Endpoint Details and Usage
Applications
GET /v2/applications/{id} - Retrieves the Application by ID.
Filter
Filter is not supported.
Attributes
Returns all attribute values by default.
Paging
Paging is not supported. Returns a specific application.
Sample Requests
./identityiqfamapi/scim/v2/Applications/2
BusinessResources
GET /v2/businessresources - Retrieves a list of Business Resources according to a given query. The results are sorted by name.
Filter
All attributes to filter by are optional. If no filter is specified, the first 1000 records are returned.
Supported Filter Attributes
-
name - Can be used to filter by the business resource name.
Operators supported: contains, starts with, and equals
Constraints: Cannot be sent with the fullPath filter attribute. -
fullPath - Can be used to filter by the business resource full path.
Operators supported: equals
Constraints: Must be sent with theparentApplicationId
attribute filter. Cannot be sent with thename
filter attribute. -
parentApplicationId - Can be used to filter by the business resource application id.
Operators supported: equals
Constraints: Must be sent withname
orfullPath
filter attributes. -
isDfs - Use this filter attribute to get business resources from DFS applications.
Operators supported: equal
Valid values: “false” (default), “true” or "both"
Constraints: Must be sent withname
orfullPath
filter attributes. -
owners - Use this filter attribute to get business resources that have data owners assigned to them.
Operators supported: present (pr) only -
parentResourceId - If sent, the response will contain only the direct children of the parent resource.
Operators supported: equals
Constraints: Cannot be sent with other filters besidesparentApplicationId
.
Attributes
Returns all attribute values by default except for the owners
attribute.
The owners
attribute value will be returned if it was specifically requested in the attributes
parameter.
The owners
attribute can only be used when the owners
filter is present in the query.
Paging
-
startIndex - The 1-based index of the first result in the current set of list results (starts from 1).
-
count - The number of objects returned in a list response per page.
Max page size = 200.
If no filter is specified, or a filter is sent with thename
attribute without theparentApplicationId
attribute, the first 1000 records are returned. Paging parameters are irrelevant in these 2 cases.
Sample Requests
/identityiqfamapi/scim/v2/BusinessResources?filter=name co "MyFolderName"
/identityiqfamapi/scim/v2/BusinessResources?filter=fullPath eq "\\server\share\folder1" and parentApplicationId eq "2"&count=200&startIndex=1
/identityiqfamapi/scim/v2/BusinessResources?filter=owners pr&attributes=owners
/identityiqfamapi/scim/v2/BusinessResources?filter=name sw "DFS folder" and isDfs eq "both"
Parameters
-
filter [string] (query) - To filter results, use the following syntax:
attributeName operator “value”
. -
attributes [string] (query) - To retrieve specific attributes values, add the
attributeName
to theattributes
query part. -
startIndex [int($int32)] (query) - An integer indicating the 1-based index of the first query result.
-
count [int($int32)] (query) - An integer indicating the desired maximum number of query results per page.
Capabilities
GET /v2/Capabilities - Retrieves a list of capabilities, the rights for each capability, and associated users and groups, according to the given query. The results are sorted by capability name.
Filter
The attributes to filter by are optional. If no filter is specified, the list will include all the capabilities.
Supported Filter Attributes
-
capabilityName - Returns the capability selected.
Operators supported: contains, starts with, and equals. -
rightName - Returns all capabilities that contain this right.
Operators supported: contains, starts with, and equals. -
userUniqueIdentifier - Returns capabilities that this user belongs to, either directly, as part of a group, or a nested group, depending on the value of the filter
searchNested
.
Operators supported: equals
Format: The filter must be entered in the form 'domain\user'. -
searchNested - Determines how to search for users within the groups.
Default value: False
True: Return capabilities that contain this user as a direct member, or a member through nested groups (e.g., capability A contains Group B -> Group C -> User D).
Constraints: Must be sent with the filteruserUniqueIdentifier
.
Attributes
All attributes are of type "always" and must be returned.
All attributes are of type "readOnly".
Paging
Paging is not supported.
DataClassificationCategories
GET /v2/DataClassificationCategories - Returns a list of categories containing the categories in the File Access Manager database, according to the requesting filter. For each category, it returns the id, name, and description.
Filter
The attributes to filter by are optional. If no filter is specified, all the data classifications are returned.
Supported Filter Attributes
- categoryName - Returns the data classification category requested.
Operators supported: contains, starts with, and equal.
Attributes
All attributes are of type "always" and must be returned.
All attributes are of type "readOnly".
Paging
Paging is not supported.
DataClassificationResults
GET /v2/DataClassificationResults - Returns the data classification results for the requested application and path. For each file analyzed, it lists the policy, rule, and categories that triggered the classification.
Filter
The attributes to filter by are optional. If no filter is specified, all the data classification results are returned.
Supported Filter Attributes
-
applicationId - Return business resources from this application.
Operators supported: equals
Constraints: Must be sent with the filter ‘fullPath’. -
fullPath - Can be used to filter by the business resource full path.
Operators supported: equals
Constraints: Must be sent with the filter ‘applicationId’.
Attributes
All attributes are of type "always" and must be returned.
All attributes are of type "readOnly".
Paging
Paging is not supported.
Groups
GET /v2/groups
Parameters
-
queryOptions.filter [string] (query) - To filter results, use the following syntax:
attributeName operator “value”
. -
queryOptions.attributes [string] (query) - To retrieve specific attributes values, add the
attributeName
to theattributes
query part. -
queryOptions.startIndex [int($int32)] (query) - An integer indicating the 1-based index of the first query result.
-
queryOptions.count [int($int32)] (query) - An integer indicating the desired maximum number of query results per page.
IdentityUsers
GET /v2/identityusers/{id} - Retrieves a specific IdentityUser, where ID in the request is the ID of the identity.
Filter
Filter is not supported.
Attributes
Returns all attribute values by default.
Paging
Paging is not supported. Returns a specific IdentityUser.
Sample Requests
/identityiqfamapi/scim/v2/IdentityUsers/135
GET /v2/identityusers - Retrieves a list of IdentityUsers according to a given query.
Filter
Supported Filter Attributes
-
uniqueIdentifier - The domain\username representation of the IdentityUser.
Operators supported: equals. -
ownedResources - Returns only users that are owners of business resources.
Operators supported: present (pr) only.
Constraints: Cannot be used with theuniqueIdentifier
attribute.
Attributes
Returns all attribute values by default.
Paging
-
startIndex - The 1-based index of the first result in the current set of list results (starts from 1).
-
count - The number of objects returned in a list response per page.
Max page size = 200.
Sample Requests
/identityiqfamapi/scim/v2/IdentityUsers?filter=uniqueIdentifier eq "domain\username"&count=200&startIndex=1
/identityiqfamapi/scim/v2/IdentityUsers?filter=ownedResources pr&count=50&startIndex=2
Parameters
-
filter [string] (query) - To filter results, use the following syntax:
attributeName operator “value”
. -
attributes [string] (query) - To retrieve specific attributes values, add the
attributeName
to theattributes
query part. -
startIndex [int($int32)] (query) - An integer indicating the 1-based index of the first query result.
-
count [int($int32)] (query) - An integer indicating the desired maximum number of query results per page.
PATCH /v2/identityusers/{id}
Update specific IdentityUser's owned resources. Should pass the IdentityUser Id in the URL. Returns the updated IdentityUser object.
Request
This is a SCIM Patch request that is based on JSON Patch.
The body of each request MUST contain the “schemas” attribute with the URI value of urn:ietf:params:scim:api:messages:2.0:PatchOp
and the Operations object.
The Operations object has 3 parts: “op” for operation, “path” for the attribute, and “value” for the new resources.
Operation - “op”
-
Add - Adds the new resource to the owned resources list. If the resource already exists, it does not add the resource, but the action is successful.
-
Remove - Removes all resources from the owned resources list. Does not currently support removing specific resources, any value is ignored.
-
Replace - Replacing all owned resources\specific resource, with given resources as value. The specific resource to be removed can be passed in the filter under "path". If the value is empty, it will remove the specific resource, if given. If not, it removes all resources.
Path - "path" - Supports “OwnedResources” attribute only, the only writable attribute of the User object. Any other attribute will return an error of unsupported.
Value - "value" - Must contain the FullPath and ParentApplicationID of the BusinessResource, see example below.
Sample Request
URL - /identityiqfamapi/scim/v2/IdentityUsers/135
Add body:
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "add",
"path": "ownedResources",
"value": [
{ "fullPath": "\\server\\share\\folder1", "parentApplicationId": "1" },
{ "fullPath": "\\server\\share\\folder2", "parentApplicationId": "1" }
]
}
]
}
Remove body:
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "replace",
"path": "ownedResources",
"value": [
{ "fullPath": "\\server\\share\\folder2", "parentApplicationId": "1" },
{ "fullPath": "\\server\\share\\folder3", "parentApplicationId": "1" }
]
}
]
}
Replace body (with filter):
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
"Operations": [
{
"op": "replace",
"path": "ownedResources[fullPath eq \"\\server\\share\\folder1\" and parentApplicationId eq \"1\"]",
"value": [
{ "fullPath": "\\server\\share\\folder2", "parentApplicationId": "1" },
{ "fullPath": "\\server\\share\\folder3", "parentApplicationId": "1" }
]
}
]
}
KPIs
GET /v2/KPIs/ - Returns the values of the KPI requested. The KPI name must be from the valid list below.
Filter
The name filter is required. If no filter is specified, or if the name is not in the list of valid KPIs, the API will not return results.
- Supported logical operators: None
- Supported grouping operators: None
Supported filter attributes:
- name: The name of the KPI to return
- Operators supported: equals
- Format: String
Valid values:
- 'Sensitive Resources Missing Owners'
- 'Overexposed Sensitive Resources'
Attributes
- Name: Name of the KPI
- Count: The KPI value (for example: The number of sensitive resources without data owners)
- Score: All attributes are of type "always" and must be returned.
All attributes are of type "readOnly".
Paging
Paging is not supported.
Sample Requests
/identityiqfamapi/scim/v2/kpis?filter=name eq ``"Overexposed Sensitive Resources"