IGA 3.6.2 / 3.7 --- What rest calls do I need to make to request the removal of a group or application from a user?

When an account is disabled / terminated in IDM we want to send a rest call to IG to remove specific applications / permissions from that user.

-get token

-/data/users to get user's unique ID  (not working yet)

-request/users/{User Unique ID}/perms  (working when submitting it based on data in IG catalog)

do we then do a /request/request ?

      -If so any examples of doing a removal?
      -What are the requestType values we can specify?
      -What do we specify for the recipient? The Source ID or unique ID value we retrieved earlier?

      -What doe we specify for the requestItem? The unique ID of the permission or application?

thanks!
Fred

Parents
  • You can find the user by issuing a POST to /api/data/users/search containing a JSON body like this:

    {"criterias":["{\"operator\":\"AND\",\"childCriteria\":[{\"attributeKey\":\"dn\",\"operator\":\"EQ\",\"values\":[\"cn=SOMELDAPDN\"]}]}"]}

    In this example I'm searching by using the LDAP DN of the identity. You can do a search in the IG UI and watch the traffic using the browser developer tools if you want to use some other criteria to find out what the API expects.

    You'll get an array back and you get the user ID like this:

    users[0].userId

  • Thanks I will give that a shot.

    for the request/request we look to have  a working request --I will update here once we have it working

  • Suggested Answer

    IG Rest calls to remove permission.

    Used a POST with the URL containing the below

    {{authURL}}
    /api/data/users/search?sortBy=displayName&sortOrder=DESC&indexFrom=0&size=100&showCt=true&listAttr=displayName&listAttr=userId&qMatch=ANY&q=cn=LX1411,ou=CPO,o=CTT

    This worked great to grab the user based on their UserDN value for the given environment.



    Here is an example to request permissions on an account:

    {{authURL}}/api/request/users/{{userID}}/perms?getParams=true

    with body containing:
    {
    "requestItem": "true",

    }


    Here is an example of how to request the removal of a permission on an account using /api/request/request

    {
        "requestSource""REQUEST",
        "requester""6fd75ecd493b4f1b87b2f09a0447f3cc",
        "reason""Disconnected App Removal on Account Dissablement",
        "requestItems": [
            {
                "requestItem""a3e2f34c-a62f-3e6c-bd8b-b8c481cb7272",
                "reason""Disconnected App Removal on Account Dissablement",
                "type""PERMISSION",
                "recipient""7ac6682a7bd543ee8e2fe75fb6b6b11f",
                "removal"true,
                "requestType""REMOVE_PERMISSION_ASSIGNMENT"
            }
        ]
    }

     

    Reference <url>/apidoc against the ig server for docmuentation

    Swagger looks to be 1.2 and doesn't import into Postman with 3.7.0 version

Reply
  • Suggested Answer

    IG Rest calls to remove permission.

    Used a POST with the URL containing the below

    {{authURL}}
    /api/data/users/search?sortBy=displayName&sortOrder=DESC&indexFrom=0&size=100&showCt=true&listAttr=displayName&listAttr=userId&qMatch=ANY&q=cn=LX1411,ou=CPO,o=CTT

    This worked great to grab the user based on their UserDN value for the given environment.



    Here is an example to request permissions on an account:

    {{authURL}}/api/request/users/{{userID}}/perms?getParams=true

    with body containing:
    {
    "requestItem": "true",

    }


    Here is an example of how to request the removal of a permission on an account using /api/request/request

    {
        "requestSource""REQUEST",
        "requester""6fd75ecd493b4f1b87b2f09a0447f3cc",
        "reason""Disconnected App Removal on Account Dissablement",
        "requestItems": [
            {
                "requestItem""a3e2f34c-a62f-3e6c-bd8b-b8c481cb7272",
                "reason""Disconnected App Removal on Account Dissablement",
                "type""PERMISSION",
                "recipient""7ac6682a7bd543ee8e2fe75fb6b6b11f",
                "removal"true,
                "requestType""REMOVE_PERMISSION_ASSIGNMENT"
            }
        ]
    }

     

    Reference <url>/apidoc against the ig server for docmuentation

    Swagger looks to be 1.2 and doesn't import into Postman with 3.7.0 version

Children
No Data