Automated commit 'Merge pull request #1530 from sailpoint/michelle.kl…

…eiman/ADI-1785 michelle.kleiman/ADI-1785' by github action: 7789730980
sailpoint-oss · Feb 5, 2024 · 4ec676b · 4ec676b
1 parent b3ea362
commit 4ec676b
Show file tree

Hide file tree

Showing 4 changed files with 114 additions and 2 deletions.
diff --git a/idn/beta/paths/access-request-identity-metrics.yaml b/idn/beta/paths/access-request-identity-metrics.yaml
@@ -0,0 +1,52 @@
+get:
+  tags:
+    - Access Request Identity Metrics
+  summary: Return access request identity metrics
+  description: >-
+    Use this API to return information access metrics.
+  operationId: getAccessRequestIdentityMetrics
+  parameters:
+    - name: identityId
+      in: path
+      description: Identity's ID. 
+      required: true
+      schema:
+        type: string
+      example: '7025c863-c270-4ba6-beea-edf3cb091573'
+    - name: requestedObjectId
+      in: path
+      description: Requested access item's ID.
+      required: true
+      schema:
+        type: string
+      example: '2db501be-f0fb-4cc5-a695-334133c52891'
+    - name: type
+      in: path
+      description: Requested access item's type. 
+      required: true
+      schema:
+        type: string
+        items:
+          $ref: '../schemas/AccessItemRef.yaml'
+      example: ENTITLEMENT
+  security:
+    - UserContextAuth: [idn:access-request-approvals:read]
+  responses:
+    '200':
+      description: Summary of the resource access and source activity for the group of identities sharing a manager with the provided identity.
+      content:
+        application/json:
+          schema:
+            type: object
+            items:
+              $ref: '../schemas/AccessRequestIdentityMetrics.yaml'
+    '400':
+      $ref: '../../v3/responses/400.yaml'
+    '401':
+      $ref: '../../v3/responses/401.yaml'
+    '403':
+      $ref: '../../v3/responses/403.yaml'
+    '429':
+      $ref: '../../v3/responses/429.yaml'
+    '500':
+      $ref: '../../v3/responses/500.yaml'
diff --git a/idn/beta/schemas/AccessItemRef.yaml b/idn/beta/schemas/AccessItemRef.yaml
@@ -2,12 +2,12 @@ type: object
 properties:
   id:
     type: string
-    description: The ID of the access item for which to retrieve the recommendation
+    description: ID of the access item to retrieve the recommendation for. 
     example: '2c938083633d259901633d2623ec0375'
   type:
     type: string
     example: ENTITLEMENT
-    description: The type of the access item.
+    description: Access item's type.
     enum:
       - ENTITLEMENT
       - ACCESS_PROFILE

diff --git a/idn/beta/schemas/AccessRequestIdentityMetrics.yaml b/idn/beta/schemas/AccessRequestIdentityMetrics.yaml
@@ -0,0 +1,52 @@
+type: object
+properties:
+  identitiesWithAccess:
+    type: integer
+    format: int64
+    nullable: true
+    description:
+      Number of identities who share a manager with the identity requesting access and have already been granted the access item in question.
+    example: 8
+  identitiesWithActivity:
+    type: integer
+    format: int64
+    nullable: true
+    description: >-
+      Number of identities who share a manager with the identity requesting access and have activity within the associated source.
+    example: 5
+  totalIdentities:
+    type: integer
+    format: int64
+    nullable: true
+    description: >-
+      Total number of identities who share a manager with the identity requesting access.
+    example: 10
+  squadAvailable:
+    type: boolean
+    default: false
+    description: >-
+      True if the manager of the identity requesting access can be found.
+      False if the identity has no manager.
+    example: true
+  validActivityObject:
+    type: boolean
+    default: false
+    description: >-
+      True if the requested access item is associated with a single Activity Data Insights connector source. 
+      False if the requested access item type is a role. If it's a role, it matches to multiple sources,
+      so a single relevant source can't be determined for activity metrics.
+    example: true
+  activitySourceConfigured:
+    type: boolean
+    default: false
+    description: >-
+      True if the Activity Data Insights connector is configured for the source associated with the requested access item.
+      False if the matching Activity Data Insights connector is not configured.
+    example: true
+  requestedObjectActive:
+    type: boolean
+    default: false
+    description: >-
+      True if the requested access item exists and is available.
+      False if the requested access item is either missing or deleted.
+    example: true
diff --git a/idn/sailpoint-api.beta.yaml b/idn/sailpoint-api.beta.yaml
@@ -96,6 +96,12 @@ tags:
       They can use the My Requests tab under Request Center to track and/or cancel the requests.
 
       Refer to [Requesting Access](https://documentation.sailpoint.com/saas/user-help/requests/requesting_access.html) for more information about access requests.
+  - name: Access Request Identity Metrics
+    description: |
+      Use this API to implement access request identity metrics functionality.
+      With this functionality in place, access request reviewers can see relevant details about the requested access item and associated source activity. 
+      This allows reviewers to see how many of the identities who share a manager with the access requester have this same type of access and how many of them have had activity in the related source. 
+      This additional context about whether the access has been granted before and how often it has been used can help those approving access requests make more informed decisions.
   - name: Account Activities
     description: |
       Use this API to implement account activity tracking functionality.
@@ -1697,3 +1703,5 @@ paths:
     $ref: "./beta/paths/source-usages.yaml"
   /account-usages/{accountId}/summaries:
     $ref: "./beta/paths/account-usages.yaml"
+  /access-request-identity-metrics/{identityId}/requested-objects/{requestedObjectId}/type/{type}:
+    $ref: "./beta/paths/access-request-identity-metrics.yaml"