PingOne Advanced Identity Cloud

Server configuration

Advanced Identity Cloud stores configuration objects in the repository. They are accessed by making API requests to the context path /openidm/config.

Single instance configuration objects are accessed by adding the object’s name to the request’s path, for example, /openidm/config/object-name.

Multiple instance configuration objects are accessed by adding the object name and instance name to the request’s path, for example, /openidm/config/object-name/instance-name.

The following table outlines the REST endpoints used to access configuration objects.

URI HTTP Operation Description

/openidm/config

GET

Returns a list of configuration objects.

/openidm/config/access

GET

Returns the current access configuration.

/openidm/config/audit

GET

Returns the current audit configuration.

/openidm/config/privileges

GET

Returns the current privilege configuration for managed objects.

/openidm/config/provisioner.openicf/provisioner-name

GET

Returns the configuration of the specified connector.

/openidm/config/selfservice/function

GET

Returns the configuration of the specified self-service feature, registration, reset, or username.

/openidm/config/router

PUT

Changes the router configuration. Modifications are provided with the --data option, in JSON format.

/openidm/config/object

PATCH

Changes one or more fields of the specified configuration object. Modifications are provided as a JSON array of patch operations.

/openidm/config/object

DELETE

Deletes the specified configuration object.

/openidm/config/object?_queryFilter=query

GET

Queries the specified configuration object. You cannot create custom predefined queries to query the configuration.

Advanced Identity Cloud supports REST operations to create, read, update, query, and delete configuration objects.

One entry is returned for each configuration object. To obtain additional information on the configuration object, include its pid or _id in the URL. The following example displays configuration information on the sync object, based on a deployment using the sync-with-csv sample:

curl \
--header "Authorization: Bearer <token>" \
--header "Accept-API-Version: resource=1.0" \
--request GET \
"https://<tenant-env-fqdn>/openidm/config/sync"
{
  "_id": "sync",
  "mappings": [
    {
      "name": "systemCsvfileAccounts_managedUser",
      "source": "system/csvfile/account",
      "target": "managed/realm-name_user",
      "correlationQuery": {
        "type": "text/javascript",
        "source": "var query = {'_queryId' : 'for-userName', 'uid' : source.name};query;"
      },
      "properties": [
        {
          "source": "email",
          "target": "mail"
        },
        {
          "source": "firstname",
          "target": "givenName"
        },
        {
          "source": "lastname",
          "target": "sn"
        },
        {
          "source": "description",
          "target": "description"
        },
        {
          "source": "_id",
          "target": "_id"
        },
        {
          "source": "name",
          "target": "userName"
        },
        {
          "default": "Passw0rd",
          "target": "password"
        },
        {
          "source": "mobileTelephoneNumber",
          "target": "telephoneNumber"
        },
        {
          "source": "roles",
          "transform": {
            "type": "text/javascript",
            "source": "var _ = require('lib/lodash'); _.map(source.split(','), function(role)
            { return {'_ref': 'internal/role/' + role} });"
          },
          "target": "authzRoles"
        }
      ],
...