Use Cases

This section outlines various business scenarios that can be effectively addressed using the Identity Director REST API.

Authentication

We must execute this authentication API to generate an authorization token for the logged-in user. The token obtained from the response will be used for authorization in subsequent API calls.

Solutions

  • POST /PublicApi/Authentication/Login

Audit Trail

The Audit Trail chronologically records actions in the Management Portal, documenting information about adding, changing, and deleting items, as well as upgrades, synchronizations, and sign-ins/sign-outs. Additionally, you can use to export this data to a CSV file.

Solutions

  • GET /PublicApi/Audit/Search to return all the logs of audit trail.


  • POST /PublicApi/Audit/Search to send the data to the server to obtain desired search results from the audit trail.


Building Block

Building Blocks allow you to store all settings related to services, organizational context, data connections, data sources, and branding as external .XML files. This capability enables you to back up these settings and transport them between different Identity Director environments by importing them at a later stage.

Solutions

  • GET /PublicApi/BuildingBlock/Export is used to export the building block.

  • POST /PublicApi/BuildingBlock/Export is used to send the data to the server to obtain desired search results of building blocks.

  • POST /PublicApi/BuildingBlock/Upload is used to send the data to the server to obtain desired search of uploaded building blocks.

  • POST /PublicApi/BuildingBlock/UploadResource is used to send the data to the server to obtain desired search of uploaded resource building blocks.

  • POST /PublicApi/BuildingBlock/Import is used to send the data to the server to obtain desired search of imported building blocks.

Global Attributes

In the Management Portal, navigate to Data Model > Global Attributes to configure global attributes. These global attributes store information that can be shared across services, reducing the need for redundant attributes and allowing for more efficient service management.

Solutions

  • GET /PublicApi/GlobalAttribute/GetGlobalAttributesSummary is used to get the list of global attributes.

  • GET /PublicApi/GlobalAttribute/GetGlobalAttributeDefinition/{attrId} is used to get the details of all the data of the passed global attributes id.

Integration

These integration APIs connect Identity Director with Automation. They also provide information on service usage, including which services are used the most and which are used the least.

Solutions

  • POST /PublicApi/Integration/ValidateAutomationIntegration is used to validate the integration of Automation with Identity Director.

  • POST /PublicApi/Integration/GetPublishedServices is used to get the details of published services.

  • POST /PublicApi/Integration/GetPersonDeliveredServices is used to get the details of services delivered to a person.

  • POST /PublicApi/Integration/GetServiceSubscribers is used to get the details of the subscribers service.

  • GET /PublicApi/Integration/GetUsersNotQualifiedToAnyEntitlements is used to get the details of users who are not qualified for any entitlements.

  • GET /PublicApi/Integration/GetUsersWithoutTransactionsSince is used to get the details of users without any transactions.

  • GET /PublicApi/Integration/GetEntitlementsWithNoUsersQualified is used to retrieve details of entitlements with no qualified users.

  • GET /PublicApi/Integration/GetEntitlementsWithoutTransactionsSince is used to retrieve the details of entitlements without any transactions.

  • GET /PublicApi/Integration/GetMostUsedEntitlements is used to get the details of the most used entitlements.

  • GET /PublicApi/Integration/GetLeastUsedEntitlement is used to get the details of least used entitlements.

Organizations

The organizational structure of an Ivanti Identity Director environment mirrors the hierarchy of your organization. It consists of:

  • People: These are all individuals within your Identity Director environment.

  • Organization: This is the logical structure of organizational elements, divided into locations, roles, and departments. By classifying people into these organizational elements, you can determine which users are authorized to sign in to the Web Portal and the Clients, as well as which services they qualify for.

Solutions

  • GET /PublicApi/Organization/{organizationId}

  • GET /PublicApi/Organization/List is used to get the list of the organizations.

    • The following APIs are used to manage organizations and retrieve information about their child organizations:

  • POST /PublicApi/Organization/List is used to send the data to the server to obtain the list of the organizations.

  • GET /PublicApi/Organization/Children/{parentId}/{includeSubChildren} is used to get the details of all the child organization(sub-items).

  • POST /PublicApi/Organization/AddPeople is used to send data to the server to add a person to the organization.

  • POST /PublicApi/Organization/RemovePeople is used to send data to the server to remove a person from the organization.

Organizational Attributes

In the Management Portal, under the Organization section, you can manage the structure of your organization. This structure can be organized in various ways, such as by locations, roles, and departments. You can use this organizational structure to determine which users are authorized to access the environment and which services are available to them.

Solutions

  • GET /PublicApi/OrganizationAttribute/GetForFirstLevelOrganization/{organizationId} is used to retrieve information about the first level of organizations using an organization id.

People Attributes

A people attribute stores information about a person, such as contact details, employee number, place of birth, or telephone number. These attributes can be used to provide values in workflow actions. You can specify individual values for a person on the person's Attributes tab.

Solutions

  • POST /PublicApi/PeopleAttribute/Search} is used to send the data to the server to get the details of people attribute.

  • GET /PublicApi/PeopleAttribute/GetPersonAttributeDefinition/{attrId} is used to retrieve data related to a people attribute based on the attribute ID.

Person

In the Management Portal, under the People section, use the Properties tab on the person page to configure the general properties of a person.

Solutions

  • GET /PublicApi/Person/New is used to get the details of the newly added person.

Below are the multiple APIs used in different functionalities related to a person.

  • DELETE /PublicApi/Person/{personId} is used to delete a person using the person ID.

  • GET /PublicApi/Person/{personId} is used to retrieve details of a person using the person ID.

  • PUT /PublicApi/Person/{personId} is used to create or update a person's information using the person ID.

  • POST /PublicApi/Person is used to send data to the server to fetch a person's details.

  • GET /PublicApi/Person/Search is used to send data to the server to fetch details of all people.

  • POST /PublicApi/Person/Search is used to send data to the server to fetch a person's details.

  • POST /PublicApi/Person/Search/Full is used to send data to the server for all the people.

  • DELETE /PublicApi/Person/DeleteAllReadyForDeletion is used to delete all people marked as ready for deletion.

  • DELETE /PublicApi/Person/{personId}/attribute/{attributeDefinitionId} is used to delete a person's attribute using the attribute ID.

  • GET /PublicApi/Person/{personId}/attribute/{attributeDefinitionId} is used to retrieve details of a person's attribute using the attribute ID.

  • PUT /PublicApi/Person/{personId}/attribute/{attributeDefinitionId} is used to update or create an attribute for a person using the attribute ID.

  • GET /PublicApi/Person/GetQualifiedServices/{personId} is used to retrieve details of all qualified services for a person.

  • GET /PublicApi/Person/GetSubscribedServices/{personId} is used to retrieve details of all subscribed services for a person.

Person Identifier

Add the Set Person Attributes and Identifiers action to assign specific values to the attributes and identifiers of the subscriber. Each person's attribute and identifier value is based on the value of the corresponding service attribute to which it is mapped. These values will be preserved even if the subscriber unsubscribes from the service.

Solutions

  • GET /PublicApi/PersonIdentifier/NewPersonIdentifier is used to get details of the newly added person identifiers.

Below are the multiple APIs used in different functionalities related to a person identifier.

  • DELETE /PublicApi/PersonIdentifier/{personIdentifierId} is used to delete a person identifier using the person ID.

  • GET /PublicApi/PersonIdentifier/{personIdentifierId} is used to retrieve details of a person identifier using the person ID.

  • PUT /PublicApi/PersonIdentifier/{personIdentifierId} is used to create or update a person's identifier using the person ID.

  • POST /PublicApi/PersonIdentifier is used to send data to the server to fetch all the details of a user's person identifier.

  • GET /PublicApi/PersonIdentifier/Search is used to fetch all the person's identifiers.

  • POST /PublicApi/PersonIdentifier/Search is used to send data to the server to fetch a person's identifier.

  • POST /PublicApi/PersonIdentifier/IsNameUnique is used to send data to the server to fetch if the personsidentifier is unique or not.

Service

In the Management Portal's Entitlement Catalog, configure the delivery and return workflows for a service using the Workflow tab on the service page. This involves defining a sequence of actions that automate the service delivery and return processes. For instance, in an employee onboarding service, the workflow might include steps where the HR department provides user details, followed by Run Books that create a user account in Microsoft Active Directory and set up a mailbox on a Microsoft Exchange server.

Solutions

  • GET /PublicApi/Service/NewService is used to get details of the newly created services.

Below are the multiple APIs used in different functionalities related to a service.

  • DELETE /PublicApi/Service/{serviceId} is used to delete a service using the service ID.

  • GET /PublicApi/Service/{serviceId} is used to get all the details of a particular service using the service ID.

  • POST /PublicApi/Service/{serviceId} is used to send data to the server for all the services.

  • PUT /PublicApi/Service/{serviceId} is used to update or create a service.

  • GET /PublicApi/Service/Search is used to get all the services.

  • POST /PublicApi/Service/Search is used to send data to the server to fetch a service.

  • POST /PublicApi/Service/Search/Full is used to send data to the server to fetch all service details.

  • POST /PublicApi/Service to send data to the server to fetch all services.

  • DELETE /PublicApi/Service/{serviceId}/attribute/{attributeId} is used to delete a particular attribute of a service.

  • GET /PublicApi/Service/{serviceId}/attribute/{attributeId} is used to get the list of attributes linked to a service.

  • PUT /PublicApi/Service/{serviceId}/attribute/{attributeId} is used to update or create an attribute of the service.

  • GET /PublicApi/Service/GetQualifiedPeople/{serviceId} is used to get qualified people for that service.

  • GET /PublicApi/Service/GetSubscribedPeople/{serviceId} is used to get subscribed people for that service.

  • POST /PublicApi/Service/IsNameUnique is used to send the data to the server to fetch all the services with an unique name.

  • POST /PublicApi/Service/Request is used to send data to the server to fetch all the requested services.

  • POST /PublicApi/Service/Assign is used to send the data to the server to fetch all the services assigned to people.

  • POST /PublicApi/Service/Return is used to send the data to the server to fetch all services which are returned.

  • POST /PublicApi/Service/Unassign is used to send data to the server to fetch all services that are not assigned yet.

Setting

At Setup > Login Page Services, you can view the availability of the Password Reset and Unlock Account services on the Identity Director Web Portal, the Mobile client login pages, and the Microsoft Windows login screen.

Solutions

  • GET /PublicApi/Setting/PasswordReset is used to retrieve details of the password reset account.

Below are the multiple APIs used in different functionalities related to password reset.

  • PUT /PublicApi/Setting/PasswordReset is used to update or create data for password reset.

  • GET /PublicApi/Setting/UnlockAccount is used to retrieve details to unlock an account.

  • PUT /PublicApi/Setting/UnlockAccount is used to update or create data to unlock account.

  • PUT /PublicApi/Setting/DeleteReadyForDeletionUserAfterDays is used to update or create data for the deletion of user data after a specified number of days.

Transactions

Transactions record when any service is delivered or returned.

Solutions

  • GET /PublicApi/Transaction/Search is used to get the list of all the transactions that have taken place.

  • POST /PublicApi/Transaction/Search is used to send data to the server to fetch all the transaction details.

  • GET /PublicApi/Transaction/{transactionId} is used to retrieve the details of a particular transaction using the transaction ID.