components: parameters: acceptTos: description: 1 or 0 for accepting terms of service in: query name: accept_tos required: false schema: type: string app: description: The app name. in: path name: app required: true schema: maxLength: 36 minLength: 4 type: string appClientId: description: ID of the app client to authorize in: path name: app_client_id required: true schema: type: string appId: description: The Okta app Id. in: path name: app_id required: true schema: type: string clientId: description: ID of the client to authorize in: query name: client_id required: false schema: type: string codeChallenge: description: PKCE code challenge in: query name: code_challenge required: false schema: type: string codeChallengeMethod: description: PKCE code challenge method in: query name: code_challenge_method required: false schema: type: string createdBy: description: The principal name. in: query name: created_by required: false schema: type: string domain: description: The domain name identifier. in: path name: domain required: true schema: type: string email: description: User email address for the authorization request in: query name: email required: false schema: maxLength: 320 pattern: ^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$ type: string encodeState: description: 1, true or 0, false for encoding state in: query name: encode_state required: false schema: maxLength: 5 type: string group: description: The group name. in: path name: group required: true schema: type: string x-case-insensitive: true idp: description: The Identity Provider name. in: path name: idp required: true schema: type: string include: description: Include additional information to return when validating tenant membership. Valid parameters [tenant, principal] in: query name: include required: false schema: items: enum: - tenant - principal type: string maxItems: 2 minItems: 0 type: array uniqueItems: true inviteId: description: The invite ID. in: query name: inviteID required: false schema: type: string keyId: description: Identifier of a public key. in: path name: keyId required: true schema: type: string member: description: The member name. in: path name: member required: true schema: minLength: 2 type: string x-case-insensitive: true memberKind: description: 'Kind of member, one of: [user, service_account, service]' in: query name: kind required: false schema: enum: - user - service_account - service type: string nonce: description: Nonce to prevent replay attacks in: query name: nonce required: false schema: type: string orderBy: description: The sorting order for returning list. in: query name: orderby required: false schema: type: string pageSize: description: The maximize return items count of a list. in: query name: page_size required: false schema: format: int32 maximum: 1000 minimum: 1 type: integer pageToken: description: The cursor to then next page. in: query name: page_token required: false schema: type: string permission: description: The permission string. in: path name: permission required: true schema: type: string x-case-insensitive: true principal: description: The principal name. in: path name: principal required: true schema: minLength: 2 type: string x-case-insensitive: true redirectUri: description: URI for the callback in: query name: redirect_uri required: false schema: type: string responseMode: description: Type of response, one of query, fragment, json in: query name: response_mode required: false schema: type: string responseType: description: Type of authorization flow in: query name: response_type required: false schema: type: string role: description: The role name. in: path name: role required: true schema: minLength: 4 type: string x-case-insensitive: true samlStateId: description: The saml specific state identifier carried through authentication flow in: query name: samlStateId required: false schema: maxLength: 128 type: string scope: description: Scope of the authorization request in: query name: scope required: false schema: type: string sessionToken: description: Obtained from authentication in: query name: session_token required: false schema: type: string state: description: State between request and callback in: query name: state required: false schema: type: string tenant: description: The tenant name. in: path name: tenant required: true schema: maxLength: 36 minLength: 2 type: string tenantName: description: The tenant name. in: path name: tenantName required: true schema: maxLength: 36 minLength: 2 type: string tenantQuery: description: Tenant for the authorization request in: query name: tenant required: false schema: maxLength: 36 minLength: 2 type: string userCode: description: userCode in: path name: userCode required: true schema: type: string version: description: The service API version. in: path name: version required: true schema: enum: - v2beta1 - v3alpha1 - v3 type: string version2: description: Service API v2beta1. in: path name: version2 required: true schema: enum: - v2beta1 type: string schemas: AddGroupMemberAsAnAdminBody: properties: group: type: string member: minLength: 2 type: string x-case-insensitive: true required: - group - member type: object AddGroupMemberBody: properties: name: minLength: 2 type: string x-case-insensitive: true required: - name type: object AddGroupRoleBody: properties: name: minLength: 4 type: string x-case-insensitive: true required: - name type: object AddInvisibleMemberBody: properties: expires_in: description: The expiration time of the member in seconds. format: int32 type: integer name: description: The name of the member to be added. minLength: 2 type: string x-case-insensitive: true reason: description: The reason you are adding this member. type: string required: - name - reason type: object AddMemberBody: properties: name: minLength: 2 type: string x-case-insensitive: true required: - name type: object AddRolePermissionBody: properties: permission: $ref: '#/components/schemas/PermissionString' required: - permission type: object App: description: Represents an app registration properties: createdAt: format: date-time type: string createdBy: type: string name: type: string principal: type: string redirectUris: items: type: string type: array tenant: type: string type: object Authn: properties: description: description: Authentication description type: string requestId: description: Request ID maxLength: 36 type: string sessionToken: description: Session token type: string status: description: Authentication status type: string type: object AuthnCredentialsBody: properties: csrfToken: description: CSRF token type: string password: description: Password type: string username: description: Username type: string required: - username - password - csrfToken type: object ChangeSubscriptionBody: properties: appPermissions: items: minLength: 4 type: string x-case-insensitive: true type: array userPermissions: items: minLength: 4 type: string x-case-insensitive: true type: array required: - appPermissions - userPermissions type: object CreateAppBody: properties: name: maxLength: 36 minLength: 4 pattern: ^[_a-z][_.a-z0-9]*$ type: string principal: minLength: 2 type: string x-case-insensitive: true redirectUris: items: maxLength: 256 minLength: 8 type: string maxItems: 100 type: array required: - name - principal type: object CreateDomainBody: properties: id: maxLength: 36 minLength: 4 pattern: ^[_a-z]([.]?[_a-z0-9])*$ type: string name: maxLength: 253 pattern: ^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$ type: string required: - id - name type: object CreateGroupBody: properties: name: maxLength: 128 minLength: 4 pattern: ^[_a-z]([.]?[_a-z0-9])*$ type: string required: - name type: object CreateIdpBody: properties: description: maxLength: 1024 type: string federation_id: maxLength: 256 type: string name: maxLength: 36 minLength: 4 pattern: ^[_a-z]([.]?[_a-z0-9])*$ type: string title: maxLength: 256 type: string required: - name - title - federation_id type: object CreateIdpMappingBody: properties: idp: maxLength: 36 minLength: 4 pattern: ^[_a-z]([.]?[_a-z0-9])*$ type: string required: - idp type: object CreatePrincipalBody: description: Payload when creating a principal properties: acceptTos: default: false type: boolean credentials: $ref: '#/components/schemas/CredentialList' enabled: type: boolean key: $ref: '#/components/schemas/ECJwk' kind: $ref: '#/components/schemas/PrincipalKind' name: minLength: 2 type: string x-case-insensitive: true profile: $ref: '#/components/schemas/CreatePrincipalProfile' required: - kind type: object CreatePrincipalProfile: description: Payload when creating Principal profile properties: email: maxLength: 320 pattern: ^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$ type: string firstName: maxLength: 320 minLength: 1 type: string lastName: maxLength: 320 minLength: 1 type: string required: - email - firstName - lastName type: object CreateRoleBody: properties: name: maxLength: 128 minLength: 4 pattern: ^[_a-z]([.]?[_a-z0-9])*$ type: string required: - name type: object CreateSubscriptionBody: properties: app: maxLength: 36 minLength: 4 pattern: ^[_a-z][_.a-z0-9]*$ type: string appPermissions: items: minLength: 4 type: string x-case-insensitive: true type: array userPermissions: items: minLength: 4 type: string x-case-insensitive: true type: array required: - app - appPermissions - userPermissions type: object CreateTenantBody: properties: createdBy: type: string name: $ref: '#/components/schemas/TenantName' required: - name type: object Credential: description: Principal credential properties: type: enum: - password type: string value: maxLength: 128 minLength: 8 type: string required: - type - value type: object CredentialList: description: List of credentials items: $ref: '#/components/schemas/Credential' type: array CsrfToken: properties: csrf: description: CSRF token type: string requestId: description: Request ID maxLength: 36 type: string type: object DecryptTokenBody: properties: token: type: string required: - token type: object DecryptedToken: description: A decrypted token properties: token: type: string required: - token type: object DeviceAuthInfo: properties: device_code: type: string expires_in: type: integer interval: type: integer user_code: type: string verification_uri: type: string required: - device_code - user_code - verification_uri - expires_in - interval type: object Domain: properties: createdAt: format: date-time type: string createdBy: type: string id: type: string name: type: string type: object DomainIdp: properties: createdAt: format: date-time type: string createdBy: type: string domain: type: string idp: type: string type: object ECJwk: properties: alg: enum: - ES256 - ES384 - ES512 maxLength: 64 type: string crv: maxLength: 64 type: string kid: maxLength: 64 minLength: 3 pattern: ^[_\-a-zA-Z0-9]*$ type: string kty: enum: - EC maxLength: 64 type: string x: maxLength: 4096 type: string "y": maxLength: 4096 type: string type: object ECJwks: properties: keys: items: $ref: '#/components/schemas/ECJwk' maxItems: 10 type: array type: object Group: properties: createdAt: format: date-time type: string createdBy: type: string memberCount: type: integer name: type: string roleCount: type: integer tenant: type: string required: - tenant - name - createdAt - createdBy - memberCount - roleCount type: object GroupMember: description: Represents a member that belongs to a group properties: addedAt: format: date-time type: string addedBy: type: string group: type: string principal: type: string tenant: type: string required: - tenant - group - principal - addedAt - addedBy type: object GroupRole: description: Represents a role that is assigned to a group properties: addedAt: format: date-time type: string addedBy: type: string group: type: string role: type: string tenant: type: string required: - tenant - group - role - addedAt - addedBy type: object IdentityProvider: properties: createdAt: format: date-time type: string createdBy: type: string description: type: string federation_id: type: string name: type: string title: type: string type: object IdentityProviderBody: properties: config: properties: certificate: type: string email_attribute: type: string entity_descriptor: maxLength: 1024 type: string first_name_attribute: type: string last_name_attribute: type: string method: enum: - post - redirect type: string single_sign_on_service_url: type: string required: - entity_descriptor - single_sign_on_service_url - certificate - method - email_attribute type: object createdAt: format: date-time type: string createdBy: type: string description: type: string enabled: type: boolean id: type: string kind: enum: - keycloak - saml type: string title: type: string required: - id - title - kind - config type: object IdentityProviderConfigBody: properties: config: properties: certificate: type: string email_attribute: type: string entity_descriptor: maxLength: 1024 type: string first_name_attribute: type: string last_name_attribute: type: string method: enum: - post - redirect type: string single_sign_on_service_url: type: string type: object description: maxLength: 1024 type: string enabled: type: boolean id: maxLength: 36 minLength: 4 pattern: ^[_a-z]([.]?[_a-z0-9])*$ type: string title: maxLength: 256 type: string required: - id - config type: object IdentityProviderList: description: A list of identity provider. properties: items: items: $ref: '#/components/schemas/IdentityProvider' type: array nextLink: type: string required: - items - nextLink type: object IdentityProviders: items: $ref: '#/components/schemas/IdentityProvider' type: array ImmutableApp: properties: appPermissions: items: type: string type: array name: type: string principal: type: string systemApp: type: boolean userPermissions: items: type: string type: array type: object ImmutableApps: description: A list of Immutable Application. properties: items: items: $ref: '#/components/schemas/ImmutableApp' type: array required: - items Jwk: properties: alg: maxLength: 64 type: string e: maxLength: 64 type: string kid: maxLength: 1024 type: string kty: maxLength: 64 type: string "n": maxLength: 4096 type: string use: maxLength: 64 type: string type: object Jwks: properties: keys: items: $ref: '#/components/schemas/Jwk' maxItems: 10 type: array type: object Key: properties: clientId: type: string createdAt: format: date-time type: string createdBy: type: string expiresAt: format: date-time type: string id: type: string name: type: string permissions: items: type: string type: array rotatedAt: format: date-time type: string tenant: type: string type: object Member: description: Represents a member that belongs to a tenant. properties: addedAt: description: When the principal was added to the tenant. format: date-time type: string addedBy: type: string expiresAt: format: date-time nullable: true type: string groupCount: type: integer name: type: string profile: $ref: '#/components/schemas/PrincipalProfile' tenant: type: string visible: nullable: true type: boolean required: - tenant - name - addedAt - addedBy - groupCount type: object OAuth2Client: properties: application_type: type: string client_id: type: string client_id_issued_at: type: integer client_name: type: string client_secret: type: string client_uri: type: string consent_method: type: string grant_types: items: type: string type: array initiate_login_uri: type: string post_logout_redirect_uris: items: type: string type: array redirect_uris: items: type: string type: array response_types: items: type: string type: array token_endpoint_auth_method: type: string type: object OktaApp: description: Represents an Okta App (https://developer.okta.com/docs/reference/api/apps/#application-model) type: object OktaAppList: description: Represents a list of Okta Apps items: $ref: '#/components/schemas/OktaApp' type: array PermissionSet: properties: kind: $ref: '#/components/schemas/PermissionSetKind' name: type: string permissions: items: type: string type: array required: - kind - name - permissions type: object PermissionSetKind: enum: - principal - api_key - subscription type: string PermissionSetList: items: $ref: '#/components/schemas/PermissionSet' type: array PermissionString: maxLength: 1024 minLength: 4 type: string x-case-insensitive: true Principal: properties: createdAt: format: date-time type: string createdBy: type: string kind: $ref: '#/components/schemas/PrincipalKind' name: type: string profile: $ref: '#/components/schemas/PrincipalProfile' tenants: items: $ref: '#/components/schemas/TenantName' type: array updatedAt: format: date-time type: string updatedBy: type: string required: - name - kind - tenants - createdAt - createdBy - updatedAt - updatedBy type: object PrincipalKind: enum: - user - service_account - service type: string PrincipalProfile: description: Profile information for a principal properties: email: type: string firstName: type: string fullName: type: string lastName: type: string type: object PrincipalPublicKey: properties: createdAt: format: date-time type: string createdBy: type: string key: $ref: '#/components/schemas/ECJwk' status: enum: - active - inactive - deleted type: string updatedAt: format: date-time type: string updatedBy: type: string required: - status - key - createdBy - createdAt - updatedBy - updatedAt type: object PrincipalPublicKeyStatusBody: properties: status: enum: - active - inactive type: string required: - status type: object PrincipalPublicKeys: items: $ref: '#/components/schemas/PrincipalPublicKey' type: array PrincipalTos: properties: hasAccepted: type: boolean principal: type: string required: - principal - hasAccepted type: object ResolveBody: properties: client_id: maxLength: 36 type: string code_challenge: maxLength: 256 type: string code_challenge_method: maxLength: 4 type: string email: maxLength: 320 pattern: ^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$ type: string encode_state: maxLength: 5 type: string invite_id: maxLength: 256 type: string nonce: maxLength: 256 type: string redirect_uri: maxLength: 2048 type: string response_type: maxLength: 128 type: string scope: maxLength: 128 type: string state: maxLength: 256 type: string tenant: $ref: '#/components/schemas/TenantName' required: - email - client_id - response_type - redirect_uri - scope - state type: object ResolvedAuth: properties: description: type: string idp_url: type: string name: type: string ResolvedAuthList: items: $ref: '#/components/schemas/ResolvedAuth' type: array Role: properties: createdAt: format: date-time type: string createdBy: type: string name: type: string permissions: items: type: string type: array tenant: type: string required: - tenant - name - createdAt - createdBy type: object RolePermission: properties: addedAt: format: date-time type: string addedBy: type: string permission: type: string role: type: string tenant: type: string required: - tenant - role - permission - addedAt - addedBy type: object SensitiveTenants: items: type: string type: array ServiceAccount: properties: appName: type: string appTenant: type: string labels: type: object permissions: items: type: string type: array principal: type: string principalKind: type: string systemPermissions: items: type: string type: array type: object ServiceAccountList: description: A list of service account. properties: items: items: $ref: '#/components/schemas/ServiceAccount' type: array nextLink: type: string required: - items - nextLink type: object ServiceAccountPeer: properties: permissions: items: type: string type: array principal: type: string tenant: type: string type: object ServiceAccountPeers: items: $ref: '#/components/schemas/ServiceAccountPeer' type: array ServiceAccounts: items: $ref: '#/components/schemas/ServiceAccount' type: array Subscription: description: Represents an app subscribed to a tenant properties: app: type: string appPermissions: items: type: string type: array createdAt: format: date-time type: string createdBy: type: string principal: type: string tenant: type: string userPermissions: items: type: string type: array type: object TakedownPrincipal: properties: addedAt: format: date-time type: string addedBy: type: string name: type: string required: - name - addedBy - addedAt type: object TakedownPrincipalBody: properties: reason: maxLength: 280 minLength: 4 type: string required: - reason type: object TakedownPrincipalList: description: A list of takedown principals. properties: items: items: $ref: '#/components/schemas/TakedownPrincipal' type: array nextLink: type: string required: - items - nextLink type: object Tenant: properties: createdAt: format: date-time type: string createdBy: type: string name: $ref: '#/components/schemas/TenantName' status: $ref: '#/components/schemas/TenantStatus' required: - name - status - createdAt - createdBy type: object TenantAsAdmin: properties: cells: items: type: string type: array createdAt: format: date-time type: string createdBy: type: string deletedAt: format: date-time type: string deletedBy: type: string name: $ref: '#/components/schemas/TenantName' proxiedBy: type: string status: $ref: '#/components/schemas/TenantStatus' required: - name - status - createdAt - createdBy - proxiedBy - deletedAt - deletedBy type: object TenantIdp: properties: createdAt: format: date-time type: string createdBy: type: string idp: type: string tenant: type: string type: object TenantList: description: A list of tenant. properties: items: items: $ref: '#/components/schemas/Tenant' type: array nextLink: type: string required: - items - nextLink type: object TenantName: maxLength: 36 minLength: 2 pattern: ^[a-z0-9][a-z0-9\-]*[a-z0-9]$ type: string TenantState: enum: - suspend - resume type: string TenantStatus: enum: - provisioning - failed - ready - deleting - deleted - tombstoned - suspended type: string Token: properties: access_token: description: Access token type: string expires_in: description: Expiration time of access_token in seconds type: integer id_token: description: ID Token type: string refresh_token: description: Refresh Token type: string scope: description: Scope that was granted type: string token_type: description: Must be Bearer type type: string type: object UpdateAppBody: properties: redirectUris: items: maxLength: 256 minLength: 8 type: string maxItems: 100 type: array type: object UpdateIdpBody: properties: description: maxLength: 1024 type: string federation_id: maxLength: 256 type: string title: maxLength: 256 type: string required: - title - federation_id type: object UpdateRolePermissionsBody: properties: permissions: items: $ref: '#/components/schemas/PermissionString' type: array required: - permissions type: object UpdateTenantAsAdminBody: properties: cells: items: maxLength: 50 minLength: 1 type: string maxItems: 10 type: array type: object UpdateTenantBody: properties: createdBy: type: string status: enum: - provisioning - ready - suspending - suspended - resuming - deleting - tombstoned - failed type: string type: object UpdateTenantStateBody: properties: state: $ref: '#/components/schemas/TenantState' required: - state type: object UserCodeValidateInfo: properties: country: type: string device: type: string ip_address: type: string principal: type: string scope: type: string tenant: type: string user_code: type: string required: - device - user_code - scope - tenant - ip_address - country - principal ValidateInfo: properties: clientId: type: string kind: enum: - principal - api_key type: string name: maxLength: 36 minLength: 4 type: string principal: $ref: '#/components/schemas/Principal' tenant: $ref: '#/components/schemas/Tenant' required: - name - clientId - kind type: object securitySchemes: Bearer: in: header name: Authorization type: apiKey info: description: With the Identity service in Splunk Cloud Services, you can authenticate and authorize Splunk Cloud Services users. title: Identity version: v2beta1.23 openapi: 3.0.0 paths: /{tenant}/identity/v2beta1/groups: get: description: List the groups that exist in a given tenant. operationId: listGroups parameters: - description: List only the groups with specified access permission. in: query name: access schema: enum: - write type: string responses: "200": content: application/json: schema: items: type: string type: array description: The list of groups was successfully returned. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. x-authz-scope: identity.groups.read parameters: - $ref: '#/components/parameters/tenant' post: description: Creates a new group in a given tenant. operationId: createGroup requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateGroupBody' description: The group definition. required: true responses: "201": content: application/json: schema: $ref: '#/components/schemas/Group' description: The group was successfully created. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. "409": description: The group already exists. "423": description: The resource is locked. x-authz-scope: identity.groups.write x-trigger-name: splunk.identity.groups /{tenant}/identity/v2beta1/groups/{group}: delete: description: Deletes a group in a given tenant. operationId: deleteGroup responses: "204": description: The group was successfully deleted. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. "423": description: The resource is locked. x-authz-scope: identity.groups.write x-trigger-name: splunk.identity.groups get: description: Returns information about a given group within a tenant. operationId: getGroup responses: "200": content: application/json: schema: $ref: '#/components/schemas/Group' description: The group was successfully defined. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.groups.read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/group' /{tenant}/identity/v2beta1/groups/{group}/members: get: description: Returns a list of the members within a given group. operationId: listGroupMembers responses: "200": content: application/json: schema: items: type: string type: array description: The list of group members was successfully returned. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.groups.read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/group' post: description: Adds a member to a given group. operationId: addGroupMember requestBody: content: application/json: schema: $ref: '#/components/schemas/AddGroupMemberBody' description: The member to add to a group. required: true responses: "201": content: application/json: schema: $ref: '#/components/schemas/GroupMember' description: The member has been successfully added to the group. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. "409": description: The member already exists. "423": description: The resource is locked. x-authz-scope: identity.groups.write x-trigger-name: splunk.identity.group-members /{tenant}/identity/v2beta1/groups/{group}/members/{member}: delete: description: Removes the member from a given group. operationId: removeGroupMember responses: "204": description: The member was successfully removed from the group. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. "423": description: The resource is locked. x-authz-scope: identity.groups.write x-trigger-name: splunk.identity.group-members get: description: Returns information about a given member within a given group. operationId: getGroupMember responses: "200": content: application/json: schema: $ref: '#/components/schemas/GroupMember' description: The group-to-member relationship details were successfully returned. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.groups.read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/group' - $ref: '#/components/parameters/member' /{tenant}/identity/v2beta1/groups/{group}/roles: get: description: Returns a list of the roles that are attached to a group within a given tenant. operationId: listGroupRoles responses: "200": content: application/json: schema: items: type: string type: array description: The list of roles was successfully returned. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.groups.read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/group' post: description: Adds a role to a given group. operationId: addGroupRole requestBody: content: application/json: schema: $ref: '#/components/schemas/AddGroupRoleBody' description: The role to add to a group. required: true responses: "201": content: application/json: schema: $ref: '#/components/schemas/GroupRole' description: The role has been successfully added to the group. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. "409": description: The role already exists. "423": description: The resource is locked. x-authz-scope: identity.groups.write x-trigger-name: splunk.identity.group-roles /{tenant}/identity/v2beta1/groups/{group}/roles/{role}: delete: description: Removes a role from a given group. operationId: removeGroupRole responses: "204": description: The role was successfully removed from the group. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. "423": description: The resource is locked. x-authz-scope: identity.groups.write x-trigger-name: splunk.identity.group-roles get: description: Returns information about a given role within a given group. operationId: getGroupRole responses: "200": content: application/json: schema: $ref: '#/components/schemas/GroupRole' description: The group-to-role relationship details were successfully returned. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.groups.read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/group' - $ref: '#/components/parameters/role' /{tenant}/identity/v2beta1/identityproviders: get: description: Returns the list of Identity Providers for the given tenant. operationId: listIdentityProvider responses: "200": content: application/json: schema: items: $ref: '#/components/schemas/IdentityProviderBody' type: array description: The list of Identity Providers was successfully returned. "400": description: Malformed request "401": description: Unauthenticated user "403": description: Unauthorized operation "500": description: Internal server error x-authz-scope: identity.idps.read parameters: - $ref: '#/components/parameters/tenant' post: description: Create an Identity Provider. operationId: createIdentityProvider requestBody: content: application/json: schema: $ref: '#/components/schemas/IdentityProviderConfigBody' description: The Identity Provider to create. required: true responses: "201": content: application/json: schema: $ref: '#/components/schemas/IdentityProviderBody' description: The Identity Provider was successfully created. "400": description: Malformed request "401": description: Unauthenticated user "403": description: Unauthorized operation "409": description: The Identity Provider already exists "500": description: Internal server error x-authz-scope: identity.idps.write /{tenant}/identity/v2beta1/identityproviders/{idp}: delete: description: Deletes the Identity Provider. operationId: deleteIdentityProvider responses: "204": description: The Identity Provider was successfully deleted. "400": description: Malformed request "401": description: Unauthenticated user "403": description: Unauthorized operation "404": description: Resource not found "500": description: Internal server error x-authz-scope: identity.idps.write get: description: Returns the Identity Provider for the given tenant. operationId: getIdentityProvider responses: "200": content: application/json: schema: $ref: '#/components/schemas/IdentityProviderBody' description: The Identity Provider was successfully returned. "400": description: Malformed request "401": description: Unauthenticated user "403": description: Unauthorized operation "404": description: Resource not found "500": description: Internal server error x-authz-scope: identity.idps.read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/idp' put: description: Update the configuration for an Identity Provider. operationId: updateIdentityProvider requestBody: content: application/json: schema: $ref: '#/components/schemas/IdentityProviderConfigBody' description: The properties to update the Identity Provider with. required: true responses: "200": content: application/json: schema: $ref: '#/components/schemas/IdentityProviderBody' description: The Identity Provider was successfully updated. "400": description: Malformed request "401": description: Unauthenticated user "403": description: Unauthorized operation "404": description: Resource not found "500": description: Internal server error x-authz-scope: identity.idps.write /{tenant}/identity/v2beta1/members: get: description: Returns a list of members in a given tenant. operationId: listMembers responses: "200": content: application/json: schema: items: type: string type: array description: The list of tenant members was successfully returned. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.members.read parameters: - $ref: '#/components/parameters/tenant' post: description: Adds a member to a given tenant. operationId: addMember requestBody: content: application/json: schema: $ref: '#/components/schemas/AddMemberBody' description: The member to associate with a tenant. required: true responses: "201": content: application/json: schema: $ref: '#/components/schemas/Member' description: The member was successfully added. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. "409": description: The member already exists. "423": description: The resource is locked. x-authz-scope: identity.members.write x-trigger-name: splunk.identity.members /{tenant}/identity/v2beta1/members/{member}: delete: description: Removes a member from a given tenant operationId: removeMember responses: "204": description: The member was successfully removed. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. "423": description: The resource is locked. x-authz-scope: identity.members.write x-trigger-name: splunk.identity.members get: description: Returns a member of a given tenant. operationId: getMember responses: "200": content: application/json: schema: $ref: '#/components/schemas/Member' description: The member was successfully returned. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.members.read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/member' /{tenant}/identity/v2beta1/members/{member}/groups: get: description: Returns a list of groups that a member belongs to within a tenant. operationId: listMemberGroups responses: "200": content: application/json: schema: items: type: string type: array description: The list of groups was successfully retrieved. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.members.read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/member' /{tenant}/identity/v2beta1/members/{member}/permissions: get: description: | Returns a set of permissions granted to the member within the tenant. operationId: listMemberPermissions parameters: - description: List only the permissions matching the scope filter. in: query name: scopeFilter required: false schema: type: string responses: "200": content: application/json: schema: items: type: string type: array description: The set of permissions was successfully returned. headers: Cache-Control: description: max-age=, specifies the time member permission can be cached. schema: type: string "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.members.read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/member' /{tenant}/identity/v2beta1/members/{member}/roles: get: description: | Returns a set of roles that a given member holds within the tenant. operationId: listMemberRoles responses: "200": content: application/json: schema: items: type: string type: array description: The set of roles was successfully returned. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.members.read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/member' /{tenant}/identity/v2beta1/roles: get: description: Returns all roles for a given tenant. operationId: listRoles responses: "200": content: application/json: schema: items: type: string type: array description: The list of roles for the given tenant was successfully returned. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.roles.read parameters: - $ref: '#/components/parameters/tenant' post: description: Creates a new authorization role in a given tenant. operationId: createRole requestBody: content: application/json: schema: $ref: '#/components/schemas/CreateRoleBody' description: Role definition required: true responses: "201": content: application/json: schema: $ref: '#/components/schemas/Role' description: The authorization role was successfully created. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. "409": description: The role already exists. "423": description: The resource is locked. x-authz-scope: identity.roles.write x-trigger-name: splunk.identity.roles /{tenant}/identity/v2beta1/roles/{role}: delete: description: Deletes a defined role for a given tenant. operationId: deleteRole responses: "204": description: The role was successfully deleted. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. "422": description: Unprocessable entity in request. "423": description: The resource is locked. x-authz-scope: identity.roles.write x-trigger-name: splunk.identity.roles get: description: Returns a role for a given tenant. operationId: getRole responses: "200": content: application/json: schema: $ref: '#/components/schemas/Role' description: The role was successfully returned. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.roles.read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/role' /{tenant}/identity/v2beta1/roles/{role}/groups: get: description: Gets a list of groups for a role in a given tenant. operationId: listRoleGroups responses: "200": content: application/json: schema: items: type: string type: array description: The list of groups was successfully returned. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.roles.read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/role' /{tenant}/identity/v2beta1/roles/{role}/permissions: get: description: Gets the permissions for a role in a given tenant. operationId: listRolePermissions responses: "200": content: application/json: schema: items: type: string type: array description: The list of permissions was successfully returned. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.roles.read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/role' post: description: Adds permissions to a role in a given tenant. operationId: addRolePermission requestBody: content: application/json: schema: $ref: '#/components/schemas/PermissionString' description: The permission to add to a role. required: true responses: "200": content: application/json: schema: $ref: '#/components/schemas/RolePermission' description: The permission was successfully added to the role. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. "422": description: The provided fields aren't valid. "423": description: The resource is locked. x-authz-scope: identity.roles.write x-trigger-name: splunk.identity.role-permissions /{tenant}/identity/v2beta1/roles/{role}/permissions/{permission}: delete: description: Removes a permission from the role. operationId: removeRolePermission responses: "204": description: The permission was successfully removed from the role. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. "422": description: Unprocessable entity in request. "423": description: The resource is locked. x-authz-scope: identity.roles.write x-trigger-name: splunk.identity.role-permissions get: description: Gets a permission for the specified role. operationId: getRolePermission responses: "200": content: application/json: schema: $ref: '#/components/schemas/RolePermission' description: The permission was successfully added to the role. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.roles.read parameters: - $ref: '#/components/parameters/tenant' - $ref: '#/components/parameters/role' - $ref: '#/components/parameters/permission' /{tenant}/identity/v2beta1/validate: get: description: | Validates the access token obtained from the authorization header and returns the principal name and tenant memberships. operationId: validateToken parameters: - $ref: '#/components/parameters/include' responses: "200": content: application/json: schema: $ref: '#/components/schemas/ValidateInfo' description: The submitted token is valid. headers: Cache-Control: description: Specify how/whether to cache the response, etc. schema: type: string X-Internal-Cache-Control: description: max-age=, specifies the time a token can be cached. This is meant for internal services only. schema: type: string "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. "429": description: Too many requests were sent. parameters: - $ref: '#/components/parameters/tenant' /system/identity/v2beta1/principals: get: description: Returns the list of principals that the Identity service knows about. operationId: listPrincipals responses: "200": content: application/json: schema: items: type: string type: array description: The principal list was successfully returned. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. x-authz-scope: identity.principals.read post: description: Create a new principal operationId: createPrincipal parameters: - $ref: '#/components/parameters/inviteId' requestBody: content: application/json: schema: $ref: '#/components/schemas/CreatePrincipalBody' description: The new principal to add to the system. required: true responses: "201": content: application/json: schema: $ref: '#/components/schemas/Principal' description: The principal was successfully created. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "409": description: The principal already exists. security: [] x-auth-required: false x-authz-scope: identity.principals.create /system/identity/v2beta1/principals/{principal}: get: description: Returns the details of a principal, including its tenant membership. operationId: getPrincipal responses: "200": content: application/json: schema: $ref: '#/components/schemas/Principal' description: The principal details were successfully returned. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.principals.read parameters: - $ref: '#/components/parameters/principal' /system/identity/v2beta1/principals/{principal}/keys: get: description: Returns principal public keys operationId: getPrincipalPublicKeys responses: "200": content: application/json: schema: $ref: '#/components/schemas/PrincipalPublicKeys' description: Successful operation "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.principals.read parameters: - $ref: '#/components/parameters/principal' post: description: Add service principal public key operationId: addPrincipalPublicKey requestBody: content: application/json: schema: $ref: '#/components/schemas/ECJwk' description: Service principal public key required: true responses: "200": content: application/json: schema: $ref: '#/components/schemas/PrincipalPublicKey' description: Public keys have been added "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.principalkeys.write /system/identity/v2beta1/principals/{principal}/keys/{keyId}: delete: description: Deletes principal public key operationId: deletePrincipalPublicKey responses: "204": description: Successful operation "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.principalkeys.write get: description: Returns principal public key operationId: getPrincipalPublicKey responses: "200": content: application/json: schema: $ref: '#/components/schemas/PrincipalPublicKey' description: Successful operation "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.principals.read parameters: - $ref: '#/components/parameters/principal' - $ref: '#/components/parameters/keyId' put: description: Update principal public key operationId: updatePrincipalPublicKey requestBody: content: application/json: schema: $ref: '#/components/schemas/PrincipalPublicKeyStatusBody' description: Status of the public key required: true responses: "200": content: application/json: schema: $ref: '#/components/schemas/PrincipalPublicKey' description: Successful operation "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.principalkeys.write /system/identity/v2beta1/principals/{principal}/revoke: parameters: - $ref: '#/components/parameters/principal' post: description: Revoke all existing tokens issued to a principal. Principals can reset their password by visiting https://login.splunk.com/en_us/page/lost_password operationId: revokePrincipalAuthTokens responses: "204": description: All tokens associated with this principal were successfully revoked. "400": description: The request isn't valid. "401": description: The user isn't authenticated. "403": description: The operation isn't authorized. "404": description: The resource wasn't found. x-authz-scope: identity.principals.revoke security: - Bearer: [] servers: - url: / # Retrieved from scp-openapi commit 820564ba8a17697d087ff171b14cbad60a716ee3 path: identity/v2beta1/openapi.yaml