Skip to main content

Create a campaign​

deprecated

This endpoint has been deprecated and may be removed in future versions of the API.

Creates a new Certification Campaign with the information provided in the request body.

Request Body required
  • name string required

    The campaign name. If this object is part of a template, special formatting applies; see the /campaign-templates/{id}/generate endpoint documentation for details.

  • description string required

    The campaign description. If this object is part of a template, special formatting applies; see the /campaign-templates/{id}/generate endpoint documentation for details.

  • deadline date-time

    The campaign's completion deadline.

  • type string required

    Possible values: [MANAGER, SOURCE_OWNER, SEARCH, ROLE_COMPOSITION]

    The type of campaign. Could be extended in the future.

  • emailNotificationEnabled boolean

    Default value: false

    Enables email notification for this campaign

  • autoRevokeAllowed boolean

    Default value: false

    Allows auto revoke for this campaign

  • recommendationsEnabled boolean

    Default value: false

    Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.

  • correlatedStatus string

    Possible values: [CORRELATED, UNCORRELATED]

    The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).

  • filter object

    Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.

  • id string

    The ID of whatever type of filter is being used.

  • type string

    Possible values: [CAMPAIGN_FILTER, RULE]

    Type of the filter

  • name string

    Name of the filter

  • sunsetCommentsRequired boolean

    Default value: true

    Determines if comments on sunset date changes are required.

  • sourceOwnerCampaignInfo object

    Must be set only if the campaign type is SOURCE_OWNER.

  • sourceIds string[]

    The list of sources to be included in the campaign.

  • searchCampaignInfo object

    Must be set only if the campaign type is SEARCH.

  • type string required

    Possible values: [IDENTITY, ACCESS]

    The type of search campaign represented.

  • description string

    Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.

  • reviewer object

    If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • query string

    The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of query or identityIds must be set.

  • identityIds string[]

    Possible values: <= 1000

    A direct list of identities to include in this campaign. One of identityIds or query must be set.

  • accessConstraints object[]

    Possible values: <= 1000

    Further reduces the scope of the campaign by excluding identities (from query or identityIds) that do not have this access.

  • type string required

    Possible values: [ENTITLEMENT, ACCESS_PROFILE, ROLE]

    Type of Access

  • ids string[]

    Must be set only if operator is SELECTED.

  • operator string required

    Possible values: [ALL, SELECTED]

    Used to determine whether the scope of the campaign should be reduced for selected ids or all.

  • roleCompositionCampaignInfo object

    Optional configuration options for role composition campaigns.

  • reviewer object

    If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • roleIds string[]

    Optional list of roles to include in this campaign. Only one of roleIds and query may be set; if neither are set, all roles are included.

  • remediatorRef object required

    This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is 'IDENTITY', and the chosen identity must be a Role Admin or Org Admin.

  • type string required

    Possible values: [IDENTITY]

    Legal Remediator Type

  • id string required

    The ID of the remediator.

  • query string

    Optional search query to scope this campaign to a set of roles. Only one of roleIds and query may be set; if neither are set, all roles are included.

  • description string

    Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.

  • alerts object[]

    A list of errors and warnings that have accumulated.

  • level string

    Possible values: [ERROR, WARN, INFO]

    Denotes the level of the message

  • localizations object[]
  • locale string

    The locale for the message text, a BCP 47 language tag.

  • localeOrigin string

    Possible values: [DEFAULT, REQUEST]

    An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  • text string

    Actual text of the error message in the indicated locale.

  • sourcesWithOrphanEntitlements object[]

    A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).

  • id string

    Id of the source

  • type string

    Possible values: [SOURCE]

    Type

  • name string

    Name of the source

  • mandatoryCommentRequirement string

    Possible values: [ALL_DECISIONS, REVOKE_ONLY_DECISIONS, NO_DECISIONS]

    Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.

Responses

Indicates that the campaign requested was successfully created and returns its representation.

Schema
  • id string

    Id of the campaign

  • name string

    The campaign name. If this object is part of a template, special formatting applies; see the /campaign-templates/{id}/generate endpoint documentation for details.

  • description string

    The campaign description. If this object is part of a template, special formatting applies; see the /campaign-templates/{id}/generate endpoint documentation for details.

  • deadline date-time

    The campaign's completion deadline.

  • type string

    Possible values: [MANAGER, SOURCE_OWNER, SEARCH, ROLE_COMPOSITION]

    The type of campaign. Could be extended in the future.

  • emailNotificationEnabled boolean

    Default value: false

    Enables email notification for this campaign

  • autoRevokeAllowed boolean

    Default value: false

    Allows auto revoke for this campaign

  • recommendationsEnabled boolean

    Default value: false

    Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.

  • status string

    Possible values: [PENDING, STAGED, CANCELING, ACTIVATING, ACTIVE, COMPLETING, COMPLETED, ERROR, ARCHIVED]

    The campaign's current status.

  • correlatedStatus string

    Possible values: [CORRELATED, UNCORRELATED]

    The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).

  • created date-time

    Created time of the campaign

  • modified date-time

    Modified time of the campaign

  • filter object

    Determines which items will be included in this campaign. The default campaign filter is used if this field is left blank.

  • id string

    The ID of whatever type of filter is being used.

  • type string

    Possible values: [CAMPAIGN_FILTER, RULE]

    Type of the filter

  • name string

    Name of the filter

  • sunsetCommentsRequired boolean

    Default value: true

    Determines if comments on sunset date changes are required.

  • sourceOwnerCampaignInfo object

    Must be set only if the campaign type is SOURCE_OWNER.

  • sourceIds string[]

    The list of sources to be included in the campaign.

  • searchCampaignInfo object

    Must be set only if the campaign type is SEARCH.

  • type string

    Possible values: [IDENTITY, ACCESS]

    The type of search campaign represented.

  • description string

    Describes this search campaign. Intended for storing the query used, and possibly the number of identities selected/available.

  • reviewer object

    If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • query string

    The scope for the campaign. The campaign will cover identities returned by the query and identities that have access items returned by the query. One of query or identityIds must be set.

  • identityIds string[]

    Possible values: <= 1000

    A direct list of identities to include in this campaign. One of identityIds or query must be set.

  • accessConstraints object[]

    Possible values: <= 1000

    Further reduces the scope of the campaign by excluding identities (from query or identityIds) that do not have this access.

  • type string

    Possible values: [ENTITLEMENT, ACCESS_PROFILE, ROLE]

    Type of Access

  • ids string[]

    Must be set only if operator is SELECTED.

  • operator string

    Possible values: [ALL, SELECTED]

    Used to determine whether the scope of the campaign should be reduced for selected ids or all.

  • roleCompositionCampaignInfo object

    Optional configuration options for role composition campaigns.

  • reviewer object

    If specified, this identity or governance group will be the reviewer for all certifications in this campaign. The allowed DTO types are IDENTITY and GOVERNANCE_GROUP

  • type string

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]

    DTO type

  • id string

    ID of the object to which this reference applies

  • name string

    Human-readable display name of the object to which this reference applies

  • roleIds string[]

    Optional list of roles to include in this campaign. Only one of roleIds and query may be set; if neither are set, all roles are included.

  • remediatorRef object

    This determines who remediation tasks will be assigned to. Remediation tasks are created for each revoke decision on items in the campaign. The only legal remediator type is 'IDENTITY', and the chosen identity must be a Role Admin or Org Admin.

  • type string

    Possible values: [IDENTITY]

    Legal Remediator Type

  • id string

    The ID of the remediator.

  • name string

    The name of the remediator.

  • query string

    Optional search query to scope this campaign to a set of roles. Only one of roleIds and query may be set; if neither are set, all roles are included.

  • description string

    Describes this role composition campaign. Intended for storing the query used, and possibly the number of roles selected/available.

  • alerts object[]

    A list of errors and warnings that have accumulated.

  • level string

    Possible values: [ERROR, WARN, INFO]

    Denotes the level of the message

  • localizations object[]
  • locale string

    The locale for the message text, a BCP 47 language tag.

  • localeOrigin string

    Possible values: [DEFAULT, REQUEST]

    An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  • text string

    Actual text of the error message in the indicated locale.

  • totalCertifications integer

    The total number of certifications in this campaign.

  • completedCertifications integer

    The number of completed certifications in this campaign.

  • sourcesWithOrphanEntitlements object[]

    A list of sources in the campaign that contain \"orphan entitlements\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).

  • id string

    Id of the source

  • type string

    Possible values: [SOURCE]

    Type

  • name string

    Name of the source

  • mandatoryCommentRequirement string

    Possible values: [ALL_DECISIONS, REVOKE_ONLY_DECISIONS, NO_DECISIONS]

    Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.

Loading...