Apply automatic changes

sailpoint-oss · Apr 5, 2024 · f2dd786 · f2dd786
1 parent 674f936
commit f2dd786
Show file tree

Hide file tree

Showing 7 changed files with 7,796 additions and 7,756 deletions.
diff --git a/dereferenced/deref-sailpoint-api.beta.json b/dereferenced/deref-sailpoint-api.beta.json
diff --git a/dereferenced/deref-sailpoint-api.beta.yaml b/dereferenced/deref-sailpoint-api.beta.yaml
diff --git a/dereferenced/deref-sailpoint-api.v3.json b/dereferenced/deref-sailpoint-api.v3.json
@@ -17881,11 +17881,12 @@
           "Accounts"
         ],
         "summary": "Unlock Account",
-        "description": "This API submits a task to unlock an account and returns the task ID.  \nA token with ORG_ADMIN authority is required to call this API.",
+        "description": "This API submits a task to unlock an account and returns the task ID.  \nTo use this endpoint to unlock an account that has the `forceProvisioning` option set to true, the `idn:accounts-provisioning:manage` scope is required. \nA token with ORG_ADMIN authority is required to call this API.",
         "security": [
           {
             "UserContextAuth": [
-              "idn:accounts-state:manage"
+              "idn:accounts-state:manage",
+              "idn:accounts-provisioning:manage"
             ]
           }
         ],
@@ -17897,7 +17898,7 @@
               "type": "string"
             },
             "required": true,
-            "description": "The account id",
+            "description": "The account ID.",
             "example": "ef38f94347e94562b5bb8424a56397d8"
           }
         ],
@@ -65746,7 +65747,7 @@
           "Lifecycle States"
         ],
         "summary": "Set Lifecycle State",
-        "description": "This endpoint will set/update an identity's lifecycle state to the one provided and updates the corresponding Identity Profile.\nA token with ORG_ADMIN or API authority is required to call this API.",
+        "description": "This endpoint will set/update an identity's lifecycle state to the one provided and updates the corresponding identity profile.\nA token with ORG_ADMIN or API authority is required to call this API.",
         "security": [
           {
             "UserContextAuth": [
@@ -65758,7 +65759,7 @@
           {
             "in": "path",
             "name": "identity-id",
-            "description": "The ID of the identity to update",
+            "description": "The ID of the identity to update.",
             "required": true,
             "example": "2c9180857893f1290178944561990364",
             "schema": {
@@ -65775,7 +65776,7 @@
                 "properties": {
                   "lifecycleStateId": {
                     "type": "string",
-                    "description": "The ID of the lifecycle state to set",
+                    "description": "The ID of the lifecycle state to set.",
                     "example": "2c9180877a86e408017a8c19fefe046c"
                   }
                 }
@@ -65794,7 +65795,7 @@
                     "accountActivityId": {
                       "type": "string",
                       "example": "2c9180837ab5b716017ab7c6c9ef1e20",
-                      "description": "The ID of the IdentityRequest object that was generated when the workflow launches"
+                      "description": "The ID of the IdentityRequest object that is generated when the workflow launches. To follow the IdentityRequest, you can provide this ID with a [Get Account Activity request](https://developer.sailpoint.com/docs/api/v3/get-account-activity/). The response will contain relevant information about the IdentityRequest, such as its status."
                     }
                   }
                 }
@@ -101865,7 +101866,7 @@
           "Roles"
         ],
         "summary": "Patch a specified Role",
-        "description": "This API updates an existing Role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.\n\nThe following fields are patchable: **name**, **description**, **enabled**, **owner**, **accessProfiles**, **membership**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments**\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.\nThe maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.",
+        "description": "This API updates an existing role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.\nThe following fields are patchable: * name * description * enabled * owner * accessProfiles * membership * requestable * accessRequestConfig * revokeRequestConfig * segments\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all access profiles included in the role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.\nThe maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.\nWhen you use this API to modify a role's membership identities, you can only modify up to a limit of 500 membership identities at a time. ",
         "parameters": [
           {
             "name": "id",
@@ -135376,7 +135377,7 @@
           "Password Management"
         ],
         "summary": "Set Identity's Password",
-        "description": "This API is used to set a password for an identity. \n\nAn identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their IDN user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or [\"authorization_code\" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow).\n\nA token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) can be used to change **any** identity's password or the password of any of the identity's accounts. \n\"API authority\" refers to a token that only has the \"client_credentials\" grant type.\n\nYou can use this endpoint to generate an `encryptedPassword` (RSA encrypted using publicKey). \nTo do so, follow these steps:\n\n1. Use [Query Password Info](https://developer.sailpoint.com/idn/api/v3/query-password-info) to get the following information: `identityId`, `sourceId`, `publicKeyId`, `publicKey`, `accounts`, and `policies`. \n\n2. Choose an account from the previous response that you will provide as an `accountId` in your request to set an encrypted password. \n\n3. Use [Set Identity's Password](https://developer.sailpoint.com/idn/api/v3/set-password) and provide the information you got from your earlier query. Then add this code to your request to get the encrypted password:\n\n```java\nimport javax.crypto.Cipher;\nimport java.security.KeyFactory;\nimport java.security.PublicKey;\nimport java.security.spec.X509EncodedKeySpec;\nimport java util.Base64;\n\nString encrypt(String publicKey, String toEncrypt) throws Exception {\n  byte[] publicKeyBytes = Base64.getDecoder().decode(publicKey);\n  byte[] encryptedBytes = encryptRsa(publicKeyBytes, toEncrypt.getBytes(\"UTF-8\"));\n  return Base64.getEncoder().encodeToString(encryptedBytes);\n}\n\nprivate byte[] encryptRsa(byte[] publicKeyBytes, byte[] toEncryptBytes) throws Exception {\n  PublicKey key = KeyFactory.getInstance(\"RSA\").generatePublic(new X509EncodedKeySpec(publicKeyBytes));\n  String transformation = \"RSA/ECB/PKCS1Padding\";\n  Cipher cipher = Cipher.getInstance(transformation);\n  cipher.init(1, key);\n  return cipher.doFinal(toEncryptBytes);\n}\n```    \n\nIn this example, `toEncrypt` refers to the plain text password you are setting and then encrypting, and the `publicKey` refers to the publicKey you got from the first request you sent. \n\nYou can then use [Get Password Change Request Status](https://developer.sailpoint.com/idn/api/v3/get-password-change-status) to check the password change request status. To do so, you must provide the `requestId` from your earlier request to set the password. \n",
+        "description": "This API is used to set a password for an identity. \n\nAn identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their ISC user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or [\"authorization_code\" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow).\n\nA token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) can be used to change **any** identity's password or the password of any of the identity's accounts. \n\"API authority\" refers to a token that only has the \"client_credentials\" grant type.\n\n>**Note: If you want to set an identity's source account password, you must enable `PASSWORD` as one of the source's features. You can use the [PATCH Source endpoint](https://developer.sailpoint.com/docs/api/v3/update-source) to add the `PASSWORD` feature.**\n\nYou can use this endpoint to generate an `encryptedPassword` (RSA encrypted using publicKey). \nTo do so, follow these steps:\n\n1. Use [Query Password Info](https://developer.sailpoint.com/idn/api/v3/query-password-info) to get the following information: `identityId`, `sourceId`, `publicKeyId`, `publicKey`, `accounts`, and `policies`. \n\n2. Choose an account from the previous response that you will provide as an `accountId` in your request to set an encrypted password. \n\n3. Use [Set Identity's Password](https://developer.sailpoint.com/idn/api/v3/set-password) and provide the information you got from your earlier query. Then add this code to your request to get the encrypted password:\n\n```java\nimport javax.crypto.Cipher;\nimport java.security.KeyFactory;\nimport java.security.PublicKey;\nimport java.security.spec.X509EncodedKeySpec;\nimport java util.Base64;\n\nString encrypt(String publicKey, String toEncrypt) throws Exception {\n  byte[] publicKeyBytes = Base64.getDecoder().decode(publicKey);\n  byte[] encryptedBytes = encryptRsa(publicKeyBytes, toEncrypt.getBytes(\"UTF-8\"));\n  return Base64.getEncoder().encodeToString(encryptedBytes);\n}\n\nprivate byte[] encryptRsa(byte[] publicKeyBytes, byte[] toEncryptBytes) throws Exception {\n  PublicKey key = KeyFactory.getInstance(\"RSA\").generatePublic(new X509EncodedKeySpec(publicKeyBytes));\n  String transformation = \"RSA/ECB/PKCS1Padding\";\n  Cipher cipher = Cipher.getInstance(transformation);\n  cipher.init(1, key);\n  return cipher.doFinal(toEncryptBytes);\n}\n```    \n\nIn this example, `toEncrypt` refers to the plain text password you are setting and then encrypting, and the `publicKey` refers to the publicKey you got from the first request you sent. \n\nYou can then use [Get Password Change Request Status](https://developer.sailpoint.com/idn/api/v3/get-password-change-status) to check the password change request status. To do so, you must provide the `requestId` from your earlier request to set the password. \n",
         "requestBody": {
           "required": true,
           "content": {

diff --git a/dereferenced/deref-sailpoint-api.v3.yaml b/dereferenced/deref-sailpoint-api.v3.yaml
@@ -14322,17 +14322,19 @@ paths:
       summary: Unlock Account
       description: |-
         This API submits a task to unlock an account and returns the task ID.  
+        To use this endpoint to unlock an account that has the `forceProvisioning` option set to true, the `idn:accounts-provisioning:manage` scope is required. 
         A token with ORG_ADMIN authority is required to call this API.
       security:
         - UserContextAuth:
             - 'idn:accounts-state:manage'
+            - 'idn:accounts-provisioning:manage'
       parameters:
         - in: path
           name: id
           schema:
             type: string
           required: true
-          description: The account id
+          description: The account ID.
           example: ef38f94347e94562b5bb8424a56397d8
       requestBody:
         required: true
@@ -50275,15 +50277,15 @@ paths:
         - Lifecycle States
       summary: Set Lifecycle State
       description: |-
-        This endpoint will set/update an identity's lifecycle state to the one provided and updates the corresponding Identity Profile.
+        This endpoint will set/update an identity's lifecycle state to the one provided and updates the corresponding identity profile.
         A token with ORG_ADMIN or API authority is required to call this API.
       security:
         - UserContextAuth:
             - 'idn:identity-lifecycle-state:update'
       parameters:
         - in: path
           name: identity-id
-          description: The ID of the identity to update
+          description: The ID of the identity to update.
           required: true
           example: 2c9180857893f1290178944561990364
           schema:
@@ -50297,7 +50299,7 @@ paths:
               properties:
                 lifecycleStateId:
                   type: string
-                  description: The ID of the lifecycle state to set
+                  description: The ID of the lifecycle state to set.
                   example: 2c9180877a86e408017a8c19fefe046c
       responses:
         '200':
@@ -50310,7 +50312,7 @@ paths:
                   accountActivityId:
                     type: string
                     example: 2c9180837ab5b716017ab7c6c9ef1e20
-                    description: The ID of the IdentityRequest object that was generated when the workflow launches
+                    description: 'The ID of the IdentityRequest object that is generated when the workflow launches. To follow the IdentityRequest, you can provide this ID with a [Get Account Activity request](https://developer.sailpoint.com/docs/api/v3/get-account-activity/). The response will contain relevant information about the IdentityRequest, such as its status.'
         '400':
           description: Client Error - Returned if the request body is invalid.
           content:
@@ -77064,11 +77066,11 @@ paths:
         - Roles
       summary: Patch a specified Role
       description: |-
-        This API updates an existing Role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.
-
-        The following fields are patchable: **name**, **description**, **enabled**, **owner**, **accessProfiles**, **membership**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments**
-        A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
+        This API updates an existing role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.
+        The following fields are patchable: * name * description * enabled * owner * accessProfiles * membership * requestable * accessRequestConfig * revokeRequestConfig * segments
+        A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all access profiles included in the role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.
         The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters.
+        When you use this API to modify a role's membership identities, you can only modify up to a limit of 500 membership identities at a time. 
       parameters:
         - name: id
           in: path
@@ -102304,11 +102306,13 @@ paths:
       description: |
         This API is used to set a password for an identity. 
 
-        An identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their IDN user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or ["authorization_code" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow).
+        An identity can change their own password (as well as any of their accounts' passwords) if they use a token generated by their ISC user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or ["authorization_code" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow).
 
         A token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) can be used to change **any** identity's password or the password of any of the identity's accounts. 
         "API authority" refers to a token that only has the "client_credentials" grant type.
 
+        >**Note: If you want to set an identity's source account password, you must enable `PASSWORD` as one of the source's features. You can use the [PATCH Source endpoint](https://developer.sailpoint.com/docs/api/v3/update-source) to add the `PASSWORD` feature.**
+
         You can use this endpoint to generate an `encryptedPassword` (RSA encrypted using publicKey). 
         To do so, follow these steps: