [\n {\n \"certEntitlementkey\": 24654,\n \"entname\": \"System Administrators\",\n \"enttype\": \"Group\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24655,\n \"entname\": \"Account Admin\",\n \"enttype\": \"Group\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24656,\n \"entname\": \"UserAdmin\",\n \"enttype\": \"Group\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n }\n ]\n }\n ]\n },\n {\n \"certuserkey\": 3752,\n \"firstname\": \"Amaya\",\n \"lastname\": \"Cook\",\n \"username\": \"acook\",\n \"certfied\": \"DOESNOTWORKFORME\",\n \"comment\": \"[11/27/18-(admin)] test comments for 3755[11/27/18-(admin)] test comments for dbailey[11/27/18-(admin)] test comments for dbailey[11/27/18-(admin)] test comments for dbailey\",\n \"accountCount\": 7,\n \"accounts\": [\n {\n \"certaccountkey\": 6168,\n \"accountname\": \"acook1\",\n \"endpoint\": \"Endpoint1\",\n \"certified\": \"1\",\n \"certfied\": null,\n \"comments\": null,\n \"entitlementcount\": 3,\n \"entitlements\": [\n {\n \"certEntitlementkey\": 24638,\n \"entname\": \"ROLE_GLOBAL_REQUESTER\",\n \"enttype\": \"Role\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24639,\n \"entname\": \"ROLE_ADMIN\",\n \"enttype\": \"Role\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24647,\n \"entname\": \"ROLE_USERS\",\n \"enttype\": \"Role\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n }\n ]\n },\n {\n \"certaccountkey\": 6181,\n \"accountname\": \"acook-Deleted on-01-11-2017 19:36\",\n \"endpoint\": \"Global Product Catalogue\",\n \"certified\": \"1\",\n \"certfied\": null,\n \"comments\": null,\n \"entitlementcount\": 5,\n \"entitlements\": [\n {\n \"certEntitlementkey\": 24657,\n \"entname\": \"User\",\n \"enttype\": \"Ent1\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24658,\n \"entname\": \"Aviation User\",\n \"enttype\": \"Ent2\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24659,\n \"entname\": \"Audit Administrator\",\n \"enttype\": \"Ent3\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24660,\n \"entname\": \"Ent4\",\n \"enttype\": \"Roles\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24661,\n \"entname\": \"Report User\",\n \"enttype\": \"Business Type\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n }\n ]\n },\n {\n \"certaccountkey\": 6185,\n \"accountname\": \"acook2\",\n \"endpoint\": \"Endpoint1\",\n \"certified\": \"1\",\n \"certfied\": null,\n \"comments\": null,\n \"entitlementcount\": 1,\n \"entitlements\": [\n {\n \"certEntitlementkey\": 24669,\n \"entname\": \"USER\",\n \"enttype\": \"ENtName1\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n }\n ]\n },\n {\n \"certaccountkey\": 6186,\n \"accountname\": \"NValecha\",\n \"endpoint\": \"Nucleus_TR\",\n \"certified\": \"1\",\n \"certfied\": null,\n \"comments\": null,\n \"entitlementcount\": 2,\n \"entitlements\": [\n {\n \"certEntitlementkey\": 24670,\n \"entname\": \"ALL GAS ACCOUNTING MANAGERS\",\n \"enttype\": \"Role\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24671,\n \"entname\": \"CANADA GAS ACCTG PLUS DEALS\",\n \"enttype\": \"Role\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n }\n ]\n },\n {\n \"certaccountkey\": 6187,\n \"accountname\": \"Nikita.Valecha-Deleted on-01-18-2017 00:49\",\n \"endpoint\": \"KSTAT\",\n \"certified\": \"1\",\n \"certfied\": null,\n \"comments\": null,\n \"entitlementcount\": 2,\n \"entitlements\": [\n {\n \"certEntitlementkey\": 24672,\n \"entname\": \"KStat Legal\",\n \"enttype\": \"Role\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24673,\n \"entname\": \"KStat Credit\",\n \"enttype\": \"Role\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n }\n ]\n },\n {\n \"certaccountkey\": 6188,\n \"accountname\": \"acook6\",\n \"endpoint\": \"TestSystem\",\n \"certified\": \"1\",\n \"certfied\": null,\n \"comments\": null,\n \"entitlementcount\": 2,\n \"entitlements\": [\n {\n \"certEntitlementkey\": 24674,\n \"entname\": \"TestEnt\",\n \"enttype\": \"Lease\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24675,\n \"entname\": \"Ent1\",\n \"enttype\": \"EntType1\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n }\n ]\n },\n {\n \"certaccountkey\": 6191,\n \"accountname\": \"acook4\",\n \"endpoint\": \"Collective\",\n \"certified\": \"1\",\n \"certfied\": null,\n \"comments\": null,\n \"entitlementcount\": 2,\n \"entitlements\": [\n {\n \"certEntitlementkey\": 24682,\n \"entname\": \"Ent1\",\n \"enttype\": \"Groups\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n },\n {\n \"certEntitlementkey\": 24683,\n \"entname\": \"Manager\",\n \"enttype\": \"Groups\",\n \"entcriticality\": 0,\n \"entcertified\": null,\n \"entcomments\": null\n }\n ]\n }\n ]\n }\n ]\n }\n ]\n}"},{"id":"dd23073c-f720-4c9a-8e9a-e61145bfc296","name":"Fetch Account Entitlement Details","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}","type":"text"},{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{ \r\n\"campaignId\":\"235\" \r\n} "},"url":"{{url}}/ECM/{{path}}/fetchCampaignAccEntDetails"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Apache-Coyote/1.1"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=225044d6-a0c1-40f5-a6b9-5e3584befaf8; Path=/"},{"key":"X-Content-Type-Options","value":"nosniff"},{"key":"Content-Type","value":"text/json;charset=utf-8"},{"key":"Transfer-Encoding","value":"chunked"},{"key":"Date","value":"Thu, 25 Apr 2019 20:43:08 GMT"}],"cookie":[],"responseTime":null,"body":"{\r\n \"msg\": \"successful\",\r\n \"campaignId\": \"235\",\r\n \"count\": 2,\r\n \"errorCode\": \"0\",\r\n \"complete\": \"No\",\r\n \"campaignAccountEntDetails\": [\r\n {\r\n \"certkey\": \"12265\",\r\n \"certificationname\": \"campLock2 - dbailey (Damien Bailey)\",\r\n \"status\": \"New\",\r\n \"usercount\": 2,\r\n \"users\": [\r\n {\r\n \"certuserkey\": 3854,\r\n \"companyname\": \"\",\r\n \"departmentname\": \"\",\r\n \"street\": \"\",\r\n \"middlename\": \"\",\r\n \"jobDescription\": \"\",\r\n \"username\": \"admin\",\r\n \"certfied\": null,\r\n \"comment\": \"\",\r\n \"accountCount\": 4,\r\n \"accounts\": [\r\n {\r\n \"certaccountkey\": 6391,\r\n \"accountname\": \"admin\",\r\n \"endpoint\": \"Endpoint1\",\r\n \"certified\": \"1\",\r\n \"certfied\": null,\r\n \"comments\": null,\r\n \"entitlementcount\": 2,\r\n \"entitlements\": [\r\n {\r\n \"certEntitlementkey\": 25579,\r\n \"entname\": \"ROLE_ADMIN\",\r\n \"enttype\": \"Role\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n },\r\n {\r\n \"certEntitlementkey\": 25586,\r\n \"entname\": \"ROLE_USERS\",\r\n \"enttype\": \"Role\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n }\r\n ]\r\n },\r\n {\r\n \"certaccountkey\": 6401,\r\n \"accountname\": \"ADMIN\",\r\n \"endpoint\": \"Endpoint1\",\r\n \"certified\": \"1\",\r\n \"certfied\": null,\r\n \"comments\": null,\r\n \"entitlementcount\": 1,\r\n \"entitlements\": [\r\n {\r\n \"certEntitlementkey\": 25587,\r\n \"entname\": \"Roles & Groups Manager\",\r\n \"enttype\": \"Group\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n }\r\n ]\r\n },\r\n {\r\n \"certaccountkey\": 6402,\r\n \"accountname\": \"ADMIN\",\r\n \"endpoint\": \"Endpoint1\",\r\n \"certified\": \"1\",\r\n \"certfied\": null,\r\n \"comments\": null,\r\n \"entitlementcount\": 4,\r\n \"entitlements\": [\r\n {\r\n \"certEntitlementkey\": 25588,\r\n \"entname\": \"Roles & Groups Admin\",\r\n \"enttype\": \"Group\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n },\r\n {\r\n \"certEntitlementkey\": 25589,\r\n \"entname\": \"Ent1\",\r\n \"enttype\": \"Role\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n },\r\n {\r\n \"certEntitlementkey\": 25590,\r\n \"entname\": \"Ent2\",\r\n \"enttype\": \"Role\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n },\r\n {\r\n \"certEntitlementkey\": 25591,\r\n \"entname\": \"Ent3\",\r\n \"enttype\": \"Role\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n }\r\n ]\r\n },\r\n {\r\n \"certaccountkey\": 6403,\r\n \"accountname\": \"ADMIN\",\r\n \"endpoint\": \"Endpoint1\",\r\n \"certified\": \"1\",\r\n \"certfied\": null,\r\n \"comments\": null,\r\n \"entitlementcount\": 3,\r\n \"entitlements\": [\r\n {\r\n \"certEntitlementkey\": 25592,\r\n \"entname\": \"System Administrators\",\r\n \"enttype\": \"Group\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n },\r\n {\r\n \"certEntitlementkey\": 25593,\r\n \"entname\": \"Account Admin\",\r\n \"enttype\": \"Group\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n },\r\n {\r\n \"certEntitlementkey\": 25594,\r\n \"entname\": \"UserAdmin\",\r\n \"enttype\": \"Group\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n }\r\n ]\r\n }\r\n ]\r\n },\r\n {\r\n \"certuserkey\": 3855,\r\n \"companyname\": \"Information Technology International\",\r\n \"departmentname\": \"IAM\",\r\n \"street\": \"sqqqq\",\r\n \"middlename\": \"wvv\",\r\n \"jobDescription\": \"\",\r\n \"username\": \"acook\",\r\n \"certfied\": null,\r\n \"comment\": \"\",\r\n \"accountCount\": 4,\r\n \"accounts\": [\r\n {\r\n \"certaccountkey\": 6392,\r\n \"accountname\": \"acook\",\r\n \"endpoint\": \"Endpoint1\",\r\n \"certified\": \"Manually Provisioned\",\r\n \"certfied\": null,\r\n \"comments\": null,\r\n \"entitlementcount\": 2,\r\n \"entitlements\": [\r\n {\r\n \"certEntitlementkey\": 25579,\r\n \"entname\": \"ROLE_ADMIN\",\r\n \"enttype\": \"Role\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n },\r\n {\r\n \"certEntitlementkey\": 25586,\r\n \"entname\": \"ROLE_USERS\",\r\n \"enttype\": \"Role\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n }\r\n ]\r\n },\r\n {\r\n \"certaccountkey\": 6412,\r\n \"accountname\": \"crichards\",\r\n \"endpoint\": \"SAP_HANA\",\r\n \"certified\": \"1\",\r\n \"certfied\": null,\r\n \"comments\": null,\r\n \"entitlementcount\": 1,\r\n \"entitlements\": [\r\n {\r\n \"certEntitlementkey\": 25614,\r\n \"entname\": \"EXECUTE\",\r\n \"enttype\": \"HANA_Role\",\r\n \"entcriticality\": null,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n }\r\n ]\r\n },\r\n {\r\n \"certaccountkey\": 6414,\r\n \"accountname\": \"glogan\",\r\n \"endpoint\": \"Collective\",\r\n \"certified\": \"1\",\r\n \"certfied\": null,\r\n \"comments\": null,\r\n \"entitlementcount\": 2,\r\n \"entitlements\": [\r\n {\r\n \"certEntitlementkey\": 25619,\r\n \"entname\": \"Focal Points\",\r\n \"enttype\": \"Groups\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n },\r\n {\r\n \"certEntitlementkey\": 25620,\r\n \"entname\": \"IT Manager\",\r\n \"enttype\": \"Groups\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n }\r\n ]\r\n },\r\n {\r\n \"certaccountkey\": 6421,\r\n \"accountname\": \"mchapman\",\r\n \"endpoint\": \"amigopod\",\r\n \"certified\": \"Manually Provisioned\",\r\n \"certfied\": null,\r\n \"comments\": null,\r\n \"entitlementcount\": 2,\r\n \"entitlements\": [\r\n {\r\n \"certEntitlementkey\": 25733,\r\n \"entname\": \"Absence Administrator\",\r\n \"enttype\": \"Access\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n },\r\n {\r\n \"certEntitlementkey\": 25734,\r\n \"entname\": \"Absence Partner\",\r\n \"enttype\": \"Access\",\r\n \"entcriticality\": 0,\r\n \"entcertified\": null,\r\n \"entcomments\": null\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n ]\r\n}"}],"_postman_id":"b4e5dfc5-d2ff-493c-921e-b80b20dae265"},{"name":"Approve Reject Campaign Account Entitlement Details","id":"31ade07d-c854-4a3d-b48a-f6b7c33680f6","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Authorization","type":"text","value":"Bearer {{token}}"},{"key":"Content-Type","name":"Content-Type","type":"text","value":"application/json"}],"body":{"mode":"raw","raw":"{\n \"campaignid\": \"228\",\n \"certkey\":\"12255\",\n \"verifier\": \"admin\",\n \"users\": [\n {\n \"userattkey\": \"3751\",\n \"certified\": \"WORKSFORME\",\n \"comments\": \"test1\"\n }\n ],\n \"accounts\": [\n {\n \"accattkey\": \"6177\",\n \"userattkey\": \"3751\",\n \"certified\": \"Yes\",\n \"comments\": \"test2\"\n }\n ],\n \"entitlements\": [\n {\n \"accattkey\": \"6177\",\n \"userattkey\": \"3751\",\n \"certified\": \"Yes\",\n \"entattkey\": \"24648\",\n \"comments\": \"test3\"\n }\n ]\n}"},"url":"{{url}}/ECM/{{path}}/approverejectCampaignAccEntDetails","description":"This API is used to certify/revoke the user's access (account, entitlement) along with employment verification.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignid
certkey
verifier
accounts -
accattkeyuserattkeycertifiedcommentsentitlements -
entattkey accattkeyuserattkeycertifiedcommentsusers -
userattkeycertifiedcommentsOptional params:
\nbulkUpdate(Can be Y or N)
approveComment
rejectComment
doesNotBelongToMeComment
bulkValidations(If 'Y' the code works as is and all validations happen, if bulkValidations=' N' the code will skip validations for all the records passed)
This API is used to lock campaign after validating whether campaign is completed or not.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignId,\nverifier
Optional params:
\ncertkey,\nlockComments
This API reassigns UserManager for Campaign at Employment Verification Stage in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignname or campaignid
certificationname or certkey
username
Optional params:
\nnewassignee
comments
updateuser
This API consults UserManager for Campaign at Employment Verification Stage in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignname or campaignid
certificationname or certkey
newassignee
username
Optional params:
\ncomments
updateuser
This API consults User Manager for Campaign at Account and Access Certification Stage in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nnewassignee
campaignname or campaignid
certificationname or certkey
accounts -
accattkeyuserattkeyconsultassociatedentitlementsentitlements -
accattkey userattkeyentattkeyOptional params:
\ncomments
updateuser
This API consults Entitltment Owner for Campaign at Employment Verification Stage in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignname or campaignid
certificationname or certkey
newassignee
entitlements
Optional params:
\ncomments
updateuser
This API consults Entitltment Owner for Campaign at Account and Access Certification Stage in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignname or campaignid
certificationname or certkey
newassignee
accountentitlements -
entitlementaccountsOptional params:
\ncomments
updateuser
This API returns user details, account-entitlement details of a particular campaign required for certify/revoke API.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignId
Optional params:
\ncertkey
max
offset
entitlementmax
entitlementoffset
accountmax
accountoffset
entitlement2max
entitlement2offset
verifier
This API return details of a particular Entitlement Owner campaign in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignId
Optional params:
\nmax
offset
entitlementmax
entitlementoffset
certkey
verifier
This API return flat details of a particular Entitlement Owner campaign in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignId
Optional params:
\nmax
offset
entitlementmax
entitlementoffset
certkey
This API is used to lock campaign after validating whether Entitlement Owner campaign is completed or not.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignId
verifier
Optional params:
\ncertkey
This API is used to certify/revoke the user's access (account, entitlement).
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignid
certkey
verifier
entitlements
action(APPROVED/REJECTED/DECOMMISSIONED/DOESNOTBELONGTOME)entattkeycommentsOR
\naccounts
action(APPROVED/REJECTED)accattkeyentattkeycommentsOR
\nentitlements2
action(APPROVED/REJECTED)entattkeyent2attkeycommentsOptional params:
\nbulkUpdate(Can be Y or N) If set to Y, approveComments or rejectComments will be considered at the global level.\nIf set to 'N' then comments at the individual record/user level is considered.
approveComment
rejectComment
doesNotBelongToMeComment
bulkValidations(If 'Y' the code works as is and all validations happen, if bulkValidations=' N' the code will skip validations for all the records passed)
This API will do entitlement verification for a particular campaign.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nverifications
camapignId
entitlement
entitlementendpointactionverifier
certkey
action(if action param is not passed then entitlement lavel action param will be considered)
Optional params:
\ncomments
This API reassigns Entitlement Owner for Campaign in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignname or campaignid(if both are passed then campaignid will be considered)
certificationname or certkey(if both are passed then certkey will be considered)
newassignee
entitlements
Optional params:
\nupdateuser
bulkupdate(default value 'N')
bulkvalidation(default value 'N')
comments
This API returns user details, account-entitlement details of a particular campaign required for certify/revoke API.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignId
Optional params:
\ncertkey
max(default is 100),
offset(default is 0),
returnFlatResponse(can be true or false)
This API is used to certify/revoke the user's access (account, entitlement).
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignid
certkey
verifier
entitlements
accounts
Optional params:
\nbulkUpdate(Can be Y or N)
approveComment
rejectComment
doesNotBelongToMeComment
bulkValidations(If 'Y' the code works as is and all validations happen, if bulkValidations=' N' the code will skip validations for all the records passed)
This API is used to lock campaign after validating whether Application Owner campaign is completed or not.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignId
verifier
Optional params:
\ncertkey
This API consults Application Owner for Campaign at Account and Access Certification Stage in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignname or campaignid
certificationname or certkey
newassignee
accounts -
accattkeyconsultassociatedentitlements (optional)entitlements -
accattkeyentattkeyOptional params:
\ncomments
updateuser
This API reassigns Entitlement Owner for Campaign in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignname or campaignid(if both are passed then campaignid will be considered)
certificationname or certkey(if both are passed then certkey will be considered)
newassignee
accounts(needs to contain accattkey)
entitlements(needs to contain entattkey and accattkey)
roles(needs to contain roleattkey and accattkey)
Optional params:
\nupdateuser
bulkUpdate(default value 'N')
bulkValidation(default value 'N')
bulkConsultAssociatedData
reassignComments
This API returns list of all the certifications for a certifier.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncertifierUsername
Optional params:
\ncertkey
certificationname
max, offset
refreshProgress(can be 'Y' or 'N')
status(can be preview/new/readytosubmit/expired/fullyexecuted/inprogress/lockedandtaskcreated/discontinued/locked)
This API discontinues certification and campaign.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ncampaignid
verifier
Optional params:
\ncertkey
This API can be used to evaluate SOD for new SAP role that is being requested for a user based on the selected ruleset. (If no ruleset is selected, it uses the default ruleset)
\nMandatory params:
\nsapRoles - All the SAP Roles delimited by “###” that will be used for SoD Evaluation (input list should contain existing as well as the new roles that need to be provisioned).
newsapRoles - Should contain SAP Roles for which the result should be filtered, e.g. results could be provided only on newly added roles.
endpoint - Name of the Endpoint corresponding to the Security System.
Optional params:
\nruleset - Ruleset name, if not provided, system will use the default ruleset.
account - Account name to which the SAP roles will be provisioned.
The Authorization must have Bearer followed by Token.
This API can be used to evaluate SOD for users against the list of entitlements mentioned in entitlementJSON based on the selected ruleset (If no ruleset is selected, it uses the default ruleset).
\nMandatory params:
\nuser - account name
entitlementJSON - Sample JSON below showing the entitlement that needs to be evaluated
{\n \"Data\": [\n {\n \"Endpoint\": \"OEBS\",\n \"EntitlementType\": \"OEBS-Responsibility\",\n \"ExistingEntitlements\": [],\n \"NewEntitlements\": [\n \"RESP4\",\n \"Resp1\"\n ]\n },\n {\n \"Endpoint\": \"ECC\",\n \"EntitlementType\": \"SAPRole\",\n \"ExistingEntitlements\": [\n \"Role1\",\n \"K:Role2\"\n ],\n \"NewEntitlements\": [\n \"Role3\",\n \"Role4\"\n ]\n }\n ]\n}
\nThe Authorization must have Bearer followed by Token.
Optional params:
\nruleset - RuleSet name, if not provided, system will use the default ruleset.
This API can be used to create a mitigating control association for a user-account which has SOD violation.
\nMandatory params:
\nmitigatingControl - Mitigating control name.
approver - User name of the user approving the mitigating control association.
Optional params:
\nruleset - Ruleset name
riskname - Risk name
endpoint - Endpoint name
account - Account Name, endpoint needs to be populated too
startDate - MM-dd-yyyy, if left null, current date will be used as start date
endDate - MM-dd-yyyy, if left null, 12-31-9999 will be used as end date
The Authorization must have Bearer followed by Token.
This API is used to get the Security Questions defined in SSM
\nOptional params:
\nmax,offset, questiongroup
The Authorization must have Bearer followed by Token.
This API can be used to fetch the security questions selected by user during registration
\nMandatory params:
\nusername\nOR\npropertytosearch- Any user property like email, manager, username, firstname, lastname, preferedFirstName, customproperty
The Authorization must have Bearer followed by Token.
This API is used to validate the security answers of user with answers entered during registration
\nMandatory params:
\nanswers - list of questions and answers to be validated
username OR propertytosearch - Any user property like email, manager, username, firstname, lastname, preferedFirstName, customproperty
The Authorization must have Bearer followed by Token.
This method resets \"password\" of a \"user\" record in SSM. Considering the input parameters, the value of new password should be supplied as Password and the Username should correspond to the user whose password is being reset.
The Authorization must have Bearer followed by Token.
Mandatory params:
\nusername
password
Optional params:
\nchangePasswordAssociatedAccounts - Values: true/false, default value - true, if true it creates change password tasks else just updates the user password
endpoint - list of endpoints comma separated (when changePasswordAssociatedAccounts is true)
validateagainstpolicy - Values: Y/N, default is Y. Checks against the password policy
updateUserPassword - Default value - true, (when changePasswordAssociatedAccounts is true). \nIf updateUserPassword is true, update user password too along with creating the task. \nIf updateUserPassword is false, just create the changepassword task.
setarstasksource - Values: true/false, default is false.If true, it will set source column in arstasks table with 'changeOwnPasswordFromAPI'. When source is 'changeOwnPasswordFromAPI',pwdLastSet is not set to “0” in ADconnector.
This API is used to fetch the status of any job other that Data Import Job.
\nThe Authorization must have Bearer followed by Token.
Mandatory params: \njobgroup,\njobname
This API call can be used to create a trigger for a particular \"jobgroup\" in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\ntrigger - name, group, jobName, jobGroup, cronExp
Optional params:
\ntrigger - valueMap
This API call can be used to delete a trigger for a particular \"jobgroup\" in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\njobname
Optional params:
\ntriggername
jobgroup
This API call can be used to create and update a trigger for a particular \"jobgroup\" in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\njobname
triggername
jobgroup
cronexpression
Optional params:
\nvalueMap - sample for triggerChainJob - \n{\n\"savtriggerorderform\": \"TESTCONN,WSRETRY\",\n\"onFailureForm\": \"Stop\"\n}
This API call can be used to run a job trigger in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\njobname
triggername
jobgroup
Optional params:
\nvalueMap
createJobIfDoesNotExist - true/false
This API call return job metadata for the last run of a job in SSM.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\njobname
Optional params:
\ntriggername
jobgroup
Note: The structure of the result param in response can change based upon the Job History saved in SSM
\n","urlObject":{"path":["ECM","{{path}}","fetchJobMetadata"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"8b1e7d76-b82c-47ea-8b75-8b179dec40c0","name":"Fetch Job Metadata","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"},{"key":"Content-Type","name":"Content-Type","value":"application/json","type":"text"}],"body":{"mode":"raw","raw":"{\r\n\t\"jobname\":\"TestConnectionsJob\",\r\n\t\"triggername\" :\"testconn\",\r\n\t\"jobstartdate\":\"2020-01-17 07:57:34\"\r\n}","options":{"raw":{"language":"json"}}},"url":"{{url}}/ECM/{{path}}/fetchJobMetadata"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Server","value":"Apache-Coyote/1.1"},{"key":"X-Frame-Options","value":"SAMEORIGIN"},{"key":"WWW-Authenticate","value":"Bearer"},{"key":"Content-Length","value":"0"},{"key":"Date","value":"Wed, 12 Feb 2020 23:10:32 GMT"}],"cookie":[],"responseTime":null,"body":"{\r\n \"result\": {\r\n \"TestConnectionsJob\": {\r\n \"EndTime\": \"Fri Jan 17 07:54:57 UTC 2020\",\r\n \"StartTime\": \"Fri Jan 17 07:54:36 UTC 2020\",\r\n \"JobCompleted\": \"Completed\",\r\n \"Result\": \"This API is used to test a connection.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nconnectiontype\nsaveconnection - Y/N,\nsystemname,\nconnectionName
Additional connection parameters can also be passed -
\nFor example, for SAP Import, provide paramters - JCO_ASHOST, JCO_SYSNR, JCO_CLIENT, JCO_USER, PASSWORD
\n","urlObject":{"path":["ECM","{{path}}","testConnection"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"50bb5395-0fc6-4f7c-9b1b-d9eb60923b35","name":"Test Connection","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"body":{"mode":"formdata","formdata":[{"key":"connectiontype","value":"db","type":"text"},{"key":"saveconnection","value":"Y","type":"text"},{"key":"systemname","value":"SystemName","type":"text"},{"key":"connectionName","value":"database","type":"text"}]},"url":"{{url}}/ECM/{{path}}/testConnection","description":"This API is used to test a connection.\r\n\r\nThe `Authorization` must have `Bearer` followed by `Token`. \r\n\r\nMandatory params: \r\n\r\n`connectiontype`\r\n`saveconnection` - Y/N,\r\n`systemname`,\r\n`connectionName`\r\n\r\nAdditional connection parameters can also be passed -\r\n\r\nFor example, for SAP Import, provide paramters - JCO_ASHOST, JCO_SYSNR, JCO_CLIENT, JCO_USER, PASSWORD"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"text/json;charset=utf-8","name":"Content-Type","description":"The mime type of this content"},{"key":"Date","value":"Mon, 13 Aug 2018 18:24:24 GMT","name":"Date","description":"The date and time that the message was sent"},{"key":"Server","value":"Apache-Coyote/1.1","name":"Server","description":"A name for the server"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=2bdc1390-5749-433a-9fc0-f7f0b315efda; Path=/","name":"Set-Cookie","description":"an HTTP cookie"},{"key":"Transfer-Encoding","value":"chunked","name":"Transfer-Encoding","description":"The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity."},{"key":"X-Frame-Options","value":"SAMEORIGIN","name":"X-Frame-Options","description":"Clickjacking protection: \"deny\" - no rendering within a frame, \"sameorigin\" - no rendering if origin mismatch"}],"cookie":[{"expires":"Invalid Date","httpOnly":true,"domain":"localhost","path":"/ECM/","secure":false,"value":"7BC072AA1C4EC8DD2C2E43E0C652E429","key":"JSESSIONID"},{"expires":"Invalid Date","httpOnly":false,"domain":"localhost","path":"/","secure":false,"value":"2bdc1390-5749-433a-9fc0-f7f0b315efda","key":"CCSRF-TOKEN"}],"responseTime":null,"body":"{\n \"msg\": \"Connection Successful\"\n}"}],"_postman_id":"478436cb-89e8-4ab2-b633-df63cc309b37"},{"name":"Import Application Data","id":"23acb10b-1b6b-497d-98f7-54d4031e5651","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"body":{"mode":"formdata","formdata":[{"key":"systemname","value":"System1","type":"text"},{"key":"connectiontype","value":"db","type":"text"},{"key":"connectionName","value":"System1","type":"text"}]},"url":"{{url}}/ECM/{{path}}/importData","description":"This API is used to run import data job for a specific application
\nThe Authorization must have Bearer followed by Token
Mandatory params:
\nsystemname,\nconnectiontype,\nconnectionName
Optional params:
\nfullorincremental - full/incremental,\naccountsoraccess - accounts/access\nCREATEUSERS- Yes/No
Additional import parameters can also be passed -
\nFor example,
\nThis API is used to check the status of data import job.
\nNote: that at a time, only one import job can be run.
\nThe Authorization must have Bearer followed by Token
No params
\n","urlObject":{"path":["ECM","{{path}}","checkImportStatus"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"b24a7288-6830-48f1-9d69-e7817bd9bea3","name":"Check Import Status","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"url":"{{url}}/ECM/{{path}}/checkImportStatus","description":"This API is used to check the status of data import job. \n\nNote: that at a time, only one import job can be run.\n\nThe `Authorization` must have `Bearer` followed by `Token`\n\nNo params"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"text/json;charset=utf-8","name":"Content-Type","description":"The mime type of this content"},{"key":"Date","value":"Thu, 02 Aug 2018 20:48:32 GMT","name":"Date","description":"The date and time that the message was sent"},{"key":"Server","value":"Apache-Coyote/1.1","name":"Server","description":"A name for the server"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=5f2b0046-3db1-4549-ab13-b6737acab8aa; Path=/","name":"Set-Cookie","description":"an HTTP cookie"},{"key":"Transfer-Encoding","value":"chunked","name":"Transfer-Encoding","description":"The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity."},{"key":"X-Frame-Options","value":"SAMEORIGIN","name":"X-Frame-Options","description":"Clickjacking protection: \"deny\" - no rendering within a frame, \"sameorigin\" - no rendering if origin mismatch"}],"cookie":[{"expires":"Invalid Date","httpOnly":true,"domain":"localhost","path":"/ECM/","secure":false,"value":"52E6A2FE0F16EBA383DFBE2F084AA693","key":"JSESSIONID"},{"expires":"Invalid Date","httpOnly":false,"domain":"localhost","path":"/","secure":false,"value":"5f2b0046-3db1-4549-ab13-b6737acab8aa","key":"CCSRF-TOKEN"}],"responseTime":null,"body":"{\"importStatus\":\"COMPLETED\",\"errorMessage\":\"\",\"errorCode\":\"0\"}"}],"_postman_id":"e4e4de7f-81d4-4c16-b196-aa1482b10dd0"},{"name":"Force Complete","id":"8538a3e0-5afc-4b90-b809-e3b5d9aa590a","request":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"url":"{{url}}/ECM/{{path}}/forceComplete","description":"This API is used to terminate data import job.
\nThe Authorization must have Bearer followed by Token.
No params
\n","urlObject":{"path":["ECM","{{path}}","forceComplete"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"296a65f7-2a5a-4872-96d9-9a09930510bb","name":"Force Complete","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"url":"{{url}}/ECM/{{path}}/forceComplete","description":"This API is used to terminate data import job.\n\nThe `Authorization` must have `Bearer` followed by `Token`. \n\nNo params"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"text/json;charset=utf-8","name":"Content-Type","description":"The mime type of this content"},{"key":"Date","value":"Thu, 02 Aug 2018 20:38:15 GMT","name":"Date","description":"The date and time that the message was sent"},{"key":"Server","value":"Apache-Coyote/1.1","name":"Server","description":"A name for the server"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=11cee914-a9c0-411f-9686-451913bef57b; Path=/","name":"Set-Cookie","description":"an HTTP cookie"},{"key":"Transfer-Encoding","value":"chunked","name":"Transfer-Encoding","description":"The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity."},{"key":"X-Frame-Options","value":"SAMEORIGIN","name":"X-Frame-Options","description":"Clickjacking protection: \"deny\" - no rendering within a frame, \"sameorigin\" - no rendering if origin mismatch"}],"cookie":[{"expires":"Invalid Date","httpOnly":true,"domain":"localhost","path":"/ECM/","secure":false,"value":"52E6A2FE0F16EBA383DFBE2F084AA693","key":"JSESSIONID"},{"expires":"Invalid Date","httpOnly":false,"domain":"localhost","path":"/","secure":false,"value":"11cee914-a9c0-411f-9686-451913bef57b","key":"CCSRF-TOKEN"}],"responseTime":null,"body":"{\"errorMessage\":\"\",\"errorCode\":\"0\",\"status\":\"SUCCESS\"}"}],"_postman_id":"8538a3e0-5afc-4b90-b809-e3b5d9aa590a"},{"name":"Send Email","id":"1a19331e-4f2d-4dd2-a0b2-f301ae1353b2","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"body":{"mode":"formdata","formdata":[{"key":"to","type":"text","value":"john.doe@saviynt.com"},{"key":"from","type":"text","value":"john@saviynt.com"},{"key":"body","type":"text","value":"test email body"},{"key":"subject","type":"text","value":"test email subject"},{"key":"cc","type":"text","value":"tim@saviynt.com"}]},"url":"{{url}}/ECM/{{path}}/sendEmail","description":"This API can be used send an email from SSM.
\nThe Authorization must have Bearer followed by Token.
Note: Configure SMTP in SSM before using this API.
\nMandatory params:
\nto,\nfrom,\nsubject,\nbody
Optional params:
\ncc,bcc
This API call can be used to fetch details like number of open userrequests, number of attestations, number of delegates, and number of pending approvals for a specific user.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:\nuserName
The Authorization must have Bearer followed by Token.
No params
\n","urlObject":{"path":["ECM","{{path}}","retrieveDashboardAccountData"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"6c0acbc5-ce3e-48e6-9920-53046f46de72","name":"Retrieve Dashboard Account Data","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"url":"{{url}}/ECM/{{path}}/retrieveDashboardAccountData","description":"The `Authorization` must have `Bearer` followed by `Token`. \n\nNo params"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"text/json;charset=utf-8","name":"Content-Type","description":"The mime type of this content"},{"key":"Date","value":"Wed, 12 Sep 2018 05:58:05 GMT","name":"Date","description":"The date and time that the message was sent"},{"key":"Server","value":"Apache-Coyote/1.1","name":"Server","description":"A name for the server"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=85364032-2843-44fe-b188-934037e042ae; Path=/","name":"Set-Cookie","description":"an HTTP cookie"},{"key":"Transfer-Encoding","value":"chunked","name":"Transfer-Encoding","description":"The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity."},{"key":"X-Frame-Options","value":"SAMEORIGIN","name":"X-Frame-Options","description":"Clickjacking protection: \"deny\" - no rendering within a frame, \"sameorigin\" - no rendering if origin mismatch"}],"cookie":[{"expires":"Invalid Date","httpOnly":true,"domain":"localhost","path":"/ECM/","secure":false,"value":"077DC12920CE3D4F807486248E6DB732","key":"JSESSIONID"},{"expires":"Invalid Date","httpOnly":false,"domain":"localhost","path":"/","secure":false,"value":"85364032-2843-44fe-b188-934037e042ae","key":"CCSRF-TOKEN"}],"responseTime":null,"body":"{\"msg\":\"SUCCESS\",\"dashboardAccountData\":[],\"errorCode\":\"0\"}"}],"_postman_id":"78e7a0c8-52e9-4a9b-98bb-2f75c9fad81a"},{"name":"Retrieve Dashboard Data","id":"2afda9ad-6510-4fa1-ba95-ca55f21acaba","request":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"url":"{{url}}/ECM/{{path}}/retrieveDashboardData","description":"The Authorization must have Bearer followed by Token.
No params
\n","urlObject":{"path":["ECM","{{path}}","retrieveDashboardData"],"host":["{{url}}"],"query":[],"variable":[]}},"response":[{"id":"32b488c7-79f2-4f88-a087-df44924733a9","name":"Retrieve Dashboard Data","originalRequest":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"url":"{{url}}/ECM/{{path}}/retrieveDashboardData","description":"The `Authorization` must have `Bearer` followed by `Token`.\r\n\r\nNo params"},"status":"OK","code":200,"_postman_previewlanguage":"json","header":[{"key":"Content-Type","value":"text/json;charset=utf-8","name":"Content-Type","description":"The mime type of this content"},{"key":"Date","value":"Wed, 12 Sep 2018 05:57:42 GMT","name":"Date","description":"The date and time that the message was sent"},{"key":"Server","value":"Apache-Coyote/1.1","name":"Server","description":"A name for the server"},{"key":"Set-Cookie","value":"CCSRF-TOKEN=e1889c8f-ee92-454e-b999-fc5b9b560545; Path=/","name":"Set-Cookie","description":"an HTTP cookie"},{"key":"Transfer-Encoding","value":"chunked","name":"Transfer-Encoding","description":"The form of encoding used to safely transfer the entity to the user. Currently defined methods are: chunked, compress, deflate, gzip, identity."},{"key":"X-Frame-Options","value":"SAMEORIGIN","name":"X-Frame-Options","description":"Clickjacking protection: \"deny\" - no rendering within a frame, \"sameorigin\" - no rendering if origin mismatch"}],"cookie":[{"expires":"Invalid Date","httpOnly":true,"domain":"localhost","path":"/ECM/","secure":false,"value":"077DC12920CE3D4F807486248E6DB732","key":"JSESSIONID"},{"expires":"Invalid Date","httpOnly":false,"domain":"localhost","path":"/","secure":false,"value":"e1889c8f-ee92-454e-b999-fc5b9b560545","key":"CCSRF-TOKEN"}],"responseTime":null,"body":"{\"msg\":\"SUCCESS\",\"dashboardData\":[],\"errorCode\":\"0\"}"}],"_postman_id":"2afda9ad-6510-4fa1-ba95-ca55f21acaba"}],"id":"02e32fcc-ca50-4a11-8870-ba17c072b5b4","event":[{"listen":"prerequest","script":{"id":"0aa005b3-b549-491f-9ec3-39ce3fc73273","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"56783145-1071-4b56-916c-bd99d52c205a","type":"text/javascript","exec":[""]}}],"_postman_id":"02e32fcc-ca50-4a11-8870-ba17c072b5b4","description":""},{"name":"12.0 LDAP","item":[{"name":"Create User","id":"8f5c1f09-7316-4711-a13f-ec7b323785fb","request":{"method":"POST","header":[{"key":"Content-Type","value":"application/json"},{"key":"Authorization","value":"Bearer {{token}}"}],"body":{"mode":"raw","raw":"{\n \"email\": \"john.doe@saviynt.com\",\n \"password\": \"Password1\",\n \"lastname\": \"Doe\",\n \"firstname\": \"John\",\n \"securityQuestionOne\": \"What is your pet name?\",\n \"securityAnswerOne\": \"Tommy\",\n \"securityQuestionTwo\": \"What is your place of birth?\",\n \"securityAnswerTwo\": \"Los Angeles\",\n \"securityQuestionThree\": \"What is your favorite color?\",\n \"securityAnswerThree\": \"Orange\",\n \"multiValueSecurityAttributes\":[\"MV1\",\"MV2\",\"Mv3\"]\n}"},"url":"{{url}}/ECM/api/v2/createUser","description":"This method create user in LDAP via SSM
\nThe Authorization must have Bearer followed by Token
This method search for users in LDAP via SSM
\nThe Authorization must have Bearer followed by Token
Mandatory params:
\nusername\nOR\npropertytosearch- Any user property like email, manager, username, firstname, lastname, preferedFirstName, customproperty
This method can be used to fetch security questions of user from LDAP via SSM
\nMandatory params:
\nusername\nOR\npropertytosearch- Any user property like email, manager, username, firstname, lastname, preferedFirstName, customproperty
The Authorization must have Bearer followed by Token
This method is used to validate the security answers of user from LDAP via SSM
\nMandatory params:
\nanswers - list of questions and answers to be validated
username OR propertytosearch - Any user property like email, manager, username, firstname, lastname, preferedFirstName, customproperty
The Authorization must have Bearer followed by Token
This method update user in LDAP via SSM
\nThe Authorization must have Bearer followed by Token
Mandatory params:
\npropertytosearch- Any user property like email, manager, username, firstname, lastname, preferedFirstName, customproperty
This method change password for user in LDAP via SSM
\nThe Authorization must have Bearer followed by Token
Mandatory params:
\nusername\nOR\npropertytosearch- Any user property like email, manager, username, firstname, lastname, preferedFirstName, customproperty
password - New Password
This method will authenticate user in LDAP via SSM.
\nThe Authorization must have Bearer followed by Token
Mandatory params:
\nusername\nOR\npropertytosearch- Any user property like email, manager, username, firstname, lastname, preferedFirstName, customproperty
password - Password to be authenticated
This collection contains rest API's to read, write, or modify data directly in LDAP via Saviynt.
\n","event":[{"listen":"prerequest","script":{"id":"265878ca-bae5-42a3-b126-12d6491e7e40","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"73a5aadb-d4e0-49d3-a77e-f24600167f93","type":"text/javascript","exec":[""]}}],"_postman_id":"597b3a27-fa6e-4371-9601-004301ec37d4"},{"name":"13.0 JRM","item":[{"name":"Get Access Recommendations","id":"a19cbf51-2e59-4d62-ac59-8e68cc5dc14c","protocolProfileBehavior":{"disableBodyPruning":true},"request":{"method":"POST","header":[{"key":"Authorization","value":"Bearer {{token}}"}],"body":{"mode":"raw","raw":"{\n \"username\": \"lmcneil\",\n \"endpointname\": \"Workday\",\n \"entitlementtype\": \"Security-Groups\",\n \"max\": \"10\",\n \"offset\": \"0\"\n}","options":{"raw":{"language":"json"}}},"url":"{{url}}/ECM/{{path}}/getAccessRecommendations","description":"This API returns access(entitlement) recommendations based on the JRMs. This will mimic the JRM recommendations on Step 2 on ARS.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nusername/userkey(if both are passed then userkey will be considered)
Optional params:
\nendpointname/endpointkey(if both are passed then endpointkey will be considered)
entitlementtypekey/entitlementtype(if both are passed then entitlementtypekey will be considered)
max
offset
This API creates a compressed file containing objects specified for T2P migration.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\nexportonline(can be true or false) - Determines if package needs to be exported online, \nexportpath(if exportonline is false) - Local path where export package will be generated, \nenvironmentname(if exportonline is true) - Name of the environment which can be created at the following path : Admin -> Global Configurations -> Misc -> Transport -> Add New Transport, \nobjectstoexport - Supported objects : savRoles, emailTemplate, roles, analyticsV1, analyticsV2, globalConfig, workflows, connection, appOnboarding, userGroups, scanRules, organizations, securitySystems
Optional params:
\nupdateuser - username of the user exporting the package, \ntransportmembers(can be true or false) - option to transport members for selected objects such as SAV role, \ntransportowner(can be true or false) - option to transport owners for selected objects, \nbusinessjustification
This API imports a compressed file containing objects specified for T2P migration.
\nThe Authorization must have Bearer followed by Token.
Mandatory params:
\npackagetoimport - Complete path of the package that needs to be imported
Optional params:
\nupdateuser - username of the user importing the package, \nbusinessjustification
Supported objects:
\nsavRoles, emailTemplate, roles, analyticsV1, analyticsV2, globalConfig, workflows, connection, appOnboarding, userGroups, scanRules, organizations, securitySystems