Add schemas for access request and public identities config

yannick-beot-sp · Feb 27, 2024 · eb75a5b · eb75a5b
1 parent 2057d42
commit eb75a5b
Show file tree

Hide file tree

Showing 3 changed files with 234 additions and 0 deletions.
diff --git a/package.json b/package.json
@@ -1120,6 +1120,14 @@
       {
         "fileMatch": "idn://**/form-definitions/**/*",
         "url": "./schemas/form-definition.schemas.json"
+      },
+      {
+        "fileMatch": "idn://**/public-identities-config/**/*",
+        "url": "./schemas/public-identities-config.schemas.json"
+      },
+      {
+        "fileMatch": "idn://**/access-request-config/**/*",
+        "url": "./schemas/access-request-config.schemas.json"
       }
     ],
     "configuration": {

diff --git a/schemas/access-request-config.schemas.json b/schemas/access-request-config.schemas.json
@@ -0,0 +1,123 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema",
+  "$id": "https://developer.sailpoint.com/schemas/access-request-config.json",
+  "title": "Access Request Configuration",
+  "description": "Access Request Configuration Details.",
+  "type": "object",
+  "additionalProperties": false,
+  "properties": {
+    "approvalsMustBeExternal": {
+      "type": "boolean",
+      "description": "If true, then approvals must be processed by external system.",
+      "example": true
+    },
+    "autoApprovalEnabled": {
+      "type": "boolean",
+      "description": "If true and requester and reviewer are the same, then automatically approve the approval.",
+      "example": true
+    },
+    "requestOnBehalfOfConfig": {
+      "description": "Request On Behalf Of Configuration.",
+      "type": "object",
+      "properties": {
+        "allowRequestOnBehalfOfAnyoneByAnyone": {
+          "type": "boolean",
+          "description": "If anyone can request access for anyone.",
+          "example": true
+        },
+        "allowRequestOnBehalfOfEmployeeByManager": {
+          "type": "boolean",
+          "description": "If a manager can request access for his/her direct reports.",
+          "example": true
+        }
+      }
+    },
+    "approvalReminderAndEscalationConfig": {
+      "description": "Approval Reminder and Escalation Configuration.",
+      "type": "object",
+      "properties": {
+        "daysUntilEscalation": {
+          "type": "integer",
+          "description": "Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.",
+          "format": "int32",
+          "example": 0,
+          "nullable": true
+        },
+        "daysBetweenReminders": {
+          "type": "integer",
+          "description": "Number of days to wait between reminder notifications.",
+          "format": "int32",
+          "example": 0,
+          "nullable": true
+        },
+        "maxReminders": {
+          "type": "integer",
+          "description": "Maximum number of reminder notification to send to the reviewer before approval escalation.",
+          "format": "int32",
+          "minimum": 1,
+          "example": 1,
+          "nullable": true
+        },
+        "fallbackApproverRef": {
+          "type": "object",
+          "nullable": true,
+          "properties": {
+            "type": {
+              "type": "string",
+              "description": "The type can only be IDENTITY. This is read-only",
+              "example": "IDENTITY",
+              "enum": [
+                "IDENTITY"
+              ]
+            },
+            "id": {
+              "type": "string",
+              "description": "Identity id.",
+              "example": "5168015d32f890ca15812c9180835d2e"
+            },
+            "name": {
+              "type": "string",
+              "description": "Human-readable display name of identity. This is read-only",
+              "example": "Alison Ferguso"
+            },
+            "email": {
+              "type": "string",
+              "description": "Email address of identity. This is read-only",
+              "example": "[email protected]"
+            }
+          }
+        }
+      }
+    },
+    "entitlementRequestConfig": {
+      "description": "Entitlement Request Configuration.",
+      "type": "object",
+      "properties": {
+        "allowEntitlementRequest": {
+          "type": "boolean",
+          "description": "Flag for allowing entitlement request.",
+          "example": true
+        },
+        "requestCommentsRequired": {
+          "type": "boolean",
+          "description": "Flag for requiring comments while submitting an entitlement request.",
+          "default": false,
+          "example": false
+        },
+        "deniedCommentsRequired": {
+          "type": "boolean",
+          "description": "Flag for requiring comments while rejecting an entitlement request.",
+          "default": false,
+          "example": false
+        },
+        "grantRequestApprovalSchemes": {
+          "type": "string",
+          "description": "Approval schemes for granting entitlement request. This can be empty if no approval is needed.\nMultiple schemes must be comma-separated. The valid schemes are \"entitlementOwner\", \"sourceOwner\", \"manager\" and \"workgroup:{id}\".\nMultiple workgroups (governance groups) can be used.\n",
+          "default": "sourceOwner",
+          "nullable": true,
+          "example": "entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584"
+        }
+      }
+    }
+  }
+}
diff --git a/schemas/public-identities-config.schemas.json b/schemas/public-identities-config.schemas.json
@@ -0,0 +1,103 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema",
+  "$id": "https://developer.sailpoint.com/schemas/public-identities-config.json",
+  "title": "Public Identities Config",
+  "description": "Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org.",
+  "type": "object",
+  "additionalProperties": false,
+  "properties": {
+    "attributes": {
+      "type": "array",
+      "description": "Up to 5 identity attributes that will be available to everyone in the org for all users in the org.",
+      "items": {
+        "type": "object",
+        "description": "Used to map an attribute key for an Identity to its display name.",
+        "properties": {
+          "key": {
+            "type": "string",
+            "description": "The attribute key",
+            "example": "country"
+          },
+          "name": {
+            "type": "string",
+            "description": "The attribute display name",
+            "example": "Country"
+          }
+        },
+        "required": [
+          "key",
+          "name"
+        ],
+        "defaultSnippets": [
+          {
+            "label": "New identity attribute",
+            "description": "Create a new identity attribute",
+            "body": {
+              "key": "${1:attribute}",
+              "name": "${2:display name}"
+            }
+          }
+        ]
+      }
+    },
+    "modified": {
+      "nullable": true,
+      "type": "string",
+      "description": "When this configuration was last modified.",
+      "format": "date-time",
+      "example": "2018-06-25T20:22:28.104Z"
+    },
+    "modifiedBy": {
+      "description": "The identity who last modified this configuration.",
+      "type": "object",
+      "nullable": true,
+      "properties": {
+        "type": {
+          "example": "IDENTITY",
+          "type": "string",
+          "enum": [
+            "ACCOUNT_CORRELATION_CONFIG",
+            "ACCESS_PROFILE",
+            "ACCESS_REQUEST_APPROVAL",
+            "ACCOUNT",
+            "APPLICATION",
+            "CAMPAIGN",
+            "CAMPAIGN_FILTER",
+            "CERTIFICATION",
+            "CLUSTER",
+            "CONNECTOR_SCHEMA",
+            "ENTITLEMENT",
+            "GOVERNANCE_GROUP",
+            "IDENTITY",
+            "IDENTITY_PROFILE",
+            "IDENTITY_REQUEST",
+            "LIFECYCLE_STATE",
+            "PASSWORD_POLICY",
+            "ROLE",
+            "RULE",
+            "SOD_POLICY",
+            "SOURCE",
+            "TAG",
+            "TAG_CATEGORY",
+            "TASK_RESULT",
+            "REPORT_RESULT",
+            "SOD_VIOLATION",
+            "ACCOUNT_ACTIVITY",
+            "WORKGROUP"
+          ],
+          "description": "An enumeration of the types of DTOs supported within the IdentityNow infrastructure."
+        },
+        "id": {
+          "type": "string",
+          "description": "Identity id",
+          "example": "2c9180a46faadee4016fb4e018c20639"
+        },
+        "name": {
+          "type": "string",
+          "description": "Human-readable display name of identity.",
+          "example": "Thomas Edison"
+        }
+      }
+    }
+  }
+}