+```
+- **Line 2** - shows the angular controller `ng-controller` defined as 'TodoController' from **line 8** of 'TodoModule.js'.
+- **Line 4** - example of accessing controller method `viewFlaggedUsers` from **line 21** of 'TodoModule.js'.
+
+This example demonstrates how to use the Angular concept of the modal within a plugin. In the 'Todo' plugin, if the user clicks the 'Flagged Users' button as defined on the `fullPage`, it will switch context to the page defined by the ui/`html/flagged-template.html`, and swap the AngularJS controller to `FlaggedUserCtrl`. The behavior of this modal dialogue is essentially the same as the `fullPage` 'page.xhtml' - it accesses information by the controller, which may rely on backend Java classes to produce data. Notice that to reference the .html template for the flagged users, the example uses the `PluginHelper` classes' method `getPluginFileUrl` - this allows for fetching the plugin resource by a relative path as it would display in the installed .zip archive.
+
+One last aspect to remember for the `page.xhtml` is the necessity to include references to the JavaScript packages the plugin will use. Use this path to reference the packages: `#{plugins.requestContextPath}/plugin/
/path/to/js/files.js`.
+
+```html
+
+
+
+```
+
+The path to the page would be the following: `{serverpath}/plugins/pluginPage.jsf?pn={PluginName}`, where `PluginName` is the name of your plugin, as specified in the manifest, and `serverpath` is the path to your server.
\ No newline at end of file
diff --git a/products/iiq/docs/identity-iq/plugin-developer-guide/chapter-6/index.md b/products/iiq/docs/identity-iq/plugin-developer-guide/chapter-6/index.md
new file mode 100644
index 00000000000..5a69372c6d2
--- /dev/null
+++ b/products/iiq/docs/identity-iq/plugin-developer-guide/chapter-6/index.md
@@ -0,0 +1,28 @@
+---
+id: plugin-xml-artifacts
+title: XML Artifacts
+pagination_label: XML Artifacts
+sidebar_label: XML Artifacts
+sidebar_position: 6
+sidebar_class_name: plugin_developer_guide_xml_artifacts
+keywords: ['plugin']
+description: IdentityIQ Plugin XML Artifacts
+slug: /docs/plugin-developer-guide/xml-artifacts
+tags: ['plugin','guide','identityiq']
+---
+
+# XML Artifacts
+
+Any IdentityIQ objects required as part of a plugin must be represented in XML artifacts. This can mean something as small as a single new SPRight object, such as the 'ViewTodoPluginIcon', or a complex workflow or rule. The mechanism used to import these artifacts during installation is the same as any other IdentityIQ object import, so the normal import actions are also available: merge, include, execute, logConfig.
+
+You can directly develop these XML artifacts in the build folder or in the IdentityIQ UI. You can then export them either by using the console or by copying and pasting them from the build's debug.
+
+When you're developing in the UI and then migrating the artifacts to your build folder, it is important to strip out some of the metadata that IdentityIQ attaches to XML objects when they're first created. First and foremost, you should remove the 'id' attribute assigned by 'Hibernate'. Then remove any other hibernate ID value references. For this reason, it is preferable to export the artifacts by using the IdentityIQ console command: './iiq export -clean'
+
+Everything in the 'import' folder is imported - the SailPoint objects can be separated into individual files or combined into a single file. When a plugin is uninstalled, the imported XML artifacts remain in the IdentityIQ database (not deleted), but the .zip archive where the plugin files are loaded from is removed from the 'spt_file_bucket' and 'spt_persisted_file' tables.
+
+The development of regular IdentityIQ objects is beyond the scope of this document, but many helpful resources are available:
+
+[Technical White Papers - IdentityIQ](https://community.sailpoint.com/space/2068)
+
+[BeanShell Developer's Guide for IdentityIQ](https://community.sailpoint.com/docs/DOC-3375)
\ No newline at end of file
diff --git a/products/iiq/docs/identity-iq/plugin-developer-guide/chapter-7/index.md b/products/iiq/docs/identity-iq/plugin-developer-guide/chapter-7/index.md
new file mode 100644
index 00000000000..333e7588527
--- /dev/null
+++ b/products/iiq/docs/identity-iq/plugin-developer-guide/chapter-7/index.md
@@ -0,0 +1,93 @@
+---
+id: plugin-java-rest-resources
+title: Java Classes - Rest Resources
+pagination_label: Java Classes - Rest Resources
+sidebar_label: Java Classes - Rest Resources
+sidebar_position: 7
+sidebar_class_name: plugin_developer_guide_java_rest_resources
+keywords: ['plugin']
+description: IdentityIQ Plugin Java Classes REST Resources
+slug: /docs/plugin-developer-guide/java-classes-rest-resources
+tags: ['plugin','guide','identityiq']
+---
+
+# Java Classes - REST Resources
+
+The plugin framework relies heavily on REST web services integration for the majority of CRUD (create, read, update, and delete) operations. To create a custom REST resource, there are a couple requirements. This guide will cover those requirements.
+
+## Extend BasePluginResource
+
+The first step to creating a custom REST resource is to use the `BasePluginResource` class as the base class for all resources. It provides access to utility methods for accessing plugin settings, getting database connections and more.
+
+- **getConnection** - Gets connection to the datasource specified in the iiq.properties file for the plugins
+- **getPluginName** - This method should be overriden to return the plugin's correct name.
+- **getSettingBool** - Gets value of boolean plugin setting for plugin name returned by `getPluginName()`.
+- **getSettingInt** - Gets value of int plugin setting for plugin name returned by `getPluginName()`.
+- **getSettingString** - Gets value of String plugin setting for plugin name returned by `getPluginName()`.
+- **prepareStatement** - Convenience security method for getting Java `PreparedStatement` object for any required database queries - signature is `prepareStatement`(Connection, String, Object...) where the string would be the SQL statement you wish to execute and the object would be a list of the parameters values, if any, to be used.
+- **authorize** - This should be overridden by implementers, but by default it only ensures that SystemAdministrator can see everything.
+ Additional methods should be introduced to handle the various endpoints required by the plugin.
+
+## Secure endpoints
+
+The next step to creating a custom REST resource is to prevent unauthorized access to your new endpoints. To do so, you should guard each with an authorization mechanism. The simplest way to do so in the plugin framework is through 'Annotations'. In Java, an annotation is a syntactic metadata that is added, often before a method signature, to describe the parameters used in that method. Here is an example from the 'Todo' plugin:
+
+```java
+@GET
+@Path("customplugin/{param}")
+@Deferred
+
+public CustomPluginObject getCustomPluginObject(@PathParam("param") String objectName) throws GeneralException{
+ CustomPluginObject cpo = getCustomPluginService().getCustomPluginObject(objectName);
+ authorize(new CustomPluginAuthorizer(cpo));
+ return cpo;
+}
+```
+
+An annotation should have at least three parts
+
+- **Line 1** - The HTTP method (GET, POST, PUT, DELETE, etc).
+- **Line 2** - The path or endpoint - this can be parameterized, which is useful for pulling back a single record. The earlier example uses parameterization by adding the variable within {} tags to the end of the URL and also declaring the @PathParam "appName" in the input arguments of the method signature.
+- **Line 3** - The authorization of the method. The following values are allowed:
+ - **@AllowAll** - Allows anyone to interrogate the endpoint.
+ - **@RequiredRight("")** - Allows users with the named SPRight to access the endpoint.
+ - **@SystemAdmin** - System administrator access only.
+ - **@Deferred** - Authorization is deferred to the method. When this option is selected, the implementer must also create an `Authorizer` class that implements the `sailpoint.authorization.Authorize`r interface. The `Authorizer` class should override the `authorize(UserContext)` method of the base `Authorizer` interface. Inside the REST resource method, the author would then call `authorize()`. Here is a simple example:
+
+```java
+import sailpoint.authorization.Authorizer;
+import sailpoint.authorization.UnauthorizedAccessException;
+import sailpoint.tools.GeneralException;
+import sailpoint.web.UserContext;
+
+/**
+* Created by adam.creaney on 2/6/17.
+*/
+
+class CustomPluginAuthorizer implements Authorizer{
+ /**
+ * The CustomPluginObject to check.
+ */
+
+ private CustomPluginObject cpo;
+ /**
+ * Constructor.
+ *
+ * @param CustomPluginObject the custom plugin object
+ */
+ public CustomPluginAuthorizer(CustomPluginObject cpo) {
+ this.cpo = cpo
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void authorize(UserContext userContext) throws GeneralException {
+ if (!(userContext.getLoggedInUser().getCapabilityManager().hasCapability("SystemAdministrator") || userContext.getLoggedInUser().getCapabilityManager().hasCapability("CustomAdmin"))) {
+ throw new UnauthorizedAccessException("User does not have access to Custom Plugin");
+ }
+ }
+
+}
+```
\ No newline at end of file
diff --git a/products/iiq/docs/identity-iq/plugin-developer-guide/chapter-8/index.md b/products/iiq/docs/identity-iq/plugin-developer-guide/chapter-8/index.md
new file mode 100644
index 00000000000..2b430320f79
--- /dev/null
+++ b/products/iiq/docs/identity-iq/plugin-developer-guide/chapter-8/index.md
@@ -0,0 +1,255 @@
+---
+id: plugin-java-executors
+title: Java Classes - Executors
+pagination_label: Java Classes - Executors
+sidebar_label: Java Classes - Executors
+sidebar_position: 8
+sidebar_class_name: plugin_developer_guide_java_executors
+keywords: ['plugin']
+description: IdentityIQ Plugin Java Class Plugin Executors
+slug: /docs/plugin-developer-guide/java-classes-executors
+tags: ['plugin','guide','identityiq']
+---
+
+# Java Classes - Plugin Executors
+
+The plugin framework allows developers to include custom task implementations or services with their plugin. These items rely on executor classes that contain the business logic for these services. The following executors are currently available for use by developers:
+
+1. Service Executors
+2. Task Executors
+3. Policy Executors
+
+## Plugin Object Properties
+
+When you're defining your plugin object, you must provide a list of service executors that will be included. The list will live inside an attributes map under the key serviceExecutors. Here is what such a list would look like:
+
+1. Plugin Helper methods
+2. All inherited Service methods
+3. BasePluginTaskExecutor
+4. Plugin Helper methods
+5. All inherited TaskExecutor methods
+6. BasePluginPolicyExecutor
+7. Plugin Helper methods
+8. All inherited PolicyExecutor methods.
+
+
+## Plugin Helper Methods
+
+This is the list of methods included with the `BasePlugin` classes:
+
+* **getPluginName()** - returns a string value of the plugin's name.
+* **getConnection()** - returns a connection object used to query the database.
+* **getSettingString(String settingName)** - returns a string setting value from the Plugin Settings.
+* **getSettingBool( String settingName)** - returns a boolean value from the Plugin Settings.
+* **getSettingInt(String settingName)** - returns a integer value from the Plugin Settings.
+
+You can think of the `BasePlugin` classes as the foundation for the creation of your specific objects. The biggest advantage to using them is the access to the Plugin Helper Methods. You aren't required to use the `BasePlugin` classes for your implementation though - you're welcome to extend directly from the parent class object you want to implement.
+
+## Implement a plugin service definition
+
+When you're implementing a plugin service you will have to implement two parts. The first is your Service class, which will contain the business logic for what you want the service ot actually do. The second is the service definition XML file that will be loaded into IdentityIQ. You can find examples of both below:
+
+### BasePluginService Class
+
+This is an abstract class that extends the service class and implements the `PluginContext` interface. You can use this class as the foundation for your custom plugin service:
+
+```java
+public class MyPluginService extends BasePluginService {
+ /**
+ * Override the getPluginName method to return our Plugin Name
+ */
+ @Override
+
+ public String getPluginName() {
+ return "MyPlugin";
+ }
+
+ /**
+ * Override the configure method to handle setup of our Service. Here
+ we'll use one of the getSetting helper methods to pull values from
+ our plugin settings
+ */
+ @Override
+
+ public void configure(SailPointContext context) throws GeneralException {
+ mySetting = getSettingString("mySetting");
+ }
+ /**
+ * Write our execute method to do some cool stuff
+ */
+ @Override
+
+ public void execute(SailPointContext context) throws GeneralException {
+ doSomethingCool();
+ }
+
+ /**
+ * Our super cool method.
+ *
+ * @param context The context.
+ * @throws GeneralException
+ */
+ public void doSomethingCool(SailPointContext context)
+ {
+ ......insert cool code here .....
+ }
+}
+```
+
+### Service Definition
+
+The Service Definition must specify a `pluginName` attribute. This tells IdentityIQ to use the plugin class loader for this executor. If the `pluginName` attribute isn't specified, the executor class won't be findable.
+
+```xml
+
+
+
+
+
+```
+
+## Implement a plugin task executor
+
+Similar to the implementation of the service plugin, there are two parts to a task executor implementation. The first part is the task executor task, which handles your task's business logic. The second is your `TaskDefinition` XML object, which gets loaded into IdentityIQ.
+
+### BasePluginTaskExecutor Class
+
+This is an abstract class that extends the `AbstractTaskExecutor` class and implements the `PluginContext` interface. You can use this class as the foundation for your custom plugin executor task:
+
+```java
+import sailpoint.task.BasePluginTaskExecutor;
+/**
+* Task executor implementation that does really cool tasks
+*
+*
+*/
+
+public class MyTaskExecutor extends BasePluginTaskExecutor {
+ /**
+ * Returns our plugin Name
+ */
+
+ @Override
+ public String getPluginName() {
+ return "MyPlugin";
+ }
+ /**
+ * Runs our super cool task stuff
+ */
+
+ @Override
+ public void execute(SailPointContext context, TaskSchedule schedule, TaskResult result, Attributes args) throws Exception {
+ /******* Task implementation goes here *****/
+ }
+ /**
+ * {@inheritDoc}
+ */
+
+ @Override
+ public boolean terminate() {
+ return true;
+ }
+
+}
+```
+
+### TaskDefinition
+
+In your `TaskDefintion`, you must include the `pluginName` attribute because this attribute tells IdentityIQ to to use the plugin class loader instead of the default class loader. If the `pluginName` attribute isn't specified, the executor class won't be findable.
+
+
+```xml
+
+
+
+
+
+```
+
+## Implement a policy executor
+
+Similar to the implementation of the service plugin and the task executor plugin, you must implement two parts: an executor class and a `Policy` Xml object. The `Policy` object must contain the `pluginName` attribute:
+
+### BasePluginPolicyExecutor
+
+```java
+/**
+
+* Policy executor implementation that checks to see if it's
+* Tuesday.
+*
+*
+*/
+
+public class MyPolicyExecutor extends BasePluginPolicyExecutor {
+ /**
+ * {@inheritDoc}
+ */
+
+ @Override
+ public String getPluginName() {
+ return "My Plugin";
+ }
+
+
+
+
+
+ /**
+ * {@inheritDoc}
+ **/
+ public List evaluate(SailPointContext context, Policy policy, Identity id) throws GeneralException {
+
+ List violations = new ArrayList<>();
+ if(today.equals("Tuesday"))
+ {
+ violations.add(createViolation(context, policy, id, numActive));
+ }
+ return violations;
+ }
+
+
+
+
+
+ /**
+ * Creates a policy violation for the identity.
+ *
+ * @param context The context.
+ * @param policy The policy.
+ * @param identity The identity.
+ * @param numActive The numer of active todos for the identity.
+ * @return The violation.
+ */
+
+ private PolicyViolation createViolation(SailPointContext context, Policy policy, Identity identity, int numActive) {
+
+ PolicyViolation violation = new PolicyViolation();
+ violation.setStatus(PolicyViolation.Status.Open);
+ violation.setIdentity(identity);
+ violation.setPolicy(policy);
+ violation.setAlertable(true);
+ violation.setOwner(policy.getViolationOwnerForIdentity(context, identity));
+ violation.setConstraintName("No one likes Tuesday's");
+ return formatViolation(context, identity, policy, null, violation);
+
+ }
+}
+```
+
+### Policy XML
+
+```xml
+
+
+
+
+
+```
\ No newline at end of file
diff --git a/products/iiq/docs/identity-iq/plugin-developer-guide/chapter-9/index.md b/products/iiq/docs/identity-iq/plugin-developer-guide/chapter-9/index.md
new file mode 100644
index 00000000000..89859443086
--- /dev/null
+++ b/products/iiq/docs/identity-iq/plugin-developer-guide/chapter-9/index.md
@@ -0,0 +1,32 @@
+---
+id: plugin-installation
+title: Installation
+pagination_label: Installation
+sidebar_label: Installation
+sidebar_position: 9
+sidebar_class_name: plugin_developer_guide_installation
+keywords: ['plugin']
+description: IdentityIQ Plugin Installation
+slug: /docs/plugin-developer-guide/installation
+tags: ['plugin','guide','identityiq']
+---
+
+# Plugin Installation
+
+Plugin installation is simple in IdentityIQ 7.1. Navigate to Settings -> Plugins, and then click the 'New' button.
+
+![New Plugin Button](../img/new_plugin.png)
+
+Doing so will create a view with a large element that allows for drag and drop installation. Drag your plugin's .zip archive to this element, and the plugin will install. If any errors occur during this process, check the 'SyslogEvent' table for more information.
+
+![Drag and Drop](../img/drag_and_drop.png)
+
+But wait, where do I get the .zip archive? If you have downloaded a published plugin from SailPoint, the .zip file should be included with the download. If you have developed the plugin yourself, the .zip file will be the result of executing the build process against your project. Using the build file outlined in this guide as an example, the .zip archive will be created in your project directory under 'build//dist' after executing the 'ant build' command.
+
+![Plugin Dist File](../img/plugin_dist.png)
+
+When a plugin is installed, the database scripts from the 'db/install' folder run, creating any necessary tables for the plugin, importing the XML configuration files into the IdentityIQ database from the 'import/install' folder, loading any compiled classes into the unique plugin classloader, and importing the manifest file - this process creates the plugin object.
+
+Uninstallation follows a similar path. You can launch uninstallation by clicking the small 'X' icon on the appropriate plugin card in the 'Settings->Plugin' interface. Database scripts responsible for cleaning up data run from the 'db/uninstall' folder, and the manifest file (the plugin object) is removed. Remember that the other XML objects created during installation are currently *not* uninstalled when a plugin is removed.
+
+![Uninstall a Plugin](../img/delete_plugin.png)
\ No newline at end of file
diff --git a/products/iiq/docs/identity-iq/plugin-developer-guide/img/database_scripts.png b/products/iiq/docs/identity-iq/plugin-developer-guide/img/database_scripts.png
new file mode 100644
index 00000000000..43ece9c8312
Binary files /dev/null and b/products/iiq/docs/identity-iq/plugin-developer-guide/img/database_scripts.png differ
diff --git a/products/iiq/docs/identity-iq/plugin-developer-guide/img/delete_plugin.png b/products/iiq/docs/identity-iq/plugin-developer-guide/img/delete_plugin.png
new file mode 100644
index 00000000000..42093faaa76
Binary files /dev/null and b/products/iiq/docs/identity-iq/plugin-developer-guide/img/delete_plugin.png differ
diff --git a/products/iiq/docs/identity-iq/plugin-developer-guide/img/drag_and_drop.png b/products/iiq/docs/identity-iq/plugin-developer-guide/img/drag_and_drop.png
new file mode 100644
index 00000000000..4307ae2846f
Binary files /dev/null and b/products/iiq/docs/identity-iq/plugin-developer-guide/img/drag_and_drop.png differ
diff --git a/products/iiq/docs/identity-iq/plugin-developer-guide/img/new_plugin.png b/products/iiq/docs/identity-iq/plugin-developer-guide/img/new_plugin.png
new file mode 100644
index 00000000000..c45b328f2f4
Binary files /dev/null and b/products/iiq/docs/identity-iq/plugin-developer-guide/img/new_plugin.png differ
diff --git a/products/iiq/docs/identity-iq/plugin-developer-guide/img/persisted_file.png b/products/iiq/docs/identity-iq/plugin-developer-guide/img/persisted_file.png
new file mode 100644
index 00000000000..8852a975e73
Binary files /dev/null and b/products/iiq/docs/identity-iq/plugin-developer-guide/img/persisted_file.png differ
diff --git a/products/iiq/docs/identity-iq/plugin-developer-guide/img/plugin_dist.png b/products/iiq/docs/identity-iq/plugin-developer-guide/img/plugin_dist.png
new file mode 100644
index 00000000000..3b2a17753db
Binary files /dev/null and b/products/iiq/docs/identity-iq/plugin-developer-guide/img/plugin_dist.png differ
diff --git a/products/iiq/docs/identity-iq/plugin-developer-guide/img/plugin_structure.png b/products/iiq/docs/identity-iq/plugin-developer-guide/img/plugin_structure.png
new file mode 100644
index 00000000000..0e41ac8f026
Binary files /dev/null and b/products/iiq/docs/identity-iq/plugin-developer-guide/img/plugin_structure.png differ
diff --git a/products/iiq/docs/identity-iq/plugin-developer-guide/img/snippet.png b/products/iiq/docs/identity-iq/plugin-developer-guide/img/snippet.png
new file mode 100644
index 00000000000..5ba352f19f3
Binary files /dev/null and b/products/iiq/docs/identity-iq/plugin-developer-guide/img/snippet.png differ
diff --git a/products/iiq/docs/identity-iq/plugin-developer-guide/index.md b/products/iiq/docs/identity-iq/plugin-developer-guide/index.md
new file mode 100644
index 00000000000..fc2a7e132ab
--- /dev/null
+++ b/products/iiq/docs/identity-iq/plugin-developer-guide/index.md
@@ -0,0 +1,20 @@
+---
+id: plugin-developer-guide
+title: Plugin Developer Guide
+pagination_label: Plugin Developer Guide
+sidebar_label: Plugin Developer Guide
+sidebar_position: 1
+sidebar_class_name: plugin_developer_guide
+keywords: ['plugin']
+description: Plugin Developer Guide in IdentityIQ
+slug: /docs/plugin-developer-guide
+tags: ['plugin','guide','identityiq']
+---
+
+Introduced with IdentityIQ 7.1, the plugin framework provides the infrastructure and tools to enable developers to extend the Open Identity Platform to meet a variety of specialized use cases that one might encounter in a non-standard deployment. The plugin framework allows developers to create packaged functionality that integrates with IdentityIQ, in a upgrade safe and isolated manner. It gives implementers a safe option for creating User Interface extensions, REST services, Custom SailPoint configuration objects, and more. This guide is designed to walk through the basics of plugin development and installation.
+
+The first iteration of the plugin framework was released as an add-on to IdentityIQ 7.0 - the development process for this legacy version is slightly different and is not the subject of this document. However, Appendix A will discuss the differences between versions, and the strategy for migrating a plugin developed for the 7.0 frameworks to the 7.1 framework.
+
+Developing a plugin requires a fairly robust knowledge of IdentityIQ and its object model, Java, JavaScript, css, and SQL. This document is designed to provide development guidance at the high level - what the components of a plugin are, which components are required, how those objects interact. Language specific tutorials are beyond its scope. Throughout this document, examples will be taken and discussed from the 'TodoPlugin' - located here: [To-do Plugin](https://community.sailpoint.com/t5/Plugin-Framework/TodoPlugin-V3-zip/ta-p/79764)
+
+This guide is intended to be a community driven effort - please feel free to update and or add chapters based on your use of the Plugin Framework.
diff --git a/products/iiq/sidebar.js b/products/iiq/sidebar.js
index a55c482d2a4..4d0d163a95b 100644
--- a/products/iiq/sidebar.js
+++ b/products/iiq/sidebar.js
@@ -14,6 +14,12 @@ const sidebars = {
items: require('./api/sidebar.js'),
},
],
+ idnDocs: [
+ {
+ type: 'autogenerated',
+ dirName: 'docs',
+ },
+ ]
};
module.exports = sidebars;
diff --git a/static/api-specs/idn/beta/paths/campaigns.yaml b/static/api-specs/idn/beta/paths/campaigns.yaml
index 78738611a6f..34698b7cbfe 100644
--- a/static/api-specs/idn/beta/paths/campaigns.yaml
+++ b/static/api-specs/idn/beta/paths/campaigns.yaml
@@ -57,7 +57,7 @@ get:
example: name
responses:
'200':
- description: A list of campaign objects.
+ description: A list of campaign objects. By default list of SLIM campaigns is returned.
content:
application/json:
schema:
diff --git a/static/api-specs/idn/beta/paths/mfa-kba-authenticate.yaml b/static/api-specs/idn/beta/paths/mfa-kba-authenticate.yaml
new file mode 100644
index 00000000000..2f83d59db03
--- /dev/null
+++ b/static/api-specs/idn/beta/paths/mfa-kba-authenticate.yaml
@@ -0,0 +1,59 @@
+post:
+ operationId: sendKbaAnswers
+ tags:
+ - MFA Controller
+ summary: Authenticate KBA provided MFA method
+ description: >-
+ This API Authenticate user in KBA MFA method.
+ security:
+ - UserContextAuth: [idn:mfa-kba:authenticate]
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ $ref: "../schemas/KbaAnswerRequest.yaml"
+ example:
+ {"answers": [
+ {
+ "questionId": "089899f13a8f4da7824996191587bab9",
+ "answer": "Your answer"
+ },
+ {
+ "questionId": "067899f13a8f4da7824996191587bab9",
+ "answer": "Your answer1"
+ }
+ ]
+ }
+
+ responses:
+ "200":
+ description: KBA authenticated status.
+ content:
+ application/json:
+ schema:
+ $ref: "../schemas/KbaAuthResponse.yaml"
+ example:
+ {
+ "kbaAuthResponseItem": [
+ {
+ "questionId": "089899f13a8f4da7824996191587bab9",
+ "IsVerified": false
+ },
+ {
+ "questionId": "089899f13a8f4da7824996191587bda8",
+ "IsVerified": true
+ }
+ ],
+ "status": "PENDING"
+ }
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
\ No newline at end of file
diff --git a/static/api-specs/idn/beta/paths/mfa-poll.yaml b/static/api-specs/idn/beta/paths/mfa-poll.yaml
new file mode 100644
index 00000000000..93455bc02e4
--- /dev/null
+++ b/static/api-specs/idn/beta/paths/mfa-poll.yaml
@@ -0,0 +1,54 @@
+post:
+ operationId: pingVerificationStatus
+ tags:
+ - MFA Controller
+ summary: Polling MFA method by VerificationPollRequest
+ description: >-
+ This API poll the VerificationPollRequest for the specified MFA method.
+ A token with ORG_ADMIN authority is required to call this API.
+ security:
+ - UserContextAuth: [idn:mfa:poll]
+ parameters:
+ - in: path
+ name: method
+ schema:
+ type: string
+ example: okta-verify
+ required: true
+ description: >-
+ The name of the MFA method.
+ The currently supported method names are 'okta-verify', 'duo-web', 'kba','token', 'rsa'
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ $ref: "../schemas/VerificationPollRequest.yaml"
+ example:
+ {
+ "requestId": "089899f13a8f4da7824996191587bab9"
+ }
+
+ responses:
+ "200":
+ description: MFA VerificationPollRequest status an MFA method.
+ content:
+ application/json:
+ schema:
+ $ref: "../schemas/VerificationResponse.yaml"
+ example:
+ {
+ "requestId": "089899f13a8f4da7824996191587bab9",
+ "status": "PENDING",
+ "error" : ""
+ }
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
\ No newline at end of file
diff --git a/static/api-specs/idn/beta/paths/mfa-token-authenticate.yaml b/static/api-specs/idn/beta/paths/mfa-token-authenticate.yaml
new file mode 100644
index 00000000000..e75921e56a7
--- /dev/null
+++ b/static/api-specs/idn/beta/paths/mfa-token-authenticate.yaml
@@ -0,0 +1,43 @@
+post:
+ operationId: sendTokenAuthRequest
+ tags:
+ - MFA Controller
+ summary: Authenticate Token provided MFA method
+ description: >-
+ This API Authenticate user in Token MFA method.
+ security:
+ - UserContextAuth: [idn:mfa:verify]
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ $ref: "../schemas/TokenAuthRequest.yaml"
+ example:
+ {
+ "token": "12345",
+ "userAlias": "will.albin",
+ "deliveryType": "EMAIL_WORK"
+ }
+
+ responses:
+ "200":
+ description: Token authenticated status.
+ content:
+ application/json:
+ schema:
+ $ref: "../schemas/TokenAuthResponse.yaml"
+ example:
+ {
+ "status": "PENDING"
+ }
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
\ No newline at end of file
diff --git a/static/api-specs/idn/beta/paths/mfa-token-send.yaml b/static/api-specs/idn/beta/paths/mfa-token-send.yaml
new file mode 100644
index 00000000000..b9897212024
--- /dev/null
+++ b/static/api-specs/idn/beta/paths/mfa-token-send.yaml
@@ -0,0 +1,44 @@
+post:
+ operationId: createSendToken
+ tags:
+ - MFA Controller
+ summary: Create and send user token
+ description:
+ This API send token request.
+ security:
+ - UserContextAuth: [idn:mfa:send]
+ requestBody:
+ required: true
+ content:
+ application/json:
+ schema:
+ $ref: "../schemas/SendTokenRequest.yaml"
+ example:
+ {
+ "userAlias": "will.albin",
+ "deliveryType": "EMAIL_WORK"
+ }
+
+ responses:
+ "200":
+ description: Token send status.
+ content:
+ application/json:
+ schema:
+ $ref: "../schemas/SendTokenResponse.yaml"
+ example:
+ {
+ "requestId": "089899f13a8f4da7824996191587bab9",
+ "status": "SUCCESS",
+ "errorMessage": ""
+ }
+ "400":
+ $ref: "../../v3/responses/400.yaml"
+ "401":
+ $ref: "../../v3/responses/401.yaml"
+ "403":
+ $ref: "../../v3/responses/403.yaml"
+ "429":
+ $ref: "../../v3/responses/429.yaml"
+ "500":
+ $ref: "../../v3/responses/500.yaml"
\ No newline at end of file
diff --git a/static/api-specs/idn/beta/schemas/Campaign.yaml b/static/api-specs/idn/beta/schemas/Campaign.yaml
index b9b5f47ec2c..550b2704c52 100644
--- a/static/api-specs/idn/beta/schemas/Campaign.yaml
+++ b/static/api-specs/idn/beta/schemas/Campaign.yaml
@@ -4,12 +4,6 @@ allOf:
- $ref: 'SlimCampaign.yaml'
- type: object
properties:
- created:
- type: string
- readOnly: true
- format: date-time
- description: Created time of the campaign
- example: '2020-03-03T22:15:13.611Z'
modified:
type: string
readOnly: true
@@ -194,22 +188,6 @@ allOf:
example: Role Composition Description
required:
- remediatorRef
- alerts:
- type: array
- description: A list of errors and warnings that have accumulated.
- readOnly: true
- items:
- $ref: './CampaignAlert.yaml'
- totalCertifications:
- type: integer
- description: The total number of certifications in this campaign.
- readOnly: true
- example: 100
- completedCertifications:
- type: integer
- description: The number of completed certifications in this campaign.
- readOnly: true
- example: 10
sourcesWithOrphanEntitlements:
type: array
description: >-
@@ -243,4 +221,4 @@ allOf:
- "ALL_DECISIONS"
- "REVOKE_ONLY_DECISIONS"
- "NO_DECISIONS"
- example: NO_DECISIONS
\ No newline at end of file
+ example: NO_DECISIONS
diff --git a/static/api-specs/idn/beta/schemas/KbaAnswerRequest.yaml b/static/api-specs/idn/beta/schemas/KbaAnswerRequest.yaml
new file mode 100644
index 00000000000..38d02f15c6a
--- /dev/null
+++ b/static/api-specs/idn/beta/schemas/KbaAnswerRequest.yaml
@@ -0,0 +1,18 @@
+type: object
+properties:
+ answers:
+ nullable: false
+ type: array
+ items:
+ $ref: "../schemas/KbaAnswerRequestItem.yaml"
+
+ description: Kba answers
+ example:
+ - questionId: 089899f13a8f4da7824996191587bab9
+ answer: Your answer
+ - questionId: 067899f13a8f4da7824996191587bab9
+ answer: Your answer1
+required:
+ - answers
+
+
diff --git a/static/api-specs/idn/beta/schemas/KbaAnswerRequestItem.yaml b/static/api-specs/idn/beta/schemas/KbaAnswerRequestItem.yaml
new file mode 100644
index 00000000000..37d6b9808f3
--- /dev/null
+++ b/static/api-specs/idn/beta/schemas/KbaAnswerRequestItem.yaml
@@ -0,0 +1,15 @@
+type: object
+properties:
+ questionId:
+ type: string
+ nullable: false
+ description: Question Id
+ example: 089899f13a8f4da7824996191587bab9
+ answer:
+ type: string
+ nullable: false
+ description: An answer for the KBA question
+ example: Your answer
+required:
+ - questionId
+ - answer
\ No newline at end of file
diff --git a/static/api-specs/idn/beta/schemas/KbaAuthResponse.yaml b/static/api-specs/idn/beta/schemas/KbaAuthResponse.yaml
new file mode 100644
index 00000000000..95ac3322969
--- /dev/null
+++ b/static/api-specs/idn/beta/schemas/KbaAuthResponse.yaml
@@ -0,0 +1,19 @@
+type: object
+properties:
+ kbaAuthResponseItems:
+ type: array
+ example:
+ - questionId: 089899f13a8f4da7824996191587bab9
+ isVerified: false
+ items:
+ $ref: '../schemas/KbaAuthResponseItem.yaml'
+ status:
+ type: string
+ enum:
+ - PENDING
+ - SUCCESS
+ - FAILED
+ - LOCKOUT
+ - NOT_ENOUGH_DATA
+ description: MFA Authentication status
+ example: PENDING
\ No newline at end of file
diff --git a/static/api-specs/idn/beta/schemas/KbaAuthResponseItem.yaml b/static/api-specs/idn/beta/schemas/KbaAuthResponseItem.yaml
new file mode 100644
index 00000000000..5090787d290
--- /dev/null
+++ b/static/api-specs/idn/beta/schemas/KbaAuthResponseItem.yaml
@@ -0,0 +1,13 @@
+type: object
+properties:
+ questionId:
+ type: string
+ nullable: true
+ description: The KBA question id
+ example: 089899f13a8f4da7824996191587bab9
+ isVerified:
+ type: boolean
+ nullable: true
+ default: null
+ description: Return true if verified
+ example: true
\ No newline at end of file
diff --git a/static/api-specs/idn/beta/schemas/SendTokenRequest.yaml b/static/api-specs/idn/beta/schemas/SendTokenRequest.yaml
new file mode 100644
index 00000000000..f2c2a832893
--- /dev/null
+++ b/static/api-specs/idn/beta/schemas/SendTokenRequest.yaml
@@ -0,0 +1,24 @@
+type: object
+properties:
+ userAlias:
+ nullable: false
+ type: string
+ description: User alias from table spt_identity field named 'name'
+ example: will.albin
+ deliveryType:
+ nullable: false
+ type: string
+ enum:
+ - SMS_PERSONAL #("sms", "phone")
+ - VOICE_PERSONAL #("voice", "phone")
+ - SMS_WORK #("sms", "work")
+ - VOICE_WORK #("voice","work")
+ - EMAIL_WORK #("email"L, "email")
+ - EMAIL_PERSONAL #("email", "personalEmail")
+ description: Token delivery type
+ example: "EMAIL_WORK"
+required:
+ - userAlias
+ - deliveryType
+
+
diff --git a/static/api-specs/idn/beta/schemas/SendTokenResponse.yaml b/static/api-specs/idn/beta/schemas/SendTokenResponse.yaml
new file mode 100644
index 00000000000..c1fc36696f6
--- /dev/null
+++ b/static/api-specs/idn/beta/schemas/SendTokenResponse.yaml
@@ -0,0 +1,19 @@
+type: object
+properties:
+ requestId:
+ type: string
+ nullable: true
+ description: The token request ID
+ example: 089899f13a8f4da7824996191587bab9
+ status:
+ type: string
+ enum:
+ - SUCCESS
+ - FAILED
+ description: Status of sending token
+ example: SUCCESS
+ errorMessage:
+ type: string
+ nullable: true
+ description: Error messages from token send request
+ example: Unable to sent text message
\ No newline at end of file
diff --git a/static/api-specs/idn/beta/schemas/SlimCampaign.yaml b/static/api-specs/idn/beta/schemas/SlimCampaign.yaml
index 0089e3ff7ae..d97a0fe4057 100644
--- a/static/api-specs/idn/beta/schemas/SlimCampaign.yaml
+++ b/static/api-specs/idn/beta/schemas/SlimCampaign.yaml
@@ -77,4 +77,28 @@ properties:
enum:
- CORRELATED
- UNCORRELATED
- example: CORRELATED
\ No newline at end of file
+ example: CORRELATED
+ created:
+ type: string
+ readOnly: true
+ format: date-time
+ description: Created time of the campaign
+ example: '2020-03-03T22:15:13.611Z'
+ totalCertifications:
+ type: integer
+ format: int32
+ description: The total number of certifications in this campaign.
+ readOnly: true
+ example: 100
+ completedCertifications:
+ type: integer
+ format: int32
+ description: The number of completed certifications in this campaign.
+ readOnly: true
+ example: 10
+ alerts:
+ type: array
+ description: A list of errors and warnings that have accumulated.
+ readOnly: true
+ items:
+ $ref: './CampaignAlert.yaml'
diff --git a/static/api-specs/idn/beta/schemas/TokenAuthRequest.yaml b/static/api-specs/idn/beta/schemas/TokenAuthRequest.yaml
new file mode 100644
index 00000000000..ed384cb0d9c
--- /dev/null
+++ b/static/api-specs/idn/beta/schemas/TokenAuthRequest.yaml
@@ -0,0 +1,28 @@
+type: object
+properties:
+ token:
+ nullable: false
+ type: string
+ description: Token value
+ example: "12345"
+ userAlias:
+ nullable: false
+ type: string
+ description: User alias from table spt_identity field named 'name'
+ example: "will.albin"
+ deliveryType:
+ nullable: false
+ type: string
+ enum:
+ - SMS_PERSONAL #("sms", "phone")
+ - VOICE_PERSONAL #("voice", "phone")
+ - SMS_WORK #("sms", "work")
+ - VOICE_WORK #("voice","work")
+ - EMAIL_WORK #("email"L, "email")
+ - EMAIL_PERSONAL #("email", "personalEmail")
+ description: Token delivery type
+ example: "EMAIL_WORK"
+required:
+ - token
+ - userAlias
+ - deliveryType
\ No newline at end of file
diff --git a/static/api-specs/idn/beta/schemas/TokenAuthResponse.yaml b/static/api-specs/idn/beta/schemas/TokenAuthResponse.yaml
new file mode 100644
index 00000000000..7e63f6d8dd0
--- /dev/null
+++ b/static/api-specs/idn/beta/schemas/TokenAuthResponse.yaml
@@ -0,0 +1,12 @@
+type: object
+properties:
+ status:
+ type: string
+ enum:
+ - PENDING
+ - SUCCESS
+ - FAILED
+ - LOCKOUT
+ - NOT_ENOUGH_DATA
+ description: MFA Authentication status
+ example: PENDING
\ No newline at end of file
diff --git a/static/api-specs/idn/beta/schemas/VerificationPollRequest.yaml b/static/api-specs/idn/beta/schemas/VerificationPollRequest.yaml
new file mode 100644
index 00000000000..0c6c4a15b8f
--- /dev/null
+++ b/static/api-specs/idn/beta/schemas/VerificationPollRequest.yaml
@@ -0,0 +1,9 @@
+type: object
+properties:
+ requestId:
+ type: string
+ nullable: false
+ description: Verification request Id
+ example: 089899f13a8f4da7824996191587bab9
+required:
+ - requestId
diff --git a/static/api-specs/idn/beta/schemas/VerificationResponse.yaml b/static/api-specs/idn/beta/schemas/VerificationResponse.yaml
new file mode 100644
index 00000000000..d5045a4c5ef
--- /dev/null
+++ b/static/api-specs/idn/beta/schemas/VerificationResponse.yaml
@@ -0,0 +1,22 @@
+type: object
+properties:
+ requestId:
+ type: string
+ nullable: true
+ description: The verificationPollRequest request ID
+ example: 089899f13a8f4da7824996191587bab9
+ status:
+ type: string
+ enum:
+ - PENDING
+ - SUCCESS
+ - FAILED
+ - LOCKOUT
+ - NOT_ENOUGH_DATA
+ description: MFA Authentication status
+ example: SUCCESS
+ error:
+ type: string
+ nullable: true
+ description: Error messages from MFA verification request
+ example: Unable to connect DUO Service during verification
\ No newline at end of file
diff --git a/static/api-specs/idn/beta/schemas/campaign/examples/FullCampaigns.yaml b/static/api-specs/idn/beta/schemas/campaign/examples/FullCampaigns.yaml
index 6732259e7dc..cd26ad01d08 100644
--- a/static/api-specs/idn/beta/schemas/campaign/examples/FullCampaigns.yaml
+++ b/static/api-specs/idn/beta/schemas/campaign/examples/FullCampaigns.yaml
@@ -9,7 +9,6 @@ value:
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
- created: 2022-08-02T20:29:51.065Z
modified: 2022-08-02T20:29:51.331Z
filter:
type: CAMPAIGN_FILTER
@@ -29,14 +28,6 @@ value:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
- alerts:
- - level: ERROR
- localizations:
- - locale: en
- localeOrigin: DEFAULT
- text: Composite criterion must have children non-composite criterion must not.
- totalCertifications: 0
- completedCertifications: 0
sourcesWithOrphanEntitlements: null
mandatoryCommentRequirement: NO_DECISIONS
- id: 1be8fc1103914bf0a4e14e316b6a7b7c
@@ -48,7 +39,6 @@ value:
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
- created: 2022-08-02T19:00:27.731Z
modified: 2022-08-02T19:00:34.391Z
filter:
type: CAMPAIGN_FILTER
@@ -58,9 +48,6 @@ value:
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
- alerts: null
- totalCertifications: 5
- completedCertifications: 0
sourcesWithOrphanEntitlements: []
mandatoryCommentRequirement: NO_DECISIONS
- id: 7e1a731e3fb845cfbe58112ba4673ee4
@@ -72,7 +59,6 @@ value:
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
- created: 2022-07-25T15:42:18.276Z
modified: 2022-07-25T15:42:53.718Z
filter:
type: CAMPAIGN_FILTER
@@ -91,9 +77,6 @@ value:
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
- alerts: null
- totalCertifications: 6
- completedCertifications: 0
sourcesWithOrphanEntitlements: []
mandatoryCommentRequirement: NO_DECISIONS
- id: ad3cf3dd50394b1bad646de4bc51b999
@@ -105,7 +88,6 @@ value:
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
- created: 2022-07-27T17:04:19.027Z
modified: 2022-07-27T17:09:13.925Z
filter:
type: CAMPAIGN_FILTER
@@ -117,9 +99,6 @@ value:
- 2c91808781fd5aea01821200dc88318e
searchCampaignInfo: null
roleCompositionCampaignInfo: null
- alerts: null
- totalCertifications: 2
- completedCertifications: 0
sourcesWithOrphanEntitlements: []
correlatedStatus: CORRELATED
- mandatoryCommentRequirement: NO_DECISIONS
\ No newline at end of file
+ mandatoryCommentRequirement: NO_DECISIONS
diff --git a/static/api-specs/idn/beta/schemas/campaign/examples/SlimCampaigns.yaml b/static/api-specs/idn/beta/schemas/campaign/examples/SlimCampaigns.yaml
index 4449c162722..cf84e2a1e19 100644
--- a/static/api-specs/idn/beta/schemas/campaign/examples/SlimCampaigns.yaml
+++ b/static/api-specs/idn/beta/schemas/campaign/examples/SlimCampaigns.yaml
@@ -9,6 +9,15 @@ value:
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
+ created: 2022-08-02T20:29:51.065Z
+ totalCertifications: 10
+ completedCertifications: 3
+ alerts:
+ - level: ERROR
+ localizations:
+ - locale: en
+ localeOrigin: DEFAULT
+ text: Composite criterion must have children non-composite criterion must not.
- id: 7e1a731e3fb845cfbe58112ba4673ee4
name: Search Campaign
description: Search Campaign Info
@@ -18,6 +27,10 @@ value:
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
+ created: 2022-08-02T19:00:27.731Z
+ totalCertifications: 5
+ completedCertifications: 3
+ alerts: null
- id: 2c918086719eec070171a7e3355a412b
name: AD Source Review
description: A review of our AD source.
@@ -27,6 +40,15 @@ value:
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
+ created: 2022-07-25T15:42:18.276Z
+ totalCertifications: 7
+ completedCertifications: 3
+ alerts:
+ - level: WARN
+ localizations:
+ - locale: en
+ localeOrigin: DEFAULT
+ text: Composite criterion is in wrong format.
correlatedStatus: CORRELATED
- id: 3b2e2e5821e84127b6d693d41c40623b
name: Role Composition Campaign
@@ -36,4 +58,8 @@ value:
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
- recommendationsEnabled: false
\ No newline at end of file
+ recommendationsEnabled: false
+ created: 2022-07-27T17:04:19.027Z
+ totalCertifications: 1
+ completedCertifications: 1
+ alerts: null
diff --git a/static/api-specs/idn/sailpoint-api.beta.yaml b/static/api-specs/idn/sailpoint-api.beta.yaml
index 8854474613a..303344dd59c 100644
--- a/static/api-specs/idn/sailpoint-api.beta.yaml
+++ b/static/api-specs/idn/sailpoint-api.beta.yaml
@@ -439,6 +439,8 @@ tags:
description: Operations for accessing and managing client Clusters, including Log Configuration
- name: MFA Configuration
description: Configure and test multifactor authentication (MFA) methods
+ - name: MFA Controller
+ description: This API used for multifactor authentication functionality belong to gov-multi-auth service. This controller allow you to verify authentication by specified method
- name: Non-Employee Lifecycle Management
description: |
Use this API to implement non-employee lifecycle management functionality.
@@ -1254,6 +1256,14 @@ paths:
$ref: './beta/paths/mfa-config-test.yaml'
/mfa/{method}/delete:
$ref: './beta/paths/mfa-config-delete.yaml'
+ /mfa/{method}/poll:
+ $ref: './beta/paths/mfa-poll.yaml'
+ /mfa/kba/authenticate:
+ $ref: './beta/paths/mfa-kba-authenticate.yaml'
+ /mfa/token/authenticate:
+ $ref: './beta/paths/mfa-token-authenticate.yaml'
+ /mfa/token/send:
+ $ref: './beta/paths/mfa-token-send.yaml'
/notification-template-defaults:
$ref: './beta/paths/notification-template-defaults.yaml'
/notification-templates:
diff --git a/static/api-specs/idn/v3/paths/campaigns.yaml b/static/api-specs/idn/v3/paths/campaigns.yaml
index 974c365fa3e..5f7c62debe5 100644
--- a/static/api-specs/idn/v3/paths/campaigns.yaml
+++ b/static/api-specs/idn/v3/paths/campaigns.yaml
@@ -56,7 +56,7 @@ get:
example: name
responses:
'200':
- description: A list of campaign objects.
+ description: A list of campaign objects. By default list of SLIM campaigns is returned.
content:
application/json:
schema:
diff --git a/static/api-specs/idn/v3/schemas/Campaign.yaml b/static/api-specs/idn/v3/schemas/Campaign.yaml
index 5d6bba7ef41..550b2704c52 100644
--- a/static/api-specs/idn/v3/schemas/Campaign.yaml
+++ b/static/api-specs/idn/v3/schemas/Campaign.yaml
@@ -4,12 +4,6 @@ allOf:
- $ref: 'SlimCampaign.yaml'
- type: object
properties:
- created:
- type: string
- readOnly: true
- format: date-time
- description: Created time of the campaign
- example: '2020-03-03T22:15:13.611Z'
modified:
type: string
readOnly: true
@@ -194,22 +188,6 @@ allOf:
example: Role Composition Description
required:
- remediatorRef
- alerts:
- type: array
- description: A list of errors and warnings that have accumulated.
- readOnly: true
- items:
- $ref: './CampaignAlert.yaml'
- totalCertifications:
- type: integer
- description: The total number of certifications in this campaign.
- readOnly: true
- example: 100
- completedCertifications:
- type: integer
- description: The number of completed certifications in this campaign.
- readOnly: true
- example: 10
sourcesWithOrphanEntitlements:
type: array
description: >-
diff --git a/static/api-specs/idn/v3/schemas/SlimCampaign.yaml b/static/api-specs/idn/v3/schemas/SlimCampaign.yaml
index 0089e3ff7ae..d97a0fe4057 100644
--- a/static/api-specs/idn/v3/schemas/SlimCampaign.yaml
+++ b/static/api-specs/idn/v3/schemas/SlimCampaign.yaml
@@ -77,4 +77,28 @@ properties:
enum:
- CORRELATED
- UNCORRELATED
- example: CORRELATED
\ No newline at end of file
+ example: CORRELATED
+ created:
+ type: string
+ readOnly: true
+ format: date-time
+ description: Created time of the campaign
+ example: '2020-03-03T22:15:13.611Z'
+ totalCertifications:
+ type: integer
+ format: int32
+ description: The total number of certifications in this campaign.
+ readOnly: true
+ example: 100
+ completedCertifications:
+ type: integer
+ format: int32
+ description: The number of completed certifications in this campaign.
+ readOnly: true
+ example: 10
+ alerts:
+ type: array
+ description: A list of errors and warnings that have accumulated.
+ readOnly: true
+ items:
+ $ref: './CampaignAlert.yaml'
diff --git a/static/api-specs/idn/v3/schemas/campaign/examples/FullCampaigns.yaml b/static/api-specs/idn/v3/schemas/campaign/examples/FullCampaigns.yaml
index 6732259e7dc..cd26ad01d08 100644
--- a/static/api-specs/idn/v3/schemas/campaign/examples/FullCampaigns.yaml
+++ b/static/api-specs/idn/v3/schemas/campaign/examples/FullCampaigns.yaml
@@ -9,7 +9,6 @@ value:
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
- created: 2022-08-02T20:29:51.065Z
modified: 2022-08-02T20:29:51.331Z
filter:
type: CAMPAIGN_FILTER
@@ -29,14 +28,6 @@ value:
- b15d609fc5c8434b865fe552315fda8f
query: null
description: null
- alerts:
- - level: ERROR
- localizations:
- - locale: en
- localeOrigin: DEFAULT
- text: Composite criterion must have children non-composite criterion must not.
- totalCertifications: 0
- completedCertifications: 0
sourcesWithOrphanEntitlements: null
mandatoryCommentRequirement: NO_DECISIONS
- id: 1be8fc1103914bf0a4e14e316b6a7b7c
@@ -48,7 +39,6 @@ value:
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
- created: 2022-08-02T19:00:27.731Z
modified: 2022-08-02T19:00:34.391Z
filter:
type: CAMPAIGN_FILTER
@@ -58,9 +48,6 @@ value:
sourceOwnerCampaignInfo: null
searchCampaignInfo: null
roleCompositionCampaignInfo: null
- alerts: null
- totalCertifications: 5
- completedCertifications: 0
sourcesWithOrphanEntitlements: []
mandatoryCommentRequirement: NO_DECISIONS
- id: 7e1a731e3fb845cfbe58112ba4673ee4
@@ -72,7 +59,6 @@ value:
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
- created: 2022-07-25T15:42:18.276Z
modified: 2022-07-25T15:42:53.718Z
filter:
type: CAMPAIGN_FILTER
@@ -91,9 +77,6 @@ value:
identityIds: null
accessConstraints: []
roleCompositionCampaignInfo: null
- alerts: null
- totalCertifications: 6
- completedCertifications: 0
sourcesWithOrphanEntitlements: []
mandatoryCommentRequirement: NO_DECISIONS
- id: ad3cf3dd50394b1bad646de4bc51b999
@@ -105,7 +88,6 @@ value:
emailNotificationEnabled: true
autoRevokeAllowed: false
recommendationsEnabled: false
- created: 2022-07-27T17:04:19.027Z
modified: 2022-07-27T17:09:13.925Z
filter:
type: CAMPAIGN_FILTER
@@ -117,9 +99,6 @@ value:
- 2c91808781fd5aea01821200dc88318e
searchCampaignInfo: null
roleCompositionCampaignInfo: null
- alerts: null
- totalCertifications: 2
- completedCertifications: 0
sourcesWithOrphanEntitlements: []
correlatedStatus: CORRELATED
- mandatoryCommentRequirement: NO_DECISIONS
\ No newline at end of file
+ mandatoryCommentRequirement: NO_DECISIONS
diff --git a/static/api-specs/idn/v3/schemas/campaign/examples/SlimCampaigns.yaml b/static/api-specs/idn/v3/schemas/campaign/examples/SlimCampaigns.yaml
index 4449c162722..3ff178465af 100644
--- a/static/api-specs/idn/v3/schemas/campaign/examples/SlimCampaigns.yaml
+++ b/static/api-specs/idn/v3/schemas/campaign/examples/SlimCampaigns.yaml
@@ -9,6 +9,15 @@ value:
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
+ created: 2022-08-02T19:00:27.731Z
+ totalCertifications: 10
+ completedCertifications: 3
+ alerts:
+ - level: ERROR
+ localizations:
+ - locale: en
+ localeOrigin: DEFAULT
+ text: Composite criterion must have children non-composite criterion must not.
- id: 7e1a731e3fb845cfbe58112ba4673ee4
name: Search Campaign
description: Search Campaign Info
@@ -18,6 +27,10 @@ value:
emailNotificationEnabled: false
autoRevokeAllowed: false
recommendationsEnabled: false
+ created: 2022-07-25T15:42:18.276Z
+ totalCertifications: 5
+ completedCertifications: 3
+ alerts: null
- id: 2c918086719eec070171a7e3355a412b
name: AD Source Review
description: A review of our AD source.
@@ -28,6 +41,15 @@ value:
autoRevokeAllowed: false
recommendationsEnabled: false
correlatedStatus: CORRELATED
+ created: 2022-07-27T17:04:19.027Z
+ totalCertifications: 7
+ completedCertifications: 3
+ alerts:
+ - level: WARN
+ localizations:
+ - locale: en
+ localeOrigin: DEFAULT
+ text: Composite criterion is in wrong format.
- id: 3b2e2e5821e84127b6d693d41c40623b
name: Role Composition Campaign
description: A review done by a role owner.
@@ -36,4 +58,8 @@ value:
status: ACTIVE
emailNotificationEnabled: false
autoRevokeAllowed: false
- recommendationsEnabled: false
\ No newline at end of file
+ recommendationsEnabled: false
+ created: 2022-08-02T20:29:51.065Z
+ totalCertifications: 1
+ completedCertifications: 1
+ alerts: null