Idaptive Developer Program
The Idaptive Developer Program
Home
Guides
Recipes
API Reference
Reference
Changelog
Discussions
Page Not Found
Search
{{ state.current().meta.title }}
API Logs
Home
Guides
API Reference
{{search.symbol}}K
discard
Save Edits
Submit
Suggested Edits
Getting Started
Use Queries
Data Dictionary
ADGroup
ADOU
ADUser
Application
CDUser
Device
DSGroups
DSUsers
Event
GatewayDiagnosticsPageLoad
GatewayDiagnosticsUrls
InstalledApp
Proxy
QueryDefinition
Role
SysQueryDef
Tenant
User
Use your Tenant URL
Develop with the API
Authenticate and Authorize Users
Overview
Adaptive Authentication
Social Login
Authentication Cookies
Public Keys
Authentication Quick Start
Starting the Authentication Process
Advancing the Authentication
Advancing Multi-factor Authentication
Advancing Out-of-bounds Authentication
Using the Authentication Token
Identifying a Client Device
Social Login
Logging Out
C# Example
About OpenID Connect
Idaptive SAML Toolkits for SSO
OAuth Clients
Client Credentials Flow
Authorization (Auth) Code Flow
Resource Owner Flow
Refresh Tokens
Revoke a Token
Validate a Token
End a session
MFA for Password Checkout
Generate an on-demand auth challenge during login
On Demand Challenges
User Self Password Reset
User Self Get Username
Get a SAML Assertion for a Configured App
Generate a Random Password
Verifying a Signature
Apply an app-specific, on-demand MFA policy
Installation Guides
AWS CLI for Idaptive
Python Installation
Library Installations
AWS CLI Installation
Download and Edit the Idaptive AWS CLI Configuration Files
Create cacerts.pem
Running the Program
AWS Powershell Utility V10
Idaptive Powershell Utility Installation
Logging – Verbose output
Manage Users
User Management
Create and Manage Cloud Directory Users
Manage Applications for Users
Generic User Functions
Invite users to the portal
Get information for users
Search for users
Configure authentication settings
Use Extensible Attributes
Manage Roles
Multiple Secret Question Enrollment
Create an Authentication Profile
Create a Policy
Create a Customer
Manage Resources
Monitor Connector Status
Update a Proxy Collection List
Configure CORS
Manage Applications
Manage Access to Applications
Add Applications to a Website
Editing Custom Logic
Business Partner Federation
Mobilize
Manage Devices
User Behavior Analytics
Work with Analytics Endpoints
Webhooks
Slack Example Webhook
PagerDuty Example Webhook
SCIM Provisioning - Outbound
SCIM Provisioning Overview - Client
Automatic SCIM Provisioning
Role-based User Provisioning
Active Directory Group Provisioning
User Provisioning with Custom Attributes
SCIM API Requirements
SCIM Provisioning - Inbound
SCIM Provisioning Overview - Server
SCIM Client Inbound Configuration
Manage Groups with SCIM Endpoints
Manage users with SCIM Endpoints
Getting Started
Use Queries
Data Dictionary
ADGroup
ADOU
ADUser
Application
CDUser
Device
DSGroups
DSUsers
Event
GatewayDiagnosticsPageLoad
GatewayDiagnosticsUrls
InstalledApp
Proxy
QueryDefinition
Role
SysQueryDef
Tenant
User
Use your Tenant URL
Develop with the API
Authenticate and Authorize Users
Overview
Adaptive Authentication
Social Login
Authentication Cookies
Public Keys
Authentication Quick Start
Starting the Authentication Process
Advancing the Authentication
Advancing Multi-factor Authentication
Advancing Out-of-bounds Authentication
Using the Authentication Token
Identifying a Client Device
Social Login
Logging Out
C# Example
About OpenID Connect
Idaptive SAML Toolkits for SSO
OAuth Clients
Client Credentials Flow
Authorization (Auth) Code Flow
Resource Owner Flow
Refresh Tokens
Revoke a Token
Validate a Token
End a session
MFA for Password Checkout
Generate an on-demand auth challenge during login
On Demand Challenges
User Self Password Reset
User Self Get Username
Get a SAML Assertion for a Configured App
Generate a Random Password
Verifying a Signature
Apply an app-specific, on-demand MFA policy
Installation Guides
AWS CLI for Idaptive
Python Installation
Library Installations
AWS CLI Installation
Download and Edit the Idaptive AWS CLI Configuration Files
Create cacerts.pem
Running the Program
AWS Powershell Utility V10
Idaptive Powershell Utility Installation
Logging – Verbose output
Manage Users
User Management
Create and Manage Cloud Directory Users
Manage Applications for Users
Generic User Functions
Invite users to the portal
Get information for users
Search for users
Configure authentication settings
Use Extensible Attributes
Manage Roles
Multiple Secret Question Enrollment
Create an Authentication Profile
Create a Policy
Create a Customer
Manage Resources
Monitor Connector Status
Update a Proxy Collection List
Configure CORS
Manage Applications
Manage Access to Applications
Add Applications to a Website
Editing Custom Logic
Business Partner Federation
Mobilize
Manage Devices
User Behavior Analytics
Work with Analytics Endpoints
Webhooks
Slack Example Webhook
PagerDuty Example Webhook
SCIM Provisioning - Outbound
SCIM Provisioning Overview - Client
Automatic SCIM Provisioning
Role-based User Provisioning
Active Directory Group Provisioning
User Provisioning with Custom Attributes
SCIM API Requirements
SCIM Provisioning - Inbound
SCIM Provisioning Overview - Server
SCIM Client Inbound Configuration
Manage Groups with SCIM Endpoints
Manage users with SCIM Endpoints
Idaptive Identity Platform API
Authentication
post
Check row ACLs.
post
Gets a users access rights.
post
Get a collection of access rights.
post
Gets the collection access rights based on the input parameters.
post
Retrieves a list of who has what rights for the directory.
post
Gets a list of directory rights.
post
Gets a list of file rights.
post
Gets ACLs on a file.
post
Gets the access rights for a row.
post
Gets the row access rights based on the input parameters.
post
Authenticates a request.
post
Confirm
post
https://openid.net/specs/openid-connect-session-1_0.html#RPLogout
post
Introspect.
post
Keys
post
Revoke.
post
Gets a token based on grant type.
post
This returns the contents of the bearer token used.
post
Attempt to advance the state of an authentication session.
post
Advances a forgot username session (similar to MFA advance authentication).
post
Terminate an incomplete session started with StartAuthentication or StartChallenge.
post
Returns QR Code data
post
Allows OAuth2 clients to perform on-demand step-up authentication challenges.
post
Continues user authentication.
post
Starts a user authentication session.
post
Starts a step-up authentication challenge session.
post
Starts a forgot username session that looks similar to an MFA authentication session.
post
Starts a user authentication session for QR code authentication.
post
Submit OATH OTP code for the specify user
post
Submit QR Code authentication
post
Answer registration challenge.
post
Deletes the U2f device.
post
Delete a list of U2f devices.
post
Get the trusted facet list for the tenant.
post
Get registration challenge.
post
Gets a list of U2f devices.
post
Gets a list of U2f devices for the current user.
User Management
post
Gets a list of row rights.
post
Deprecated -- Delete a list of users with permission check.
post
Create new users in the Cloud Directory Service based on data read from files.
post
Delete user after permission check (DEPRECATED)
post
Exempt a specified user from MFA login for a period of time.
post
Get details for the current user.
post
Reads users from a csv file(s).
post
Refresh a user's cached identity.
post
Create a Bulk User Import scheduled task to process the uploaded file.
post
Retreives a list of users that are members of a specific federated group.
post
Retrieves the Federated Group Memberships for a specfic user.
post
Revokes federated group membership from a specific group for a specific user.
post
Refresh current user's cached identity.
post
Delete admin security question.
post
Get a specific admin security question
post
Get admin security questions
post
Add admin security question.
post
Runs a risk check for the current user.
post
Check to see if a user can edit attributes.
post
Update user attributes
post
Change the password for the current user.
post
Query all directory services for users, groups, and/or roles using a json query string.
post
Get the cached entity.
post
Get the cached user.
post
Get security questions for the current user
post
Fetch attributes for a specified user.
post
Get certificate info for a given user.
post
Fetch the reporting hierarchy for a specified user.
post
Get additional info for a specified user.
post
Fetch a cloud user's picture.
post
Gets user roles and administrative rights.
post
Invite one or more users to the cloud portal.
post
Checks to see if a given user is cloud locked.
post
Determine if the current user can (or cannot...) satisfy the requisite MFA challenges.
post
Checks to see if a given user is subject to cloud locks.
post
Remove a user from the cloud.
post
Remove one or more certificates for a given user.
post
Remove one or more users.
post
Resets (clears) security questions for a user.
post
Reset the password for a specified user.
post
Send email invitation to a specified user.
post
Send invitation emails to one or more users.
post
Send SMS invitation to a specified user.
post
Applies or clears a cloud lock for a given user.
post
Set the phone pin for a user.
post
Updates security questions for a user.
post
Updates various user preferences for the currently logged in user.
Core Services
post
Deletes an authentication profile.
post
Gets an authentication profile.
post
Gets a list of Authentication profiles.
post
Saves an authentication profile.
post
The tenant brand information.
post
The tenant brand.
post
Fetch technical support user.
post
Grant portal access to technical support.
post
Create a dynamic set.
post
Create a manual set.
post
Delete a set.
post
Gets the contents of a bucket.
post
Gets a set based on the ID.
post
Gets the references to a set.
post
Gets the rights on a set.
post
Gets a set template based on ObjectType and SubObjectType.
post
Gets the members with access to the set.
post
Gets the objects set.
post
Gets a set of ObjectType.
post
Gets the members with access to the set.
post
Update a set.
post
Updates the set members.
post
Adds a Blocked IP Range.
post
Adds an IP Range local to the customer network.
post
Requests a heath check from a specific cloud connector or from all cloud connectors.
post
Create a directory.
post
Creates a Reports directory in Path for the tenant.
post
Creates a Reports directory in the tenant for the current user.
post
Deletes a Blocked IP Range.
post
Removes a suffix.
post
Removes multiple suffixes.
post
Delete a set of certificates.
post
Deletes a directory.
post
Deletes a file.
post
Deletes a set of files.
post
Deletes a list of proxies.
post
Remove a connector referred to by proxyUuid.
post
Deletes the tenant configuration key.
post
Deletes an IP Range local to the customer network.
post
Check for the existence of a directory.
post
Downloads a certificate.
post
Download the contents of a file.
post
Check for the existence of a file.
post
Generates a new registration code.
post
Generates a password.
post
Get a list of domains in the forest.
post
Gets the active directory topology for the directory service Uuid or the domain name.
post
Get the tenant suffixes.
post
Gets the blocked IP Ranges.
post
Gets the certificate authority certificate chain.
post
Get the tenant suffixes excluding 'legacy' versions.
post
Gets the public part of the cloud certificate authority certificate.
post
Gets the connector log4net config for the connector.
post
Gets the current Iwa Json Url.
post
Gets the current Iwa Url.
post
Gets the public part of the default global app signing certificate.
post
List the directory contents of a directory.
post
Get a list of directory contents.
post
Gets directory information for the path.
post
Gets the directory services.
post
Gets a list of domain controllers for the directory service Uuid in domain name.
post
Gets download urls.
post
Get metadata and information about a file, as well as the file contents.
post
Get the Iwa trust root certificate.
post
Gets the localized value of the tag.
post
Get domains and organizational units.
post
Gets the IP Ranges local to the customer network.
post
Get the connector Iwa host certificate file.
post
Gets the Iwa settings for the connector Uuid.
post
Retrieves a list of product licenses for this tenant, from Salesforce.
post
Get a list of directory contents with a file extension of 'report'.
post
Get supported cultures, returning their code and native name.
post
Gets the public part of the tenant CA certificate.
post
Gets the tenant's config value for a key.
post
Returns a file name that is unique in the directory.
post
Gets all user settings of setting type.
post
Gets the Zso certificate
post
Gets the Zso host information.
post
This is a callback used by the twilio service.
post
Issues a user certificate. (Deprecated, please use OAuth2 instead.)
post
Issues a Zso user certificate
post
List the file contents of a directory.
post
Looks for name and description fields in a file.
post
Return given text as a file.
post
Move directory 'path' to 'toPath'.
post
Calls the NotifyEnvironment method on the connector.
post
Redirect to the targetUrl.
post
Read the contents of a file.
post
Re issue the certificate for the connector.
post
Rename certificate with thumbprint to newName.
post
Sets the connector Log4Net config for a connector.
post
Sets the default certificate for the current tenant.
post
Set the certificate for the Iwa connector.
post
Set the connector Iwa Settings for proxyUuid.
post
Sets the value of a tenant configuration key.
post
Starts the named service on the connector.
post
Stops the named service on the connector.
post
Store a suffix.
post
Saves the user information.
post
Stores the user settings.
post
Updates the directory services stack for a tenant.
post
Updates the Iwa connector settings.
post
Uploads a certificate.
post
Write string content to a file.
post
Gets the value of an extended column.
post
Gets the value of all extended columns for a row.
post
Gets the tables extended columnar schema.
post
Sets the value of an extended column.
post
Sets the value of an extended column.
post
Updates a table's extended columnar schema.
post
Add a certificate authority.
post
Downloads the certificate authority public key file.
post
Get certificate authorities for the tenant.
post
Remove a certificate authority.
post
Update a certificate authority.
post
Add global group assertion mapping.
post
Create federation.
post
Delete a federation.
post
Delete global group assertion mapping.
post
Get the federation metadata.
post
Get a federation.
post
Get federation group assertion mappings.
post
Gets a list of federations.
post
Gets a list of federation types.
post
Get global federation settings.
post
Get global group assertion mappings.
post
Gets a list of federated groups.
post
Gets the public part of the Service Provider signing certificate.
post
Gets the public part of the Service Provider signing certificate authority.
post
Update a federation.
post
Update federation group assertion mappings.
post
Update the global group assertion mappings.
post
Call back for the google directory service.
post
Gets the IDP authorization state for the pollingToken.
post
Gets the directory service configuration.
post
Gets the state id and the service login url.
post
Updates the directory service configuration.
post
Updates the directory service configuration.
post
Simple health check for load balancers: Is this node active?
post
Returns login Data configurement.
post
Adds a service to the Lightweight Directory Access Protocol (LDAP) config.
post
Remove a service from the Lightweight Directory Access Protocol (LDAP).
post
Get a list of cloud connectors that have the LDAP module enabled.
post
Gets the directory service version for an LDAP directory service specified by UUID.
post
Get the Lightweight Directory Access Protocol (LDAP) config.
post
Get the Directory Service UUID for a specific LDAP, using the name assigned by the user.
post
Gets the list of mappable LDAP attributes.
post
Gets a property to attribute mapping on an LDAP enabled directory service.
post
Gets the scripting property to attribute mapping from an LDAP enabled directory service.
post
Modify a service in the Lightweight Directory Access Protocol (LDAP) config.
post
Sets a property to attribute mapping on an LDAP enabled directory service.
post
Sets the scripting property to attribute mapping on an LDAP enabled directory service.
post
Gets the results of the specified mappings by looking up a user by name.
post
Verify the Lightweight Directory Access Protocol (LDAP) directory service config.
post
Retrieves the file from the virtual file system.
post
Add a single OATH profile to a specific user.
post
Deprecated -- Forces the Idaptive oath profile to exist.
post
Forces the Idaptive oath profile to exist.
post
Delete a list of profiles.
post
Gets data from a csv file.
post
Get import profile list.
post
Gets the profile list for the user.
post
Gets the oath profile list for a device.
post
Deprecated -- Resets the Idaptive OATH profile.
post
Resets the Idaptive OATH profile.
post
Resynchronize a TOTP or HOTP token.
post
Save or update the default Idaptive profile.
post
Set response parameters to entity.
post
Process a previously uploaded csv file.
post
Update the oath profile counter.
post
Validate the otp code.
post
Creates a client token.
post
Login
post
Add an authentication policy modifier.
post
Delete an authentication policy modifier.
post
Delete a policy block.
post
Get the authentication policy modifiers.
post
Gets a list of policy links.
post
Get policy block.
post
Gets the oath otp name for the user.
post
Get the password complexity requirements for the user.
post
Gets a list of policy links.
post
Get policy block.
post
Retrieves a boolean policy value.
post
Retrieves an integer policy value.
post
Get the policy meta data.
post
Retrieves a string policy value.
post
Get the rsop policy for the user and device.
post
Gets the oath u2f name for the user.
post
Get using cloud mobile group policy.
post
Get a list of policies for a device.
post
Deprecated; use SavePolicyBlock3.
post
Save a new or updated policy.
post
Saves a list of policy links.
post
Saves a list of policy links.
post
Sets the using cloud mobile group policy.
post
Get all radius clients.
post
Fetch Radius config for a specified connector
post
Get the list of RADIUS servers
post
Get the user identifier attribute types.
post
Remove one or more radius clients if they exist.
post
Remove radius servers.
post
Add or update a radius client.
post
Change radius config for a connector.
post
Configures a Radius server.
post
Gets a list of tenants for the customer.
post
Register a new tenant.
post
Delete job history.
post
Make a job report.
post
Deprecated -- Am I authenticated.
post
Deprecated -- Checks for user execute rights on the Application Role Management task.
post
Begin the process of recovering a lost or forgotten user name.
post
Gets a list of risk levels.
post
Deprecated -- Multi factor authentication login for user.
post
Add an enrollment code
post
Delete an enrollment code
post
Disables zero or more features for an enrolled machine.
post
Deprecated -- EnableFeatures
post
Enables zero or more features for an enrolled machine.
post
Get all enrollment codes
post
Verify password.
post
For social authentication, this is the Facebook call back.
post
For social authentication, this is the Google call back.
post
For social authentication, this is the LinkedIn call back.
post
For social authentication, this is the Microsoft call back.
post
For social authentication, this is the Twitter call back.
post
Gets the social configurations for all identity providers.
post
Get the application client secret.
post
Gets the social user authentication configuration.
post
Gets the social configuration for the requested identity provider.
post
Resets the social user authentication configuration.
post
Sets the social user authentication configuration.
post
Set custom configuration.
post
Describe the system.
post
Dummy
post
Retrieve a session id.
post
Get the system version.
post
Request the cancellation of a job.
post
Create a one time job.
post
Emails the report from scriptPath to the emailTo address.
post
Returns streaming job history data via a redrock style interface.
post
Gets the history of a single job.
post
Retrieve simple job metrics from the persistent job system.
post
List the cnames assigned for the tenant.
post
Gets the domain of tenant urls
post
Creates a cname with prefix specified for the tenant.
post
Sets the tenant cname to preferred as cname
post
Gets the tenant cnames.
post
Deletes the cname for the tenant
post
Deletes a single key record from the config table.
post
Returns tenant's configuration values.
post
Get tenant configuration.
post
Deprecated -- Get editable mail templates.
post
Get editable message template.
post
Get editable message templates.
post
Gets the google key for the tenant.
post
Gets the tenant mobile configuration data.
post
Get the tenant Simple Mail Transport Protocol configuration.
post
Get the tenant Twilio configuration.
post
Reset portal configuration.
post
Send a test message template.
post
Set the tenant configuration.
post
Set a tenant configuration.
post
Sets the google key for the tenant.
post
Sets the tenant mobile configuration.
post
Set password persistance. i.e. do we save your password.
post
Set the tenant Simple Mail Transport Protocol configuration.
post
Set the tenant Twilio configuration.
post
Test the tenant Simple Mail Transport Protocol configuration.
post
Test the tenant Twilio configuration.
post
Evaluate a shortened URL key, redirecting to its long URL if valid.
post
Get the file.
post
Get lower case file name.
post
Authenticate the ZSO session.
post
Login using a tenant Certificate authority certificate.
post
Clears the Mac Safari Zso cookie.
post
Is the Mac Safari Zso cookie set.
post
Checks to see if sessionId is authenticated.
post
Sets the Mac Safari Zso cookie.
Cloud User Management
post
Change cloud user properties.
post
Create a new user in the Cloud Directory Service.
post
Create a new user in the Cloud Directory Service using minimal user information.
post
Create new users in the Cloud Directory Service.
post
Delete a cloud user. (DEPRECATED)
post
Get details for a specified cloud user.
post
Get details for a specified user by name.
post
Get all cloud users.
post
Removes AuthSource for list of users
post
Removes AuthSource from all users for a given Federation
post
Set a cloud user's picture file.
post
Set user State (locked, disabled, expired) for a specified cloud user.
post
MultiFactor Auth support: answer out of band challenge.
post
Determines if user needs step-up authentication.
post
Fetches a one-time passcode for the specified use.
post
Get Token for username Requires OATH2 Authorization header
post
Deprecated -- User login.
post
Logout current user.
post
Start social authentication.
post
Checks to see if user has execute rights on the task.
post
Checks to see if user has execute rights on a list of tasks.
post
Looks for the multi auth customer response.
post
Looks for the multi auth customer response.
post
Confirms user authentication state.
post
Check if a user profile challenge is required for the current user.
post
Get the user preferences.
post
DEPRECATED -- This API is deprecated and should not be used.
post
Uncache the user preferences.
Directory Services
post
Bulk imports users from csv file.
post
Performs the action after confirming permission to do so.
Role Management
post
Assigns directoryfile rights to roles.
post
Assigns directory rights to roles.
post
Assigns file rights to roles.
post
Get list of administrative rights associated with a role.
post
List the roles and rights to a directoryfile.
post
List the roles and rights of a directory.
post
List the roles and rights of a file.
post
List the Dashboard roles and rights.
post
List the Report roles and rights.
post
Get the users for the specfied role id and return the paged results.
post
Update specific attributes of a Role, leaving the rest unchanged.
post
Add principals to role.
post
Delete a role.
post
Delete a list of Roles.
post
Fetch a Role.
post
Fetch a Role's principals.
post
Remove principals from role.
post
Create a Principal List role.
post
Deprecated -- Update a Role.
Workflow Management
post
Deletes a workflow job
post
Sends a workflow event to a workflow
post
Gets a workflow job
post
Gets list of workflow jobs
post
Gets list of workflow jobs associated with the current user
post
Starts a workflow job
Device Management
post
Delete a device (Mobile + OSX)
post
Disable SSO on device (Mobile + OSX)
post
Enable SSO on device (Mobile + OSX)
post
Gets list of global permissions associated with device
post
Reset Samsung KNOX container password (Samsung Mobile)
post
Lock client app (Mobile)
post
Lock device screen (Mobile + OSX)
post
Ping a device (Mobile + OSX)
post
Power off a device (Mobile + OSX)
post
Reapply device policies (Mobile + OSX)
post
Reboot a device (Mobile + OSX)
post
Unenroll a device (Mobile + OSX)
post
Reset client app lock pin (Mobile)
post
Grant permissions on devices
post
Set a device as primary (Mobile)
post
Unlock a device (Mobile + OSX)
post
Update device policies (Mobile + OSX)
post
Wipe a device (Mobile + OSX)
post
Grant permissions on applicationss
Application Management
post
Get meta
post
Delete an application.
post
Gets the ID of an app from its service name
post
Get information for an application.
post
Get information for application templates.
post
Create an application.
post
Checks if Application is still available in the catalog.
post
Update an application.
post
Get an application's data.
post
Return a user's portal applications and how the user has access to each application.
post
Get the list of application tags for the current user.
post
Gets all available data for the user portal in one call.
post
Set user credentials for an application.
post
Add and update application tags for the current user.
Analytics
post
/rules/webhook
post
/rules/webhook/test
post
/rules/{id}/status
get
/rules
post
/file/export/rules/webhook/{name}
post
/file/import/rules/webhook
delete
/rules/{id}
post
/apis/access_tokens
get
/apis/access_tokens
get
/apis/scopes
put
/apis/access_tokens/{id}/activate
put
/apis/access_tokens/{id}/inactivate
delete
/apis/access_tokens/{id}
get
/dataset/system/models
Getting Started
Use Queries
Data Dictionary
Use your Tenant URL
View All 4
Authenticate and Authorize Users
Overview
Authentication Quick Start
About OpenID Connect
View All 14
Installation Guides
AWS CLI for Idaptive
AWS Powershell Utility V10
Manage Users
User Management
Create and Manage Cloud Directory Users
Manage Applications for Users
View All 10
Manage Resources
Monitor Connector Status
Update a Proxy Collection List
Configure CORS
Manage Applications
Manage Access to Applications
Add Applications to a Website
Editing Custom Logic
View All 4
Mobilize
Manage Devices
User Behavior Analytics
Work with Analytics Endpoints
Webhooks
SCIM Provisioning - Outbound
SCIM Provisioning Overview - Client
Automatic SCIM Provisioning
Role-based User Provisioning
View All 6
SCIM Provisioning - Inbound
SCIM Provisioning Overview - Server
SCIM Client Inbound Configuration
Manage Groups with SCIM Endpoints
View All 4