EntitlementConnections
Use this API to search and manage entitlement connections. Entitlement connections represent the relationship between an identity account and an entitlement on a source, including its access type and JIT lifecycle state.
All URIs are relative to https://sailpoint.api.identitynow.com
| Method | HTTP request | Description |
|---|---|---|
| Get-EntitlementConnectionsForCurrentIdentityV1 | GET /entitlement-connections/v1/current-identity | List my entitlement connections |
| Get-EntitlementConnectionsV1 | GET /entitlement-connections/v1 | List entitlement connections |
| Update-EntitlementConnectionByIdV1 | PATCH /entitlement-connections/v1/{connectionId} | Update entitlement connection |
| Update-EntitlementConnectionByQueryV1 | PATCH /entitlement-connections/v1 | Update connection by query |
| Update-EntitlementConnectionsBulkV1 | POST /entitlement-connections/v1 | Update connections in bulk |
list-entitlement-connections-for-current-identity-v1
Returns entitlement connections constrained to the authenticated identity. This endpoint proxies to Search and supports standard collection query parameters.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
| Query | SearchAfter | String | (optional) | Used to begin the search window at the values specified. This parameter consists of the last values of the sorted fields in the current record set. searchAfter length must match the number of sorters. This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value. It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging. For example, if you are sorting by name you will also want to include ID, for example searchAfter=Account Payable,2c91808375d8e80a0175e1f88a575221&sorters=name,id. If the last entitlement ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last name is ""Account Payable"", then using that name and ID will start a new search after this entitlement. |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: identity.id: eq, in identity.name: eq, in, co source.id: eq, in source.name: eq, in, co account.id: eq, in account.name: eq, in, co entitlement.id: eq, in entitlement.attribute: eq, in, co entitlement.value: eq, in, co entitlement.privilegeLevel.effective: eq, in, co type: eq, in state.value: eq, in, co standalone: eq, in jit.activation: gt, lt, ge, le jit.provision: gt, lt, ge, le jit.deactivation: gt, lt, ge, le jit.deprovision: gt, lt, ge, le jit.expiration: gt, lt, ge, le The authenticated identity scope is always applied by the service. |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: id, identity.id, identity.name, source.id, source.name, account.id, account.name, entitlement.id, entitlement.displayName, entitlement.attribute, entitlement.privilegeLevel.effective, type, state.value, standalone, jit.activation, jit.provision, jit.deactivation, jit.deprovision, jit.expiration |
Return type
Entitlementconnectionsearchhit[]
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | List of entitlement connections for the current identity. | Entitlementconnectionsearchhit[] |
| 400 | Client Error - Returned if the request body is invalid. | Errorresponsedto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListEntitlementConnectionsV1401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | Errorresponsedto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | Errorresponsedto |
| 412 | Precondition Failed - Returned in response if API/Feature not enabled for an organization. | ListEntitlementConnectionsV1412Response |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListEntitlementConnectionsV1429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | Errorresponsedto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
$SearchAfter = "Account Payable,2c91808375d8e80a0175e1f88a575221" # String | Used to begin the search window at the values specified. This parameter consists of the last values of the sorted fields in the current record set. searchAfter length must match the number of sorters. This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value. It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging. For example, if you are sorting by name you will also want to include ID, for example searchAfter=Account Payable,2c91808375d8e80a0175e1f88a575221&sorters=name,id. If the last entitlement ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last name is ""Account Payable"", then using that name and ID will start a new search after this entitlement. (optional)
$Filters = 'state.value co "Available"' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **identity.id**: *eq, in* **identity.name**: *eq, in, co* **source.id**: *eq, in* **source.name**: *eq, in, co* **account.id**: *eq, in* **account.name**: *eq, in, co* **entitlement.id**: *eq, in* **entitlement.attribute**: *eq, in, co* **entitlement.value**: *eq, in, co* **entitlement.privilegeLevel.effective**: *eq, in, co* **type**: *eq, in* **state.value**: *eq, in, co* **standalone**: *eq, in* **jit.activation**: *gt, lt, ge, le* **jit.provision**: *gt, lt, ge, le* **jit.deactivation**: *gt, lt, ge, le* **jit.deprovision**: *gt, lt, ge, le* **jit.expiration**: *gt, lt, ge, le* The authenticated identity scope is always applied by the service. (optional)
$Sorters = "id" # String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, identity.id, identity.name, source.id, source.name, account.id, account.name, entitlement.id, entitlement.displayName, entitlement.attribute, entitlement.privilegeLevel.effective, type, state.value, standalone, jit.activation, jit.provision, jit.deactivation, jit.deprovision, jit.expiration** (optional)
# List my entitlement connections
try {
Get-EntitlementConnectionsForCurrentIdentityV1
# Below is a request that includes all optional parameters
# Get-EntitlementConnectionsForCurrentIdentityV1 -Offset $Offset -Limit $Limit -Count $Count -SearchAfter $SearchAfter -Filters $Filters -Sorters $Sorters
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-EntitlementConnectionsForCurrentIdentityV1"
Write-Host $_.ErrorDetails
}
list-entitlement-connections-v1
Returns entitlement connections for the tenant.
This endpoint proxies to Search and supports standard collection query parameters.
The filters and sorters values support the Entitlement Connections search fields documented by ECS.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Query | Offset | Int32 | (optional) (default to 0) | Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information. |
| Query | Limit | Int32 | (optional) (default to 250) | Max number of results to return. See V3 API Standard Collection Parameters for more information. |
| Query | Count | Boolean | (optional) (default to $false) | If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information. |
| Query | SearchAfter | String | (optional) | Used to begin the search window at the values specified. This parameter consists of the last values of the sorted fields in the current record set. searchAfter length must match the number of sorters. This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value. It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging. For example, if you are sorting by name you will also want to include ID, for example searchAfter=Account Payable,2c91808375d8e80a0175e1f88a575221&sorters=name,id. If the last entitlement ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last name is ""Account Payable"", then using that name and ID will start a new search after this entitlement. |
| Query | Filters | String | (optional) | Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: identity.id: eq, in identity.name: eq, in, co source.id: eq, in source.name: eq, in, co account.id: eq, in account.name: eq, in, co entitlement.id: eq, in entitlement.attribute: eq, in, co entitlement.value: eq, in, co entitlement.privilegeLevel.effective: eq, in, co type: eq, in state.value: eq, in, co standalone: eq, in jit.activation: gt, lt, ge, le jit.provision: gt, lt, ge, le jit.deactivation: gt, lt, ge, le jit.deprovision: gt, lt, ge, le jit.expiration: gt, lt, ge, le |
| Query | Sorters | String | (optional) | Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: id, identity.id, identity.name, source.id, source.name, account.id, account.name, entitlement.id, entitlement.displayName, entitlement.attribute, entitlement.privilegeLevel.effective, type, state.value, standalone, jit.activation, jit.provision, jit.deactivation, jit.deprovision, jit.expiration Prefix a field with - for descending order. |
Return type
Entitlementconnectionsearchhit[]
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | List of entitlement connections. | Entitlementconnectionsearchhit[] |
| 400 | Client Error - Returned if the request body is invalid. | Errorresponsedto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListEntitlementConnectionsV1401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | Errorresponsedto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | Errorresponsedto |
| 412 | Precondition Failed - Returned in response if API/Feature not enabled for an organization. | ListEntitlementConnectionsV1412Response |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListEntitlementConnectionsV1429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | Errorresponsedto |
HTTP request headers
- Content-Type: Not defined
- Accept: application/json
Example
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
$SearchAfter = "Account Payable,2c91808375d8e80a0175e1f88a575221" # String | Used to begin the search window at the values specified. This parameter consists of the last values of the sorted fields in the current record set. searchAfter length must match the number of sorters. This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value. It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging. For example, if you are sorting by name you will also want to include ID, for example searchAfter=Account Payable,2c91808375d8e80a0175e1f88a575221&sorters=name,id. If the last entitlement ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last name is ""Account Payable"", then using that name and ID will start a new search after this entitlement. (optional)
$Filters = 'type eq "JIT"' # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: **identity.id**: *eq, in* **identity.name**: *eq, in, co* **source.id**: *eq, in* **source.name**: *eq, in, co* **account.id**: *eq, in* **account.name**: *eq, in, co* **entitlement.id**: *eq, in* **entitlement.attribute**: *eq, in, co* **entitlement.value**: *eq, in, co* **entitlement.privilegeLevel.effective**: *eq, in, co* **type**: *eq, in* **state.value**: *eq, in, co* **standalone**: *eq, in* **jit.activation**: *gt, lt, ge, le* **jit.provision**: *gt, lt, ge, le* **jit.deactivation**: *gt, lt, ge, le* **jit.deprovision**: *gt, lt, ge, le* **jit.expiration**: *gt, lt, ge, le* (optional)
$Sorters = "-type,id" # String | Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **id, identity.id, identity.name, source.id, source.name, account.id, account.name, entitlement.id, entitlement.displayName, entitlement.attribute, entitlement.privilegeLevel.effective, type, state.value, standalone, jit.activation, jit.provision, jit.deactivation, jit.deprovision, jit.expiration** Prefix a field with `-` for descending order. (optional)
# List entitlement connections
try {
Get-EntitlementConnectionsV1
# Below is a request that includes all optional parameters
# Get-EntitlementConnectionsV1 -Offset $Offset -Limit $Limit -Count $Count -SearchAfter $SearchAfter -Filters $Filters -Sorters $Sorters
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Get-EntitlementConnectionsV1"
Write-Host $_.ErrorDetails
}
patch-entitlement-connection-by-id-v1
Applies JSON Patch operations to an entitlement connection selected by connectionId.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Path | ConnectionId | String | True | Connection ID (UUID with or without hyphens). |
| Body | Jsonpatchoperation | []Jsonpatchoperation | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | Updated entitlement connection. | Entitlementconnection |
| 400 | Client Error - Returned if the request body is invalid. | Errorresponsedto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListEntitlementConnectionsV1401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | Errorresponsedto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | Errorresponsedto |
| 412 | Precondition Failed - Returned in response if API/Feature not enabled for an organization. | ListEntitlementConnectionsV1412Response |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListEntitlementConnectionsV1429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | Errorresponsedto |
HTTP request headers
- Content-Type: application/json-patch+json
- Accept: application/json
Example
$ConnectionId = "6c692d9972f8400ca4560a68f62c4c5f" # String | Connection ID (UUID with or without hyphens).
$Jsonpatchoperation = @""@ # Jsonpatchoperation[] |
# Update entitlement connection
try {
$Result = ConvertFrom-JsonToJsonpatchoperation -Json $Jsonpatchoperation
Update-EntitlementConnectionByIdV1 -ConnectionId $ConnectionId -Jsonpatchoperation $Result
# Below is a request that includes all optional parameters
# Update-EntitlementConnectionByIdV1 -ConnectionId $ConnectionId -Jsonpatchoperation $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-EntitlementConnectionByIdV1"
Write-Host $_.ErrorDetails
}
patch-entitlement-connection-by-query-v1
Applies JSON Patch operations to a single entitlement connection selected by
entitlementId, identityId, and accountId.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Query | EntitlementId | String | True | Entitlement ID (UUID with or without hyphens). |
| Query | IdentityId | String | True | Identity ID (UUID with or without hyphens). |
| Query | AccountId | String | True | Account ID (UUID with or without hyphens). |
| Body | Jsonpatchoperation | []Jsonpatchoperation | True |
Return type
Responses
| Code | Description | Data Type |
|---|---|---|
| 200 | Updated entitlement connection. | Entitlementconnection |
| 400 | Client Error - Returned if the request body is invalid. | Errorresponsedto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListEntitlementConnectionsV1401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | Errorresponsedto |
| 404 | Not Found - returned if the request URL refers to a resource or object that does not exist | Errorresponsedto |
| 412 | Precondition Failed - Returned in response if API/Feature not enabled for an organization. | ListEntitlementConnectionsV1412Response |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListEntitlementConnectionsV1429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | Errorresponsedto |
HTTP request headers
- Content-Type: application/json-patch+json
- Accept: application/json
Example
$EntitlementId = "dcfd09e551644ad5aa162ce977862031" # String | Entitlement ID (UUID with or without hyphens).
$IdentityId = "5470d8d4817a4207a8020bf533187da9" # String | Identity ID (UUID with or without hyphens).
$AccountId = "323bfddfb3dd4197b8f10f7735307d27" # String | Account ID (UUID with or without hyphens).
$Jsonpatchoperation = @""@ # Jsonpatchoperation[] |
# Update connection by query
try {
$Result = ConvertFrom-JsonToJsonpatchoperation -Json $Jsonpatchoperation
Update-EntitlementConnectionByQueryV1 -EntitlementId $EntitlementId -IdentityId $IdentityId -AccountId $AccountId -Jsonpatchoperation $Result
# Below is a request that includes all optional parameters
# Update-EntitlementConnectionByQueryV1 -EntitlementId $EntitlementId -IdentityId $IdentityId -AccountId $AccountId -Jsonpatchoperation $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-EntitlementConnectionByQueryV1"
Write-Host $_.ErrorDetails
}
update-entitlement-connections-bulk-v1
Updates connection type for up to 100 connections in one request. The API returns per-item results in a 207 Multi-Status response.
Parameters
| Param Type | Name | Data Type | Required | Description |
|---|---|---|---|---|
| Body | Entitlementconnectionbulkupdateitem | []Entitlementconnectionbulkupdateitem | True |
Return type
Entitlementconnectionbulkupdateresultitem[]
Responses
| Code | Description | Data Type |
|---|---|---|
| 207 | Per-item bulk update results. | Entitlementconnectionbulkupdateresultitem[] |
| 400 | Client Error - Returned if the request body is invalid. | Errorresponsedto |
| 401 | Unauthorized - Returned if there is no authorization header, or if the JWT token is expired. | ListEntitlementConnectionsV1401Response |
| 403 | Forbidden - Returned if the user you are running as, doesn't have access to this end-point. | Errorresponsedto |
| 429 | Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. | ListEntitlementConnectionsV1429Response |
| 500 | Internal Server Error - Returned if there is an unexpected error. | Errorresponsedto |
HTTP request headers
- Content-Type: application/json
- Accept: application/json
Example
$Entitlementconnectionbulkupdateitem = @"[{"connectionId":"d532fa5cb15748e2873c6a01e5923ec4","type":"JIT"},{"connectionId":"57bdbfcab8a34afb91c0a9fb4dba52b8","type":"STANDING"},{"connectionId":"0f571cefc8a2411790e0ee09f77e25a3","type":"STANDING"},{"connectionId":"025542c7e42144258c6f2325b6feeba8","type":"JIT"},{"connectionId":"6bccbc42381f49028dac9bfe68dbad2e","type":"JIT"}]"@ # Entitlementconnectionbulkupdateitem[] |
# Update connections in bulk
try {
$Result = ConvertFrom-JsonToEntitlementconnectionbulkupdateitem -Json $Entitlementconnectionbulkupdateitem
Update-EntitlementConnectionsBulkV1 -Entitlementconnectionbulkupdateitem $Result
# Below is a request that includes all optional parameters
# Update-EntitlementConnectionsBulkV1 -Entitlementconnectionbulkupdateitem $Result
} catch {
Write-Host $_.Exception.Response.StatusCode.value__ "Exception occurred when calling Update-EntitlementConnectionsBulkV1"
Write-Host $_.ErrorDetails
}