Autonomous Identity 2022.11.11

Rules

The following are Autonomous Identity rules endpoints:

GET /api/rules/info

GET /api/rules/info

List information and statistics regarding available rules. [Ent Owner, App Owner, Admin]

Endpoint

/api/rules/info

Authorization

<Bearer Token JWT-value>

Params

by       enttowner, appOwner
user     patrick.murphy

Example Request

curl --request GET "https://autoid-api.forgerock.com/api/rules/info?by=appOwner&user=patrick.murphy" \
--header "Content-Type: application/json"

Example Response

{
  "countRules": 0,
  "countAssignments": 0,
  "countApplications": 0,
  "applications": [
    {
      "app_id": "string",
      "app_name": "string",
      "countAssignments": 0,
      "low": 0,
      "medium": 0,
      "high": 0
    }
  ]
}

GET /api/rules

GET /api/rules

List the available rules for a user [Ent Owner, App Owner, Admin]. You can filter by time period by using greater than and/or less than date-times.

Endpoint

/api/rules/

Authorization

<Bearer Token JWT-value> OR <API-KEY>
Query Parameters
Parameter Type Description

by

string

User type to apply when searching rules: enttOwner, appOwner

user

string

User ID when applying by filters (required if using "by")

cursor

string

Position to start a 2+ page list.

pageSize

number

Number of records per page to retrieve.

filter

filter object

Additional filters to apply (refer to properties below).

Filter Query Object Properties
Parameter Type Description

lowConfidence

boolean

Low confidence scores only.

medConfidence

boolean

Medium confidence scores only.

highConfidence

boolean

High confidence scores only.

app_id

string array

Array of application IDs.

autoCertify

boolean

Auto-certified only.

autoRequest

boolean

Auto-requested only.

entitlement

string

Entitlement ID

datasinkStatus

string

Datasink status filter ('ack' or 'nack')

timestampThresholds

object

Timestamp threshold object (available properties below)

timestampThresholds Object Properties
Parameter Type Description

gt

string

Greater than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with gte.

gte

string

Greater than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with gt.

lt

string

Less than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with lte.

lte

string

Less than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with le.

Example Request (Datasink status filter)

curl -k -X GET \
'datasinkStatus=ack' \
-H 'Authorization: Bearer <token value>' <OR> -H 'X-API-KEY: <api-key-value>' \
-H 'Content-Type: application/json'

Example Response (Datasink status filter)

{
  "cursor": null,
  "totalRulesCount": 1,
  "rules": [
    {
      "entitlement":
      {
        "ent_id": "Cognos EDI Reporting",
        "ent_owner_id": "david.elliott",
        "ent_criticality": "Essential",
        "ent_risk_level": "High",
        "ent_name": "Cognos EDI Reporting",
        "app_id": "SAP"
      },
      "app":
      {
        "app_criticality": "Essential",
        "app_name": "SAP",
        "app_owner_id": "derick.hui",
        "app_risk_level": "High",
        "app_id": "SAP"
      },
      "justification": [
        {
          "id": "CHIEF_YES_NO",
          "title": "Chief?",
          "value": "No"
        },
        {
          "id": "MANAGER_NAME",
          "title": "Manager_Name",
          "value": "Patrick Gardner"
        },
        {
          "id": "USR_EMP_TYPE",
          "title": "Employee Type",
          "value": "Employee"
        },
        {
          "id": "USR_DEPARTMENT_NAME",
          "title": "User department Name",
          "value": "General Office"
        }
      ],
      "rawJustification": [
        "0C_CHIEF_YES_NO_No",
        "0C_MANAGER_NAME_Patrick Gardner",
        "0C_USR_EMP_TYPE_Employee",
        "13_USR_DEPARTMENT_NAME_General Office"
      ],
      "assignees": [
        {
          "id": "gordon.choy",
          "name": "Gordon Choy"
        },
        {
          "id": "jennifer.kanenaga",
          "name": "Jennifer Kanenaga"
        },
        {
          "id": "lawrence.nicholls",
          "name": "Lawrence Nicholls"
        },
        {
          "id": "roel.dilag",
          "name": "Roel Dilag"
        },
        {
          "id": "salvatore.taormina",
          "name": "Salvatore Taormina"
        }
      ],
      "confidence": 1,
      "countUnassigned": 0,
      "countAssigned": 5,
      "isAutoCertify": true,
      "autoCertifyDate": "2021-10-01T19:01:31.567Z",
      "isAutoRequest": true,
      "autoRequestDate": "2021-10-01T19:01:31.567Z",
      "approvalAuthor":
      {
        "id": "bob.rodgers",
        "name": "Bob Rodgers"
      },
      "requestApprovalReason": "Test",
      "certifyApprovalReason": "Test",
      "datasink_status": "ack"
    }
  ]
}

POST /api/rules/decision

POST /api/rules/decision

Update rule decisions. [Supervisor, Ent Owner, App Owner, Admin]

Endpoint

/api/rules/decision

Authorization

<Bearer Token JWT-value>
Request Body Parameters
Parameter Type Description

rules

array of rules objects

List of rules affected by the decision (available properties listed below)(required)

is_autocertify

boolean

Auto-Certification decision (required)

is_autorequest

boolean

Auto-Request decision (required)

autocertify_reason

boolean

Auto-Certification reason (required)

autorequest_reason

boolean

Auto-Request reason (required)

datasink_status

string

Datasink status ('ack' or 'nack')

Rule Object Properties
Parameter Type Description

entitlement

string

Entitlement ID (required)

justification

string array

List of raw justifications (required)

Body

{
  "rules": [
    {
      "entitlement": "string",
      "justification": [
        "string"
      ]
    }
  ],
  "is_autocertify": true,
  "is_autorequest": true,
  "autocertify_reason": "string",
  "autorequest_reason": "string"
}

Example Request

curl -k -X POST \
'https://autoid-ui.forgerock.com/api/rules/decisions' \
-H 'Authorization: Bearer <token value>' \
-H 'Content-Type: application/json' \
-d '{
  "rules": [
    {
      "entitlement": "Ent_1",
      "justification": [
        "0C_CHIEF_YES_NO_Yes",
        "0C_JOBCODE_NAME_Service Representitive II",
        "0C_MANAGER_NAME_John_Doe",
        "0C_USR_EMP_TYPE_Non-Employee"
      ]
    }
  ],
  "is_autocertify": true,
  "is_autorequest": false,
  "autocertify_reason": "Goodbye, world.",
  "autorequest_reason": "Hello, world."
}'

Example Response

Status 204: No Content