Endpoint Details and Usage

Applications

GET /v2/applications/{id} - Retrieves the Application by ID.

Filter

Filter is not supported.

Attributes

Returns all attribute values by default.

Paging

Paging is not supported. Returns a specific application.

Sample Requests

./identityiqfamapi/scim/v2/Applications/2

BusinessResources

GET /v2/businessresources - Retrieves a list of Business Resources according to a given query. The results are sorted by name.

Filter

All attributes to filter by are optional. If no filter is specified, the first 1000 records are returned.

Supported Filter Attributes

name - Can be used to filter by the business resource name.
Operators supported: contains, starts with, and equals
Constraints: Cannot be sent with the fullPath filter attribute.
fullPath - Can be used to filter by the business resource full path.
Operators supported: equals
Constraints: Must be sent with the parentApplicationId attribute filter. Cannot be sent with the name filter attribute.
parentApplicationId - Can be used to filter by the business resource application id.
Operators supported: equals
Constraints: Must be sent with name or fullPath filter attributes.
isDfs - Use this filter attribute to get business resources from DFS applications.
Operators supported: equal
Valid values: “false” (default), “true” or "both"
Constraints: Must be sent with name or fullPath filter attributes.
owners - Use this filter attribute to get business resources that have data owners assigned to them.
Operators supported: present (pr) only
parentResourceId - If sent, the response will contain only the direct children of the parent resource.
Operators supported: equals
Constraints: Cannot be sent with other filters besides parentApplicationId.

Attributes

Returns all attribute values by default except for the owners attribute.
The owners attribute value will be returned if it was specifically requested in the attributes parameter.
The owners attribute can only be used when the owners filter is present in the query.

Paging

startIndex - The 1-based index of the first result in the current set of list results (starts from 1).
count - The number of objects returned in a list response per page.
Max page size = 200.
If no filter is specified, or a filter is sent with the name attribute without the parentApplicationId attribute, the first 1000 records are returned. Paging parameters are irrelevant in these 2 cases.

Sample Requests

/identityiqfamapi/scim/v2/BusinessResources?filter=name co "MyFolderName"
/identityiqfamapi/scim/v2/BusinessResources?filter=fullPath eq "\\server\share\folder1" and parentApplicationId eq "2"&count=200&startIndex=1
/identityiqfamapi/scim/v2/BusinessResources?filter=owners pr&attributes=owners
/identityiqfamapi/scim/v2/BusinessResources?filter=name sw "DFS folder" and isDfs eq "both"

Parameters

filter [string] (query) - To filter results, use the following syntax: attributeName operator “value”.
attributes [string] (query) - To retrieve specific attributes values, add the attributeName to the attributes query part.
startIndex [int($int32)] (query) - An integer indicating the 1-based index of the first query result.
count [int($int32)] (query) - An integer indicating the desired maximum number of query results per page.

Capabilities

GET /v2/Capabilities - Retrieves a list of capabilities, the rights for each capability, and associated users and groups, according to the given query. The results are sorted by capability name.

Filter

The attributes to filter by are optional. If no filter is specified, the list will include all the capabilities.

Supported Filter Attributes

capabilityName - Returns the capability selected.
Operators supported: contains, starts with, and equals.
rightName - Returns all capabilities that contain this right.
Operators supported: contains, starts with, and equals.
userUniqueIdentifier - Returns capabilities that this user belongs to, either directly, as part of a group, or a nested group, depending on the value of the filter searchNested.
Operators supported: equals
Format: The filter must be entered in the form 'domain\user'.
searchNested - Determines how to search for users within the groups.
Default value: False
True: Return capabilities that contain this user as a direct member, or a member through nested groups (e.g., capability A contains Group B -> Group C -> User D).
Constraints: Must be sent with the filter userUniqueIdentifier.

Attributes

All attributes are of type "always" and must be returned.
All attributes are of type "readOnly".

Paging

Paging is not supported.

DataClassificationCategories

GET /v2/DataClassificationCategories - Returns a list of categories containing the categories in the File Access Manager database, according to the requesting filter. For each category, it returns the id, name, and description.

Filter

The attributes to filter by are optional. If no filter is specified, all the data classifications are returned.

Supported Filter Attributes

categoryName - Returns the data classification category requested.
Operators supported: contains, starts with, and equal.

Attributes

All attributes are of type "always" and must be returned.
All attributes are of type "readOnly".

Paging

Paging is not supported.

DataClassificationResults

GET /v2/DataClassificationResults - Returns the data classification results for the requested application and path. For each file analyzed, it lists the policy, rule, and categories that triggered the classification.

Filter

The attributes to filter by are optional. If no filter is specified, all the data classification results are returned.

Supported Filter Attributes

applicationId - Return business resources from this application.
Operators supported: equals
Constraints: Must be sent with the filter ‘fullPath’.
fullPath - Can be used to filter by the business resource full path.
Operators supported: equals
Constraints: Must be sent with the filter ‘applicationId’.

Attributes

All attributes are of type "always" and must be returned.
All attributes are of type "readOnly".

Paging

Paging is not supported.

Groups

GET /v2/groups

Parameters

queryOptions.filter [string] (query) - To filter results, use the following syntax: attributeName operator “value”.
queryOptions.attributes [string] (query) - To retrieve specific attributes values, add the attributeName to the attributes query part.
queryOptions.startIndex [int($int32)] (query) - An integer indicating the 1-based index of the first query result.
queryOptions.count [int($int32)] (query) - An integer indicating the desired maximum number of query results per page.

IdentityUsers

GET /v2/identityusers/{id} - Retrieves a specific IdentityUser, where ID in the request is the ID of the identity.

Filter

Filter is not supported.

Attributes

Returns all attribute values by default.

Paging

Paging is not supported. Returns a specific IdentityUser.

Sample Requests

/identityiqfamapi/scim/v2/IdentityUsers/135

GET /v2/identityusers - Retrieves a list of IdentityUsers according to a given query.

Filter

Supported Filter Attributes

uniqueIdentifier - The domain\username representation of the IdentityUser.
Operators supported: equals.
ownedResources - Returns only users that are owners of business resources.
Operators supported: present (pr) only.
Constraints: Cannot be used with the uniqueIdentifier attribute.

Attributes

Returns all attribute values by default.

Paging

startIndex - The 1-based index of the first result in the current set of list results (starts from 1).
count - The number of objects returned in a list response per page.
Max page size = 200.

Sample Requests

/identityiqfamapi/scim/v2/IdentityUsers?filter=uniqueIdentifier eq "domain\username"&count=200&startIndex=1
/identityiqfamapi/scim/v2/IdentityUsers?filter=ownedResources pr&count=50&startIndex=2

Parameters

filter [string] (query) - To filter results, use the following syntax: attributeName operator “value”.
attributes [string] (query) - To retrieve specific attributes values, add the attributeName to the attributes query part.
startIndex [int($int32)] (query) - An integer indicating the 1-based index of the first query result.
count [int($int32)] (query) - An integer indicating the desired maximum number of query results per page.

PATCH /v2/identityusers/{id}

Update specific IdentityUser's owned resources. Should pass the IdentityUser Id in the URL. Returns the updated IdentityUser object.

Request

This is a SCIM Patch request that is based on JSON Patch.

The body of each request MUST contain the “schemas” attribute with the URI value of urn:ietf:params:scim:api:messages:2.0:PatchOp and the Operations object.

The Operations object has 3 parts: “op” for operation, “path” for the attribute, and “value” for the new resources.

Operation - “op”

Add - Adds the new resource to the owned resources list. If the resource already exists, it does not add the resource, but the action is successful.
Remove - Removes all resources from the owned resources list. Does not currently support removing specific resources, any value is ignored.
Replace - Replacing all owned resources\specific resource, with given resources as value. The specific resource to be removed can be passed in the filter under "path". If the value is empty, it will remove the specific resource, if given. If not, it removes all resources.

Path - "path" - Supports “OwnedResources” attribute only, the only writable attribute of the User object. Any other attribute will return an error of unsupported.

Value - "value" - Must contain the FullPath and ParentApplicationID of the BusinessResource, see example below.

Sample Request

URL - /identityiqfamapi/scim/v2/IdentityUsers/135

Add body:

  {
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
  "Operations": [
     {
        "op": "add",
        "path": "ownedResources",
        "value": [
        { "fullPath": "\\server\\share\\folder1", "parentApplicationId": "1" },
        { "fullPath": "\\server\\share\\folder2", "parentApplicationId": "1" }
        ]
     }
  ]
  }

Remove body:

  {
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
  "Operations": [
     {
        "op": "replace",
        "path": "ownedResources",
        "value": [
        { "fullPath": "\\server\\share\\folder2", "parentApplicationId": "1" },
        { "fullPath": "\\server\\share\\folder3", "parentApplicationId": "1" }
        ]
     }
  ]
  }

Replace body (with filter):

  {
  "schemas": ["urn:ietf:params:scim:api:messages:2.0:PatchOp"],
  "Operations": [
     {
        "op": "replace",
        "path": "ownedResources[fullPath eq \"\\server\\share\\folder1\" and parentApplicationId eq \"1\"]",
        "value": [
        { "fullPath": "\\server\\share\\folder2", "parentApplicationId": "1" },
        { "fullPath": "\\server\\share\\folder3", "parentApplicationId": "1" }
        ]
     }
  ]
  }

KPIs

GET /v2/KPIs/ - Returns the values of the KPI requested. The KPI name must be from the valid list below.

Filter

The name filter is required. If no filter is specified, or if the name is not in the list of valid KPIs, the API will not return results.

Supported logical operators: None
Supported grouping operators: None

Supported filter attributes:

name: The name of the KPI to return
Operators supported: equals
Format: String

Valid values:

'Sensitive Resources Missing Owners'
'Overexposed Sensitive Resources'

Attributes

Name: Name of the KPI
Count: The KPI value (for example: The number of sensitive resources without data owners)
Score: All attributes are of type "always" and must be returned.
All attributes are of type "readOnly".

Paging

Paging is not supported.

Sample Requests

/identityiqfamapi/scim/v2/kpis?filter=name eq ``"Overexposed Sensitive Resources"