"openapi: 3.0.3\ninfo:\n title: Identity and Access Management\n description: >\n The Identity and Access Management Service provides authentication and authorization for all public APIs of the Polaris Platform. In addition to gate-keeping for other services in the platform,\n Identity and Access Management service offers endpoints for management of organizations, api-tokens, users, application roles, and organization roles.\n\n\n **Base path change and deprecation notice**\n\n\n The base path for the Identity and Access Management API is changing (from `/api/ciam` to `/api/auth`). The `/api/ciam/` base path will continue to function until `Mon, 31 Mar 2025 23:59:59 GMT`.\n\n\n Additionally, several endpoints are being deprecated. Endpoints that are being deprecated include additional properties in response headers:\n\n\n ```\n\n \"Deprecation\": \"Tue, 31 Dec 2024 23:59:59 GMT\",\n\n \"Link\": \"New version of API link; rel=\\\"alternate\\\"\",\n\n \"Sunset\": \"Mon, 31 Mar 2025 23:59:59 GMT\"\n\n ```\n\n\n * `Deprecation`: The date and time when a resource will be deprecated. After this date, the resource may be removed from future versions of the API.\n\n * `Link`: A link to a supported endpoint that replicates the functionality of a deprecated one.\n\n * `Sunset`: The date and time when a resource will be removed, and no longer be available.\n\n\n * `Note`: Media type names used in Polaris APIs were renamed and no longer include “synopsys”.\n Although media types that include “synopsys” were removed from the API specifications, existing endpoints will continue to support them until September 1, 2025.\n Please update your scripts to use the new media types.\n version: 1.0.0\n contact:\n name: Black Duck Software, Inc.\n url: https://polaris.blackduck.com\nservers:\n - url: https://polaris.blackduck.com\nsecurity:\n - ApiKeyAuth: []\ntags:\n - name: Organizations\n description: >\n Read or update information about your organization. Organizations encapsulate all of the domain objects handled by the Identity and Access Management service. All other domain objects are\n created within the context of an organization.\n - name: Users\n description: |\n Create new users, update existing users, assign organization-level roles, reset passwords, and query all users that exist in your organization.\n - name: API Tokens\n description: |\n Create new API tokens, read the tokens, and revoke tokens.\n - name: Authorization\n description: |\n Assign permissions/scopes to resources/applications.\n - name: Application Users\n description: |\n List Application roles that can be applied to users of an application, retrieve a list of applications based on logged-in user's permissions, and delete application role assignments.\n - name: Organization Roles\n description: |\n List all organization-level roles (Org Administrator | Org Application Manager) supported and the users assigned to them.\n - name: SAML Identity Providers\n description: |\n Create, read, update, or delete SAML identity providers of the organization.\n - name: Login\n description: |\n Facilitate the login flow by redirecting users to the login method appropriate for their role.\n - name: Groups\n description: |\n Create new groups, retrieve existing groups by ID or by search query.\n - name: User Info\n description: |\n Retrieve claims about the authenticated user.\n - name: Attack Detection\n description: Brute force attack detection.\n - name: Application Roles\n description: |\n Create, read, update, or delete application roles of an organization. Find permission groups assigned to an application role.\npaths:\n /api/ciam/organizations:\n get:\n operationId: getOrganizationsDeprecated\n tags:\n - Organizations\n summary: |\n Retrieves organization details\n description: |\n Returns details (id|name) for the organization the user belongs to, using a mandatory filter.\n parameters:\n - $ref: '#/components/parameters/OrganizationsFilter'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedOrganizations'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/login:\n post:\n operationId: getLoginDeprecated\n tags:\n - Login\n summary: |\n Retrieves the login redirect URI for a given user.\n description: |\n Depending on their role, users log in via either SAML or 2FA.\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedLoginRequest'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedLoginResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/openid-connect/userinfo:\n get:\n operationId: getUserInfoDeprecated\n tags:\n - User Info\n summary: |\n Retrieve claims about the authenticated user.\n description: |\n returns detailed user information as close as possible to <a href=\"https://openid.net/specs/openid-connect-core-1_0.html#UserInfo\">OpenID Connect documentation.\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedOidcSuccessResponse'\n '400':\n description: >\n Follows the structure in the specification. In the case where the organization does not exist, expect an `error_type` of `bad_request`. The error info will be returned identically in both\n the WWW-Authenticate header and response body.\n headers:\n WWW-Authenticate:\n schema:\n type: string\n required: true\n description: Comma-delimited error information.\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/offline/api-tokens:\n post:\n operationId: createOfflineApiTokenDeprecated\n tags:\n - API Tokens\n summary: |\n Creates new API token\n description: |\n **Permissions: Org Admin Only.** Creates a new API Token for the authenticated caller. The 'id' in the response entity is required to revoke the token with DELETE at a later time.\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedCreateApiTokenRequest'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedApiToken'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '409':\n $ref: '#/paths/~1api~1ciam~1users/post/responses/409'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/api-tokens:\n get:\n operationId: getApiTokensDeprecated\n tags:\n - API Tokens\n summary: |\n Fetch All API Tokens.\n description: |\n Retrieves all API tokens created by the authenticated user. Note: Get API token by ID is not supported.\n parameters:\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedApiTokens'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/api-tokens/{apiTokenId}:\n delete:\n operationId: deleteApiTokenDeprecated\n tags:\n - API Tokens\n summary: |\n Revoke API Token\n description: |\n **Permissions: Org Admin Only.** Revoke the API token with the given ID. This token will no longer be accepted by the Identity and Access Management service.\n Other services are responsible for checking the revocation status of an API Token if they are allowing API Tokens for authenticated access.\n parameters:\n - $ref: '#/components/parameters/TokenId'\n responses:\n '204':\n description: |\n The API token was successfully revoked.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/authorize:\n post:\n operationId: assignScopeToResourceDeprecated\n tags:\n - Authorization\n summary: |\n Authorizes the logged-in user to assign scope to an application\n description: |\n **Permissions: Org Admin Only.** Allows an authenticated user to assign a scope (e.g. scan.read) to a resource (resource can be an application).\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedAuthorizationRequest'\n responses:\n '201':\n $ref: '#/components/responses/DeprecatedAuthorizationResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/scopes:\n get:\n operationId: getUserScopesDeprecated\n tags:\n - Authorization\n summary: |\n Retrieves list of permission scopes for logged-in user of requested resource.\n description: |\n Returns a list of permission scopes to a logged in user for a requested resource.\n parameters:\n - $ref: '#/components/parameters/UserScopesFilter'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedUserScopes'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n description: |\n Returned when a specified resource could not be found.\n content:\n application/problem+json:\n schema:\n $ref: '#/paths/~1api~1ciam~1users~1{userId}/get/responses/404/content/application~1problem+json/schema'\n example:\n type: urn:x-ciam:not-found\n title: Resource not found\n status: 404\n detail: The requested resource could not be found.\n instance: /api/auth/organizations/1234/users/5678\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/users:\n post:\n operationId: createUserDeprecated\n tags:\n - Users\n summary: |\n Create user\n description: |\n This endpoint is used to create regular organization users. A link to set a password will be emailed to the new user.\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedCreateUserRequest'\n responses:\n '201':\n $ref: '#/components/responses/DeprecatedCreatedUser'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '409':\n description: |\n Returned when the request conflicts with the current state of the target resource.\n content:\n application/problem+json:\n schema:\n $ref: '#/paths/~1api~1ciam~1users~1{userId}/get/responses/404/content/application~1problem+json/schema'\n example:\n type: urn:x-ciam:conflict\n title: Conflict\n status: 409\n detail: The request conflicts with the current state of the target resource.\n instance: /api/auth/organizations/1234/users/5678\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n get:\n operationId: getUsersDeprecated\n tags:\n - Users\n summary: |\n Retrieve user list\n description: |\n Retrieve all of the users within the authenticated user's organization. The result can be filtered on a variety of properties outlined below.\n parameters:\n - name: _limit\n in: query\n description: |\n Limits the number of items returned in the result.\n **Default:** 100\n schema:\n type: integer\n minimum: 0\n maximum: 100\n example: 10\n - name: _offset\n in: query\n description: |\n Skips the first `_offset` items in the result.\n **Default:** 0\n schema:\n type: integer\n minimum: 0\n example: 10\n - $ref: '#/components/parameters/UsersFilter'\n - $ref: '#/components/parameters/UsersFields'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedUsers'\n '400':\n description: |\n Returned when the request could not be processed due to invalid syntax.\n content:\n application/problem+json:\n schema:\n $ref: '#/paths/~1api~1ciam~1users~1{userId}/get/responses/404/content/application~1problem+json/schema'\n example:\n type: urn:x-ciam:bad-request\n title: Invalid query filter\n status: 400\n detail: The query filter provided is invalid.\n instance: /api/auth/organizations/1234/users?filter=invalid\n '401':\n description: |\n Returned if the client has not provided a valid access token in the request.\n content:\n application/problem+json:\n schema:\n $ref: '#/paths/~1api~1ciam~1users~1{userId}/get/responses/404/content/application~1problem+json/schema'\n example:\n type: urn:x-ciam:unauthorized\n title: Unauthorized\n status: 401\n detail: The client is not authorized to access the requested resource.\n instance: /api/auth/organizations/1234/users\n '403':\n description: |\n Returned if the authenticated user does not have access to the requested resource.\n content:\n application/problem+json:\n schema:\n $ref: '#/paths/~1api~1ciam~1users~1{userId}/get/responses/404/content/application~1problem+json/schema'\n example:\n type: urn:x-ciam:forbidden\n title: Forbidden\n status: 403\n detail: The authenticated user does not have access to the requested resource.\n instance: /api/auth/organizations/1234/users\n '405':\n description: |\n Returned when the specified action is not allowed in the given URL\n content:\n application/problem+json:\n schema:\n $ref: '#/paths/~1api~1ciam~1users~1{userId}/get/responses/404/content/application~1problem+json/schema'\n example:\n type: urn:x-ciam:method-not-allowed\n title: Method Not Allowed\n status: 405\n detail: The specified action is not allowed in the given URL.\n instance: /api/auth/organizations/1234/users/5678\n '500':\n description: |\n Returned when server side error has occurred.\n content:\n application/problem+json:\n schema:\n $ref: '#/paths/~1api~1ciam~1users~1{userId}/get/responses/404/content/application~1problem+json/schema'\n example:\n type: urn:x-ciam:internal-server-error\n title: Internal Server Error\n status: 500\n detail: An internal server error has occurred.\n instance: /api/auth/organizations/1234/users/5678\n deprecated: true\n /api/ciam/users/count:\n get:\n operationId: getUserCountDeprecated\n tags:\n - Users\n summary: |\n Retrieve total number of users\n description: |\n Returns a total number of users in the organization. A filter can be used for more specific results.\n parameters:\n - $ref: '#/components/parameters/UserCountFilter'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedUserCount'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/users/{userId}:\n get:\n operationId: getUserByIdDeprecated\n tags:\n - Users\n summary: |\n Retrieves single user by ID\n description: |\n Retrieves a single user by providing respective user-id.\n parameters:\n - $ref: '#/components/parameters/UserId'\n - $ref: '#/components/parameters/UsersFields'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedUserById'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n description: |\n Returned when the user could not be found.\n content:\n application/problem+json:\n schema:\n type: object\n description: |\n Provides a [RFC 7807](https://datatracker.ietf.org/doc/html/rfc7807)-compliant response.\n properties:\n type:\n type: string\n format: uri\n description: |\n A URI reference that identifies the problem type.\n example: urn:x-ciam:invalid-query-filter\n title:\n type: string\n description: |\n A short, human-readable summary of the problem.\n status:\n type: integer\n description: |\n The HTTP status code generated by the origin server for this occurrence of the problem.\n detail:\n type: string\n description: |\n A human-readable explanation specific to this occurrence of the problem.\n instance:\n type: string\n description: |\n A URI reference that identifies the specific occurrence of the problem. It may or may not yield further information if dereferenced.\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n patch:\n operationId: updateUserDeprecated\n tags:\n - Users\n summary: |\n Update a user\n description: |\n Allows a user to update details. An email notification is sent to the updated user and Organization Administrator.\n parameters:\n - $ref: '#/components/parameters/UserId'\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedUpdateUserRequest'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedUpdatedUser'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '409':\n $ref: '#/paths/~1api~1ciam~1users/post/responses/409'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n delete:\n operationId: deleteUserByIdDeprecated\n tags:\n - Users\n summary: |\n Deletes a user by ID\n description: |\n **Permissions: Org Admin Only.** Deletes another user based on ID. Individual users cannot delete themselves.\n parameters:\n - $ref: '#/components/parameters/UserId'\n responses:\n '204':\n $ref: '#/components/responses/DeprecatedDeleteUserById'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/users/{userId}/roles:\n get:\n operationId: getUserRolesForOrganizationDeprecated\n tags:\n - Users\n summary: |\n Get organization roles by ID\n description: |\n Retrieves a list of organization-level roles assigned to the specified user.\n parameters:\n - $ref: '#/components/parameters/UserId'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedUserRoles'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n description: |\n Returned when the user could not be found.\n content:\n application/problem+json:\n schema:\n $ref: '#/paths/~1api~1ciam~1users~1{userId}/get/responses/404/content/application~1problem+json/schema'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n post:\n operationId: assignRolesToUserDeprecated\n tags:\n - Users\n summary: |\n Assigns organization-level roles to user\n description: >\n **Permissions: Org Admin Only.** Assigns organization-level roles to a user. Available roles are organization administrator and organization application manager. **Note:** organization roles\n are different from application roles\n parameters:\n - $ref: '#/components/parameters/UserId'\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedAddRolesRequest'\n responses:\n '204':\n description: |\n The roles have successfully been assigned to the user.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n delete:\n operationId: removeRolesFromUserDeprecated\n tags:\n - Users\n summary: |\n Removes organization-level role from user.\n description: >\n **Permissions: Org Admin Only.** deletes the organization level role from a user. Available roles are organization administrator and organization application manager. **Note:** Organization\n roles are different from application roles.\n parameters:\n - $ref: '#/components/parameters/UserId'\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedRemoveRolesRequest'\n responses:\n '204':\n description: |\n The role assignments have successfully been removed from the user.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/users/{userId}/reset-password:\n post:\n operationId: resetPasswordDeprecated\n tags:\n - Users\n summary: |\n Reset user password\n description: |\n Any user can use this API to reset a password by providing user-id. A non-admin user cannot reset a password for other users.\n parameters:\n - $ref: '#/components/parameters/UserId'\n requestBody:\n content:\n application/vnd.ciam.user-reset-password-1+json:\n schema:\n type: object\n responses:\n '204':\n description: |\n Password reset initiated.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/users/{userId}/2fa:\n delete:\n operationId: reset2FAForUserDeprecated\n tags:\n - Users\n summary: |\n Reset 2fa for user\n description: |\n **Permissions: Org Admin Only.** Resets the 2FA settings of another user and prompts that user through email to set up 2FA again.\n parameters:\n - $ref: '#/components/parameters/UserId'\n responses:\n '204':\n $ref: '#/components/responses/DeprecatedReset2FA'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/auth/users/{userId}/mfa:\n delete:\n operationId: resetMFAForUser\n tags:\n - Users\n summary: |\n Reset MFA for user\n description: |\n **Permissions: Org Admin Only.** Resets the MFA settings of another user and prompts that user through email to set up MFA again.\n parameters:\n - $ref: '#/components/parameters/UserId'\n responses:\n '204':\n $ref: '#/components/responses/ResetMFA'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/ciam/users/resources/applications/scopes:\n get:\n operationId: getApplicationUserScopesDeprecated\n tags:\n - Application Users\n summary: |\n Retrieves list of permission scopes for logged-in user of application.\n description: |\n Returns a list of permission scopes to a logged in user for an application, using a mandatory scope filter.\n parameters:\n - $ref: '#/components/parameters/ApplicationUserScopesFilter'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedApplicationUserScopes'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/users/{userId}/groups:\n get:\n operationId: getUserGroupsDeprecated\n tags:\n - Users\n summary: |\n Retrieves list of groups assigned to the specified user.\n description: |\n Returns a list of groups assigned to the specified user.\n parameters:\n - $ref: '#/components/parameters/UserId'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n - $ref: '#/components/parameters/GroupsFilter'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedUserGroupResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/users/{userId}/groups/count:\n get:\n operationId: getUserGroupCountDeprecated\n tags:\n - Users\n summary: |\n Retrieves the number of groups assigned to the specified user.\n description: |\n Returns the number of groups assigned to the specified user.\n parameters:\n - $ref: '#/components/parameters/UserId'\n - $ref: '#/components/parameters/UserGroupCountFilter'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedUserGroupCountResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/users/{userId}/brute-force-detection:\n get:\n operationId: getBruteForceDetectionByIdDeprecated\n tags:\n - Attack Detection\n summary: |\n Checks if a user is locked due to multiple invalid login attempts\n description: |\n **Permissions: Org Admin Only.**\n Checks the user's brute force attack details. **Note:** If the user with provided ID does not exist in the organization, the request will be successful with no-op and no exception will be thrown.\n parameters:\n - $ref: '#/components/parameters/UserId'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedGetBruteForceDetectionById'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n delete:\n operationId: deleteBruteForceDetectionDeprecated\n tags:\n - Attack Detection\n summary: |\n Unlocks a user who is locked due to multiple invalid login attempts\n description: |\n **Permissions: Org Admin Only.**\n Clears the user's brute force attack details\n and thus unlocks the user. **Note:** If the user with provided ID does not exist in the organization, the request will be successful with no-op and no exception will be thrown.\n parameters:\n - $ref: '#/components/parameters/UserId'\n responses:\n '204':\n $ref: '#/components/responses/DeprecatedDeleteBruteForceDetection'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/roles:\n get:\n operationId: getRolesDeprecated\n tags:\n - Organization Roles\n summary: |\n Retrieve organization roles\n description: |\n Returns a list of organization roles supported. Use filter for more precise results.\n parameters:\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n - $ref: '#/components/parameters/RolesFilter'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedRoles'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/roles/{roleId}/users:\n get:\n operationId: getUsersForRoleDeprecated\n tags:\n - Organization Roles\n summary: |\n Retrieve user list for role\n description: |\n Returns a list of users assigned to a specific organization role.\n parameters:\n - $ref: '#/components/parameters/RoleId'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedUsersForRole'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/roles/{roleId}/users/count:\n get:\n operationId: getUserCountForRoleDeprecated\n tags:\n - Organization Roles\n summary: |\n Retrieves user count for role\n description: |\n Returns total count of users assigned to a specific organization role.\n parameters:\n - $ref: '#/components/parameters/RoleId'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedUserForRoleCount'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/resources/applications/roles:\n get:\n operationId: getApplicationRolesDeprecated\n tags:\n - Application Users\n summary: |\n Retrieve list of application roles\n description: |\n Gives a list of application roles (Administrator|Observer|Contributor) which can be assigned to a user. **Note:** application roles are different from organization roles.\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedApplicationRoles'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/resources/applications/{applicationId}/roles/users:\n get:\n operationId: getApplicationRoleUsersDeprecated\n tags:\n - Application Users\n summary: |\n Retrieve application user list\n description: |\n Retrieves a list of users assigned to an application. Filters can be used for more precise results.\n parameters:\n - $ref: '#/components/parameters/ApplicationId'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n - $ref: '#/components/parameters/ApplicationRoleUsersFilter'\n - $ref: '#/components/parameters/ApplicationRoleUsersFields'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedApplicationRoleUsers'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/resources/applications/{applicationId}/roles/{roleId}/users:\n post:\n operationId: postAssignApplicationRoleToUserDeprecated\n tags:\n - Application Users\n summary: |\n Assign application role to user\n description: |\n **Permissions: Application Admin Only.** Assigns an application role to another user. A user can have only one role within the same application at any time.\n parameters:\n - in: path\n name: applicationId\n schema:\n type: string\n format: uuid\n example: b877b8b3-7e95-485c-92a3-b3bee3c62463\n required: true\n description: ID of the application containing the role to assign.\n - in: path\n name: roleId\n schema:\n type: string\n format: uuid\n example: fceece4e-3a97-4e0c-acc9-84167475244b\n required: true\n description: ID of the role to assign.\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedAssignUserRolesRequest'\n responses:\n '204':\n description: |\n When the roles were successfully assigned.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n patch:\n operationId: patchAssignApplicationRoleToUserDeprecated\n tags:\n - Application Users\n summary: |\n Assign application role to user\n description: |\n **Permissions: Application Admin Only.** Assigns an application role to another user. A user can have only one role within the same application at any time.\n parameters:\n - in: path\n name: applicationId\n schema:\n type: string\n format: uuid\n example: b877b8b3-7e95-485c-92a3-b3bee3c62463\n required: true\n description: ID of the application containing the role to assign.\n - in: path\n name: roleId\n schema:\n type: string\n format: uuid\n example: fceece4e-3a97-4e0c-acc9-84167475244b\n required: true\n description: ID of the role to assign.\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedAssignUserRolesRequest'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedAssignUserRolesResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/api/ciam/resources/applications/{applicationId}/roles/{roleId}/users/{userId}:\n delete:\n operationId: removeApplicationRoleFromUserDeprecated\n tags:\n - Application Users\n summary: |\n Remove application role from user\n description: |\n **Permissions: Application Admin Only.** Removes a specific application role from a user's list of roles.\n parameters:\n - in: path\n name: applicationId\n schema:\n type: string\n format: uuid\n example: b877b8b3-7e95-485c-92a3-b3bee3c62463\n required: true\n description: ID of the application containing the role to remove.\n - in: path\n name: roleId\n schema:\n type: string\n format: uuid\n example: fceece4e-3a97-4e0c-acc9-84167475244b\n required: true\n description: ID of the role to remove.\n - in: path\n name: userId\n schema:\n type: string\n format: uuid\n example: b898feae-23ef-4cee-b9ad-80679f4f3e3f\n required: true\n description: ID of the user assigned the role.\n responses:\n '204':\n description: |\n When the role was successfully removed.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/resources/applications/{applicationId}/roles/{roleId}/groups/{groupId}:\n delete:\n operationId: deleteGroupsRolesFromApplicationDeprecated\n tags:\n - Groups\n summary: |\n Removes an application role from a group.\n description: |\n **Permissions: Organization Administrator, Organization Application Manager and Application Administrator.**\n parameters:\n - in: path\n name: applicationId\n schema:\n type: string\n format: uuid\n example: b877b8b3-7e95-485c-92a3-b3bee3c62463\n required: true\n description: ID of the application containing the role to remove.\n - in: path\n name: roleId\n schema:\n type: string\n format: uuid\n example: fceece4e-3a97-4e0c-acc9-84167475244b\n required: true\n description: ID of the role to remove.\n - in: path\n name: groupId\n schema:\n type: string\n format: uuid\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n required: true\n description: ID of the group assigned the role.\n responses:\n '204':\n description: |\n The role was successfully removed from the group.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/saml/identity-providers:\n post:\n operationId: createSamlIdpForOrganizationDeprecated\n tags:\n - SAML Identity Providers\n summary: |\n Add SAML identity provider to organization\n description: |\n **Permissions: saml.idp.write scope** Add a SAML identity provider to the organization.\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedSamlIdpRequestDeprecated'\n responses:\n '201':\n $ref: '#/components/responses/DeprecatedSamlIdpResponseDeprecated'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '409':\n $ref: '#/paths/~1api~1ciam~1users/post/responses/409'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n get:\n operationId: getSamlIdpsForOrganizationDeprecated\n tags:\n - SAML Identity Providers\n summary: |\n Fetch all SAML identity providers.\n description: |\n **Permissions: saml.idp.read scope** Retrieve list of SAML identity providers configured for the organization.\n parameters:\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n - $ref: '#/components/parameters/SamlIdpNameFilter'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedSamlIdpResponsesDeprecated'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/saml/identity-providers/{samlIdpId}:\n get:\n operationId: getSamlIdpForOrganizationDeprecated\n tags:\n - SAML Identity Providers\n summary: |\n Retrieves single SAML identity provided by id.\n description: |\n **Permissions: saml.idp.read scope** Retrieves single SAML identity provider to the organization.\n parameters:\n - $ref: '#/components/parameters/SamlIdpId'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedSamlIdpResponseDeprecated'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n patch:\n operationId: updateSamlIdpForOrganizationDeprecated\n tags:\n - SAML Identity Providers\n summary: |\n update SAML identity provider to organization\n description: |\n **Permissions: saml.idp.write scope** Add a SAML identity provider to the organization.\n parameters:\n - $ref: '#/components/parameters/SamlIdpId'\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedSamlIdpPatchRequestDeprecated'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedSamlIdpResponseDeprecated'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '409':\n $ref: '#/paths/~1api~1ciam~1users/post/responses/409'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n delete:\n operationId: deleteSamlIdpForOrganizationDeprecated\n tags:\n - SAML Identity Providers\n summary: |\n delete SAML identity provider from organization\n description: |\n **Permissions: saml.idp.write scope** delete a SAML identity provider to the organization.\n parameters:\n - $ref: '#/components/parameters/SamlIdpId'\n responses:\n '204':\n description: |\n The saml-idp have successfully been deleted.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/saml/signature-algorithms:\n get:\n operationId: getSamlSignatureAlgorithmsDeprecated\n tags:\n - SAML Identity Providers\n summary: |\n Fetch all SAML signature algorithms.\n description: |\n **Permissions: saml.idp.read scope** Retrieve list of SAML signature algorithm to the organization.\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedSamlSignatureAlgorithmResponses'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/saml/group-collision-config-options:\n get:\n operationId: getSamlGroupCollisionConfigOptionsDeprecated\n tags:\n - SAML Identity Providers\n summary: |\n Fetch all SAML group collision config options.\n description: |\n **Permissions: saml.idp.read scope** Retrieve list of SAML group collision config options for the organization.\n * These options decides the handling of group name collision with local groups, when SAML groups are imported.\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedSamlGroupCollisionConfigOptionResponses'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/saml/identity-providers/metadata:\n get:\n operationId: getSamlIdpMetadataForOrganizationDeprecated\n tags:\n - SAML Identity Providers\n summary: |\n Retrieves SAML SP metadata for the organization.\n description: |\n **Permissions: saml.idp.read scope.** Returns a downloadable XML file.\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedSamlXmlMetadataResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/saml/identity-providers/{samlIdpId}/metadata:\n get:\n operationId: getSamlIdpMetadataDeprecated\n tags:\n - SAML Identity Providers\n summary: |\n Retrieves SAML SP metadata for the specified identity provider.\n description: |\n **Permissions: saml.idp.read scope.** Returns a downloadable XML file.\n parameters:\n - $ref: '#/components/parameters/SamlIdpId'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedSamlXmlMetadataResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/groups:\n post:\n operationId: createGroupDeprecated\n tags:\n - Groups\n summary: |\n Create a group specified in the request body.\n description: |\n **Permissions: Org Admin Only.** An authenticated user can create a group. **Note**: \n * Group names cannot be less than 3 characters and greater than 50 characters in length.\n * Group names may not contain the special character `/`.\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedGroupCreateRequest'\n responses:\n '201':\n $ref: '#/components/responses/DeprecatedGroupResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '409':\n $ref: '#/paths/~1api~1ciam~1users/post/responses/409'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n get:\n operationId: getGroupsDeprecated\n tags:\n - Groups\n summary: |\n Retrieve a list of groups that match a specified filter.\n description: |\n **Permissions: Organization Administrator or Organization Application Manager.** Retrieves all groups that match the specified 'search' filter.\n parameters:\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n - $ref: '#/components/parameters/GroupsFilter'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedGroupResponses'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/groups/count:\n get:\n operationId: getGroupCountDeprecated\n tags:\n - Groups\n summary: |\n Retrieve the number of groups optionally matching a filter.\n description: |\n **Permissions: Organization Administrator or Organization Application Manager.**\n parameters:\n - $ref: '#/components/parameters/GroupsFilter'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedGroupCountResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/groups/{groupId}:\n get:\n operationId: getGroupByIdDeprecated\n tags:\n - Groups\n summary: |\n Get a group by its ID.\n description: |\n Returns a group with the specified ID.\n parameters:\n - $ref: '#/components/parameters/GroupId'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedGroupResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n put:\n operationId: updateGroupDeprecated\n tags:\n - Groups\n summary: |\n Update a group specified in the request body.\n description: |\n **Permissions: Org Admin Only.** An authenticated user can update a group. **Note**: \n * Group names cannot be less than 3 characters and greater than 50 characters in length.\n * Group names may not contain the special character `/`.\n parameters:\n - $ref: '#/components/parameters/GroupId'\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedGroupUpdateRequest'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedGroupResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '409':\n $ref: '#/paths/~1api~1ciam~1users/post/responses/409'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n delete:\n operationId: deleteGroupDeprecated\n tags:\n - Groups\n summary: |\n Delete a group\n description: |\n **Permissions: Org Admin Only.** An authenticated user can delete a group\n parameters:\n - $ref: '#/components/parameters/GroupId'\n responses:\n '204':\n description: |\n The group was successfully deleted.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/groups/{groupId}/users:\n get:\n operationId: getGroupUsersDeprecated\n tags:\n - Groups\n summary: |\n Get members of a group.\n description: |\n Returns a list of users that belong to the group.\n parameters:\n - $ref: '#/components/parameters/GroupId'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedGroupUserResponses'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n patch:\n operationId: updateGroupUsersDeprecated\n tags:\n - Groups\n summary: |\n Assign a list of users to the group.\n description: |\n **Permissions: Organization Administrator or Organization Application Manager.**\n > An authenticated user can assign users to a group.\n\n **Note**: \n * If the users are already assigned, trying to reassign will have no effect (ie, the behaviour is idempotent).\n * If the user(s) provided in request body don't exist, 400 Bad Request will be thrown and there won't be any assignments.\n parameters:\n - $ref: '#/components/parameters/GroupId'\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedGroupUserAssignmentRequest'\n responses:\n '204':\n description: |\n Users are successfully assigned to group.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/groups/{groupId}/users/{userId}:\n delete:\n operationId: removeUserFromGroupDeprecated\n tags:\n - Groups\n summary: |\n Remove user from group\n description: |\n **Permissions: Organization Administrator or Organization Application Manager.** Removes a specific user from a group.\n parameters:\n - in: path\n name: groupId\n schema:\n type: string\n format: uuid\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n required: true\n description: ID of the group containing the user to remove.\n - $ref: '#/components/parameters/UserId'\n responses:\n '204':\n description: When the user was successfully removed from the group.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/groups/{groupId}/roles/{roleId}:\n put:\n operationId: assignOrgRoleToGroupDeprecated\n tags:\n - Groups\n summary: |\n Assign an organization-level role to a group.\n description: >\n **Permissions: Only organization administrators may use this API.** Organization-level roles are global roles that allow access to organization-level resources such as IAM. Examples are\n 'Administrator' and 'Application Manager'. Assigning a group a particular role grants all users in that group that role.\n parameters:\n - name: groupId\n in: path\n required: true\n description: ID of the group being assigned the role.\n schema:\n type: string\n format: uuid\n example: fb990429-3876-4744-86f2-21913cb0bd37\n - name: roleId\n in: path\n required: true\n description: ID of the role being assigned to the group.\n schema:\n type: string\n format: uuid\n example: fb990429-3876-4744-86f2-21913cb0bd37\n responses:\n '204':\n description: |\n When the role was successfully assigned to the group.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n delete:\n operationId: removeOrgRoleFromGroupDeprecated\n tags:\n - Groups\n summary: |\n Remove an organization-level role from a group\n description: |\n **Permissions: Only organization administrators may use this API.*** Removes a role that was previously assigned to the group.\n parameters:\n - name: groupId\n in: path\n required: true\n description: ID of the group assigned the role.\n schema:\n type: string\n format: uuid\n example: fb990429-3876-4744-86f2-21913cb0bd37\n - name: roleId\n in: path\n required: true\n description: ID of the role being removed from the group.\n schema:\n type: string\n format: uuid\n example: fb990429-3876-4744-86f2-21913cb0bd37\n responses:\n '204':\n description: |\n When the assignment either has been deleted, or didn't exist in the first place.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/groups/{groupId}/roles:\n get:\n operationId: getGroupOrgRolesDeprecated\n tags:\n - Groups\n summary: |\n Get a list of organization-levels assigned to a group.\n description: |\n **Permissions: Only organization administrators may use this API**\n parameters:\n - $ref: '#/components/parameters/GroupId'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedGroupOrgRoleResponses'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/groups/{groupId}/applications:\n post:\n operationId: assignApplicationRolesToGroupDeprecated\n tags:\n - Groups\n summary: |\n Assign a list of application roles to the group.\n description: >\n **Permissions: Organization Administrator or Organization Application Manager or Application Administrator.** API to assign list of application roles to the group.\n\n **Note**: * If an assignment already exists in the application for the group with same role, then trying to reassign will have no effect (i.e. the behaviour is idempotent). * If an assignment\n already exists in the application for the group with different role, then this API will overwrite the existing assignment with the role in the request. * If the applicationId(s) provided in\n request body does not exist, 404 Not Found will be returned and there won't be any assignments. * If the roleId(s) provided in request body does not exist, 400 Bad Request will be returned and\n there won't be any assignments.\n parameters:\n - $ref: '#/components/parameters/GroupId'\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedGroupApplicationRoleAssignmentRequest'\n responses:\n '204':\n description: |\n The list of application roles are successfully assigned to group.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n get:\n operationId: getApplicationRolesForGroupDeprecated\n tags:\n - Groups\n summary: |\n Get a list of application roles assigned to a group.\n description: |\n **Permissions**: Only Organization Admins and Organization Application Managers\n parameters:\n - $ref: '#/components/parameters/GroupId'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n - $ref: '#/components/parameters/GroupApplicationRoleFilter'\n - $ref: '#/components/parameters/GroupApplicationRoleSort'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedGroupAppRoleResponses'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/groups/{groupId}/applications/count:\n get:\n operationId: getApplicationRoleCountForGroupDeprecated\n tags:\n - Groups\n summary: |\n Get the number of application roles assigned to a group.\n description: |\n **Permissions**: Only Organization Admins and Organization Application Managers\n parameters:\n - $ref: '#/components/parameters/GroupId'\n - $ref: '#/components/parameters/GroupApplicationRoleFilter'\n - $ref: '#/components/parameters/GroupApplicationRoleSort'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedGroupAppRoleCountResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/applications/{applicationId}/groups:\n post:\n operationId: assignGroupsRolesToApplicationDeprecated\n tags:\n - Groups\n summary: |\n Assign a list of group roles to an application.\n description: |\n **Permissions: Organization Administrator, Organization Application Manager and Application Administrator.**\n > API to assign a list of group roles to the application.\n\n **Note**:\n * If the assignment already exists in an application for a group with same role, then trying to reassign will have no effect (i.e. the behaviour is idempotent).\n * If the assignment already exists in an application for a group with different role, then this API will overwrite the existing assignment with the role in the request.\n * If the groupId(s) provided in request body does not exist, 400 Bad Request will be returned and there won't be any assignments.\n * If the roleId(s) provided in request body does not exist, 400 Bad Request will be returned and there won't be any assignments.\n parameters:\n - $ref: '#/components/parameters/ApplicationId'\n requestBody:\n $ref: '#/components/requestBodies/DeprecatedApplicationGroupRoleAssignmentRequest'\n responses:\n '204':\n description: |\n The list of group roles are successfully assigned to application.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n get:\n operationId: getGroupsForApplicationDeprecated\n tags:\n - Groups\n summary: |\n Get groups assigned to an application.\n description: |\n **Permissions**: Only Organization Admins and Organization Application Managers\n parameters:\n - $ref: '#/components/parameters/ApplicationId'\n - $ref: '#/components/parameters/ApplicationGroupRoleFilter'\n - $ref: '#/components/parameters/ApplicationGroupRoleSort'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedGroupAppRoleResponses'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/ciam/applications/{applicationId}/groups/count:\n get:\n operationId: getApplicationRoleCountForApplicationsDeprecated\n tags:\n - Groups\n summary: |\n Get the number of groups assigned to an application.\n description: |\n **Permissions**: Only Organization Admins and Organization Application Managers\n parameters:\n - $ref: '#/components/parameters/ApplicationId'\n - $ref: '#/components/parameters/ApplicationGroupRoleFilter'\n responses:\n '200':\n $ref: '#/components/responses/DeprecatedAppRoleGroupCountResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n deprecated: true\n /api/auth/organizations:\n get:\n operationId: getOrganizations\n tags:\n - Organizations\n summary: |\n Retrieves organization details\n description: |\n Returns details (id|name) for the organization the user belongs to, using a mandatory filter.\n parameters:\n - $ref: '#/components/parameters/OrganizationsFilter'\n responses:\n '200':\n $ref: '#/components/responses/Organizations'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/login:\n post:\n operationId: getLogin\n tags:\n - Login\n summary: |\n Retrieves the login redirect URI for a given user.\n description: |\n Depending on their role, users log in via either SAML or 2FA.\n requestBody:\n $ref: '#/components/requestBodies/LoginRequest'\n responses:\n '200':\n $ref: '#/components/responses/LoginResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/openid-connect/userinfo:\n get:\n operationId: getUserInfo\n tags:\n - User Info\n summary: |\n Retrieve claims about the authenticated user.\n description: |\n returns detailed user information as close as possible to <a href=\"https://openid.net/specs/openid-connect-core-1_0.html#UserInfo\">OpenID Connect documentation.\n responses:\n '200':\n $ref: '#/components/responses/OidcSuccessResponse'\n '400':\n description: >\n Follows the structure in the specification. In the case where the organization does not exist, expect an `error_type` of `bad_request`. The error info will be returned identically in both\n the WWW-Authenticate header and response body.\n headers:\n WWW-Authenticate:\n schema:\n type: string\n required: true\n description: Comma-delimited error information.\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/offline/api-tokens:\n post:\n operationId: createOfflineApiToken\n tags:\n - API Tokens\n summary: |\n Creates new API token\n description: |\n **Permissions: Org Admin Only.** Creates a new API Token for the authenticated caller. The 'id' in the response entity is required to revoke the token with DELETE at a later time.\n requestBody:\n $ref: '#/components/requestBodies/CreateApiTokenRequest'\n responses:\n '200':\n $ref: '#/components/responses/ApiToken'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '409':\n $ref: '#/paths/~1api~1ciam~1users/post/responses/409'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/api-tokens:\n get:\n operationId: getApiTokens\n tags:\n - API Tokens\n summary: |\n Fetch All API Tokens.\n description: |\n Retrieves all API tokens created by the authenticated user. Note: Get API token by ID is not supported.\n parameters:\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n responses:\n '200':\n $ref: '#/components/responses/ApiTokens'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/api-tokens/{apiTokenId}:\n delete:\n operationId: deleteApiToken\n tags:\n - API Tokens\n summary: |\n Revoke API Token\n description: |\n **Permissions: Org Admin Only.** Revoke the API token with the given ID. This token will no longer be accepted by the Identity and Access Management service.\n Other services are responsible for checking the revocation status of an API Token if they are allowing API Tokens for authenticated access.\n parameters:\n - $ref: '#/components/parameters/TokenId'\n responses:\n '204':\n description: |\n The API token was successfully revoked.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/authorize:\n post:\n operationId: assignScopeToResource\n tags:\n - Authorization\n summary: |\n Authorizes the logged-in user to assign scope to an application\n description: |\n **Permissions: Org Admin Only.** Allows an authenticated user to assign a scope (e.g. scan.read) to a resource (resource can be an application).\n requestBody:\n $ref: '#/components/requestBodies/AuthorizationRequest'\n responses:\n '201':\n $ref: '#/components/responses/AuthorizationResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/scopes:\n get:\n operationId: getUserScopes\n tags:\n - Authorization\n summary: |\n Retrieves list of permission scopes for logged-in user of requested resource.\n description: |\n Returns a list of permission scopes to a logged in user for a requested resource.\n parameters:\n - $ref: '#/components/parameters/UserScopesFilter'\n responses:\n '200':\n $ref: '#/components/responses/UserScopes'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/users:\n post:\n operationId: createUser\n tags:\n - Users\n summary: |\n Create user\n description: |\n This endpoint is used to create regular organization users. A link to set a password will be emailed to the new user.\n requestBody:\n $ref: '#/components/requestBodies/CreateUserRequest'\n responses:\n '201':\n $ref: '#/components/responses/CreatedUser'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '409':\n $ref: '#/paths/~1api~1ciam~1users/post/responses/409'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n get:\n operationId: getUsers\n tags:\n - Users\n summary: |\n Retrieve user list\n description: |\n Retrieve all of the users within the authenticated user's organization. The result can be filtered on a variety of properties outlined below.\n parameters:\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n - $ref: '#/components/parameters/UsersFilter'\n - $ref: '#/components/parameters/UsersFields'\n responses:\n '200':\n $ref: '#/components/responses/Users'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/users/count:\n get:\n operationId: getUserCount\n tags:\n - Users\n summary: |\n Retrieve total number of users\n description: |\n Returns a total number of users in the organization. A filter can be used for more specific results.\n parameters:\n - $ref: '#/components/parameters/UserCountFilter'\n responses:\n '200':\n $ref: '#/components/responses/UserCount'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/users/{userId}:\n get:\n operationId: getUserById\n tags:\n - Users\n summary: |\n Retrieves single user by ID\n description: |\n Retrieves a single user by providing respective user-id.\n parameters:\n - $ref: '#/components/parameters/UserId'\n - $ref: '#/components/parameters/UsersFields'\n responses:\n '200':\n $ref: '#/components/responses/UserById'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n description: |\n Returned when the user could not be found.\n content:\n application/problem+json:\n schema:\n $ref: '#/paths/~1api~1ciam~1users~1{userId}/get/responses/404/content/application~1problem+json/schema'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n patch:\n operationId: updateUser\n tags:\n - Users\n summary: |\n Update a user\n description: |\n Allows a user to update details. An email notification is sent to the updated user and Organization Administrator.\n parameters:\n - $ref: '#/components/parameters/UserId'\n requestBody:\n $ref: '#/components/requestBodies/UpdateUserRequest'\n responses:\n '200':\n $ref: '#/components/responses/UpdatedUser'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '409':\n $ref: '#/paths/~1api~1ciam~1users/post/responses/409'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n delete:\n operationId: deleteUserById\n tags:\n - Users\n summary: |\n Deletes a user by ID\n description: |\n **Permissions: Org Admin Only.** Deletes another user based on ID. Individual users cannot delete themselves.\n parameters:\n - $ref: '#/components/parameters/UserId'\n responses:\n '204':\n $ref: '#/components/responses/DeleteUserById'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/users/{userId}/roles:\n get:\n operationId: getUserRolesForOrganization\n tags:\n - Users\n summary: |\n Get organization roles by ID\n description: |\n Retrieves a list of organization-level roles assigned to the specified user.\n parameters:\n - $ref: '#/components/parameters/UserId'\n responses:\n '200':\n $ref: '#/components/responses/UserRoles'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n description: |\n Returned when the user could not be found.\n content:\n application/problem+json:\n schema:\n $ref: '#/paths/~1api~1ciam~1users~1{userId}/get/responses/404/content/application~1problem+json/schema'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n post:\n operationId: assignRolesToUser\n tags:\n - Users\n summary: |\n Assigns organization-level roles to user\n description: >\n **Permissions: Org Admin Only.** Assigns organization-level roles to a user. Available roles are organization administrator and organization application manager. **Note:** organization roles\n are different from application roles\n parameters:\n - $ref: '#/components/parameters/UserId'\n requestBody:\n $ref: '#/components/requestBodies/AddRolesRequest'\n responses:\n '204':\n description: |\n The roles have successfully been assigned to the user.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n delete:\n operationId: removeRolesFromUser\n tags:\n - Users\n summary: |\n Removes organization-level role from user.\n description: >\n **Permissions: Org Admin Only.** deletes the organization level role from a user. Available roles are organization administrator and organization application manager. **Note:** Organization\n roles are different from application roles.\n parameters:\n - $ref: '#/components/parameters/UserId'\n requestBody:\n $ref: '#/components/requestBodies/RemoveRolesRequest'\n responses:\n '204':\n description: |\n The role assignments have successfully been removed from the user.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/users/{userId}/reset-password:\n post:\n operationId: resetPassword\n tags:\n - Users\n summary: |\n Reset user password\n description: |\n Any user can use this API to reset a password by providing user-id. A non-admin user cannot reset a password for other users.\n parameters:\n - $ref: '#/components/parameters/UserId'\n requestBody:\n content:\n application/vnd.polaris.auth.user-reset-password-1+json:\n schema:\n type: object\n responses:\n '204':\n description: |\n Password reset initiated.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/users/resources/applications/scopes:\n get:\n operationId: getApplicationUserScopes\n tags:\n - Application Users\n summary: |\n Retrieves list of permission scopes for logged-in user of application.\n description: |\n Returns a list of permission scopes to a logged in user for an application, using a mandatory scope filter.\n parameters:\n - $ref: '#/components/parameters/ApplicationUserScopesFilter'\n responses:\n '200':\n $ref: '#/components/responses/ApplicationUserScopes'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/users/{userId}/groups:\n get:\n operationId: getUserGroups\n tags:\n - Users\n summary: |\n Retrieves list of groups assigned to the specified user.\n description: |\n Returns a list of groups assigned to the specified user.\n parameters:\n - $ref: '#/components/parameters/UserId'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n - $ref: '#/components/parameters/GroupsFilter'\n responses:\n '200':\n $ref: '#/components/responses/UserGroupResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/users/{userId}/groups/count:\n get:\n operationId: getUserGroupCount\n tags:\n - Users\n summary: |\n Retrieves the number of groups assigned to the specified user.\n description: |\n Returns the number of groups assigned to the specified user.\n parameters:\n - $ref: '#/components/parameters/UserId'\n - $ref: '#/components/parameters/UserGroupCountFilter'\n responses:\n '200':\n $ref: '#/components/responses/UserGroupCountResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/users/{userId}/brute-force-detection:\n get:\n operationId: getBruteForceDetectionById\n tags:\n - Attack Detection\n summary: |\n Checks if a user is locked due to multiple invalid login attempts\n description: |\n **Permissions: Org Admin Only.**\n Checks the user's brute force attack details. **Note:** If the user with provided ID does not exist in the organization, the request will be successful with no-op and no exception will be thrown.\n parameters:\n - $ref: '#/components/parameters/UserId'\n responses:\n '200':\n $ref: '#/components/responses/GetBruteForceDetectionById'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n delete:\n operationId: deleteBruteForceDetection\n tags:\n - Attack Detection\n summary: |\n Unlocks a user who is locked due to multiple invalid login attempts\n description: |\n **Permissions: Org Admin Only.**\n Clears the user's brute force attack details\n and thus unlocks the user. **Note:** If the user with provided ID does not exist in the organization, the request will be successful with no-op and no exception will be thrown.\n parameters:\n - $ref: '#/components/parameters/UserId'\n responses:\n '204':\n $ref: '#/components/responses/DeleteBruteForceDetection'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/roles:\n get:\n operationId: getRoles\n tags:\n - Organization Roles\n summary: |\n Retrieve organization roles\n description: |\n Returns a list of organization roles supported. Use filter for more precise results.\n parameters:\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n - $ref: '#/components/parameters/RolesFilter'\n responses:\n '200':\n $ref: '#/components/responses/Roles'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/roles/{roleId}/users:\n get:\n operationId: getUsersForRole\n tags:\n - Organization Roles\n summary: |\n Retrieve user list for role\n description: |\n Returns a list of users assigned to a specific organization role.\n parameters:\n - $ref: '#/components/parameters/RoleId'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n responses:\n '200':\n $ref: '#/components/responses/UsersForRole'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/roles/{roleId}/users/count:\n get:\n operationId: getUserCountForRole\n tags:\n - Organization Roles\n summary: |\n Retrieves user count for role\n description: |\n Returns total count of users assigned to a specific organization role.\n parameters:\n - $ref: '#/components/parameters/RoleId'\n responses:\n '200':\n $ref: '#/components/responses/UserForRoleCount'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/resources/applications/roles:\n get:\n operationId: getApplicationRoles\n tags:\n - Application Users\n summary: |\n Retrieve list of application roles\n description: |\n Gives a list of application roles (Administrator|Observer|Contributor) which can be assigned to a user. **Note:** application roles are different from organization roles.\n responses:\n '200':\n $ref: '#/components/responses/ApplicationRoles'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/resources/applications/{applicationId}/roles/users:\n get:\n operationId: getApplicationRoleUsers\n tags:\n - Application Users\n summary: |\n Retrieve application user list\n description: |\n Retrieves a list of users assigned to an application. Filters can be used for more precise results.\n parameters:\n - $ref: '#/components/parameters/ApplicationId'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n - $ref: '#/components/parameters/ApplicationRoleUsersFilter'\n - $ref: '#/components/parameters/ApplicationRoleUsersFields'\n responses:\n '200':\n $ref: '#/components/responses/ApplicationRoleUsers'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/resources/applications/{applicationId}/roles/users/{userId}:\n get:\n operationId: getApplicationRoleUserById\n tags:\n - Application Users\n summary: |\n Retrieve application user by user id\n description: |\n Retrieves user details assigned to an application.\n parameters:\n - $ref: '#/components/parameters/ApplicationId'\n - $ref: '#/components/parameters/UserId'\n responses:\n '200':\n $ref: '#/components/responses/ApplicationRoleUser'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/resources/applications/{applicationId}/roles/{roleId}/users:\n post:\n operationId: postAssignApplicationRoleToUser\n tags:\n - Application Users\n summary: |\n Assign application role to user\n description: |\n **Permissions: Application Admin Only.** Assigns an application role to another user. A user can have only one role within the same application at any time.\n parameters:\n - in: path\n name: applicationId\n schema:\n type: string\n format: uuid\n example: b877b8b3-7e95-485c-92a3-b3bee3c62463\n required: true\n description: ID of the application containing the role to assign.\n - in: path\n name: roleId\n schema:\n type: string\n format: uuid\n example: fceece4e-3a97-4e0c-acc9-84167475244b\n required: true\n description: ID of the role to assign.\n requestBody:\n $ref: '#/components/requestBodies/AssignUserRolesRequest'\n responses:\n '204':\n description: |\n When the roles were successfully assigned.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n patch:\n operationId: patchAssignApplicationRoleToUser\n tags:\n - Application Users\n summary: |\n Assign application role to user\n description: |\n **Permissions: Application Admin Only.** Assigns an application role to another user. A user can have only one role within the same application at any time.\n parameters:\n - in: path\n name: applicationId\n schema:\n type: string\n format: uuid\n example: b877b8b3-7e95-485c-92a3-b3bee3c62463\n required: true\n description: ID of the application containing the role to assign.\n - in: path\n name: roleId\n schema:\n type: string\n format: uuid\n example: fceece4e-3a97-4e0c-acc9-84167475244b\n required: true\n description: ID of the role to assign.\n requestBody:\n $ref: '#/components/requestBodies/AssignUserRolesRequest'\n responses:\n '200':\n $ref: '#/components/responses/AssignUserRolesResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/resources/applications/{applicationId}/roles/{roleId}/users/{userId}:\n delete:\n operationId: removeApplicationRoleFromUser\n tags:\n - Application Users\n summary: |\n Remove application role from user\n description: |\n **Permissions: Application Admin Only.** Removes a specific application role from a user's list of roles.\n parameters:\n - in: path\n name: applicationId\n schema:\n type: string\n format: uuid\n example: b877b8b3-7e95-485c-92a3-b3bee3c62463\n required: true\n description: ID of the application containing the role to remove.\n - in: path\n name: roleId\n schema:\n type: string\n format: uuid\n example: fceece4e-3a97-4e0c-acc9-84167475244b\n required: true\n description: ID of the role to remove.\n - in: path\n name: userId\n schema:\n type: string\n format: uuid\n example: b898feae-23ef-4cee-b9ad-80679f4f3e3f\n required: true\n description: ID of the user assigned the role.\n responses:\n '204':\n description: |\n When the role was successfully removed.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/resources/applications/{applicationId}/users/{userId}:\n get:\n operationId: getApplicationUserById\n tags:\n - Application Users\n summary: |\n Retrieve details of an application-user by user id\n description: |\n Any member of the application will have access to view user details. This API includes any user who is assigned to the application via user-role-assignment or group-role-assignment.\n parameters:\n - $ref: '#/components/parameters/ApplicationId'\n - $ref: '#/components/parameters/UserId'\n responses:\n '200':\n $ref: '#/components/responses/ApplicationUserById'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/resources/applications/{applicationId}/users:\n get:\n operationId: getApplicationUsers\n tags:\n - Application Users\n summary: |\n Retrieve a list of application-users by application id\n description: |\n Any member of the application will have access to view user details. This API includes any user who is assigned to the application via user-role-assignment or group-role-assignment.\n parameters:\n - $ref: '#/components/parameters/ApplicationId'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n - $ref: '#/components/parameters/ApplicationUsersFilter'\n responses:\n '200':\n $ref: '#/components/responses/ApplicationUsers'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/resources/applications/{applicationId}/roles/{roleId}/groups/{groupId}:\n delete:\n operationId: deleteGroupsRolesFromApplication\n tags:\n - Groups\n summary: |\n Removes an application role from a group.\n description: |\n **Permissions: Organization Administrator, Organization Application Manager and Application Administrator.**\n parameters:\n - in: path\n name: applicationId\n schema:\n type: string\n format: uuid\n example: b877b8b3-7e95-485c-92a3-b3bee3c62463\n required: true\n description: ID of the application containing the role to remove.\n - in: path\n name: roleId\n schema:\n type: string\n format: uuid\n example: fceece4e-3a97-4e0c-acc9-84167475244b\n required: true\n description: ID of the role to remove.\n - in: path\n name: groupId\n schema:\n type: string\n format: uuid\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n required: true\n description: ID of the group assigned the role.\n responses:\n '204':\n description: |\n The role was successfully removed from the group.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/identity-providers/saml:\n post:\n operationId: createIdpSamlForOrganization\n tags:\n - SAML Identity Providers\n summary: |\n Add SAML identity provider to organization\n description: |\n **Permissions: saml.idp.write scope** Add a SAML identity provider to the organization.\n requestBody:\n $ref: '#/components/requestBodies/SamlIdpRequest'\n responses:\n '201':\n $ref: '#/components/responses/SamlIdpResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '409':\n $ref: '#/paths/~1api~1ciam~1users/post/responses/409'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n get:\n operationId: getIdpSamlForOrganization\n tags:\n - SAML Identity Providers\n summary: |\n Fetch all SAML identity providers.\n description: |\n **Permissions: saml.idp.read scope** Retrieve list of SAML identity providers configured for the organization.\n parameters:\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n - $ref: '#/components/parameters/SamlIdpNameFilter'\n responses:\n '200':\n $ref: '#/components/responses/SamlIdpResponses'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/identity-providers/saml/{samlIdpId}:\n get:\n operationId: getIdpSamlByIdForOrganization\n tags:\n - SAML Identity Providers\n summary: |\n Retrieves single SAML identity provided by id.\n description: |\n **Permissions: saml.idp.read scope** Retrieves single SAML identity provider to the organization.\n parameters:\n - $ref: '#/components/parameters/SamlIdpId'\n responses:\n '200':\n $ref: '#/components/responses/SamlIdpResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n patch:\n operationId: updateIdpSamlByIdForOrganization\n tags:\n - SAML Identity Providers\n summary: |\n update SAML identity provider to organization\n description: |\n **Permissions: saml.idp.write scope** Add a SAML identity provider to the organization.\n parameters:\n - $ref: '#/components/parameters/SamlIdpId'\n requestBody:\n $ref: '#/components/requestBodies/SamlIdpPatchRequest'\n responses:\n '200':\n $ref: '#/components/responses/SamlIdpResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '409':\n $ref: '#/paths/~1api~1ciam~1users/post/responses/409'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n delete:\n operationId: deleteIdpSamlByIdForOrganization\n tags:\n - SAML Identity Providers\n summary: |\n delete SAML identity provider from organization\n description: |\n **Permissions: saml.idp.write scope** delete a SAML identity provider to the organization.\n parameters:\n - $ref: '#/components/parameters/SamlIdpId'\n responses:\n '204':\n description: |\n The saml-idp have successfully been deleted.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/identity-providers/saml/signature-algorithms:\n get:\n operationId: getIdpSamlSignatureAlgorithms\n tags:\n - SAML Identity Providers\n summary: |\n Fetch all SAML signature algorithms.\n description: |\n **Permissions: saml.idp.read scope** Retrieve list of SAML signature algorithm to the organization.\n responses:\n '200':\n $ref: '#/components/responses/SamlSignatureAlgorithmResponses'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/identity-providers/saml/group-collision-config-options:\n get:\n operationId: getIdpSamlGroupCollisionConfigOptions\n tags:\n - SAML Identity Providers\n summary: |\n Fetch all SAML group collision config options.\n description: |\n **Permissions: saml.idp.read scope** Retrieve list of SAML group collision config options for the organization.\n * These options decides the handling of group name collision with local groups, when SAML groups are imported.\n responses:\n '200':\n $ref: '#/components/responses/SamlGroupCollisionConfigOptionResponses'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/identity-providers/saml/metadata:\n get:\n operationId: getIdpSamlMetadataForOrganization\n tags:\n - SAML Identity Providers\n summary: |\n Retrieves SAML SP metadata for the organization.\n description: |\n **Permissions: saml.idp.read scope.** Returns a downloadable XML file.\n responses:\n '200':\n $ref: '#/components/responses/SamlXmlMetadataResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/identity-providers/saml/{samlIdpId}/metadata:\n get:\n operationId: getIdpSamlMetadata\n tags:\n - SAML Identity Providers\n summary: |\n Retrieves SAML SP metadata for the specified identity provider.\n description: |\n **Permissions: saml.idp.read scope.** Returns a downloadable XML file.\n parameters:\n - $ref: '#/components/parameters/SamlIdpId'\n responses:\n '200':\n $ref: '#/components/responses/SamlXmlMetadataResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/groups:\n post:\n operationId: createGroup\n tags:\n - Groups\n summary: |\n Create a group specified in the request body.\n description: |\n **Permissions: Org Admin Only.** An authenticated user can create a group. **Note**: \n * Group names cannot be less than 3 characters and greater than 50 characters in length.\n * Group names may not contain the special character `/`.\n requestBody:\n $ref: '#/components/requestBodies/GroupCreateRequest'\n responses:\n '201':\n $ref: '#/components/responses/GroupResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '409':\n $ref: '#/paths/~1api~1ciam~1users/post/responses/409'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n get:\n operationId: getGroups\n tags:\n - Groups\n summary: |\n Retrieve a list of groups that match a specified filter.\n description: |\n **Permissions: Organization Administrator or Organization Application Manager.** Retrieves all groups that match the specified 'search' filter.\n parameters:\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n - $ref: '#/components/parameters/GroupsFilter'\n responses:\n '200':\n $ref: '#/components/responses/GroupResponses'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/groups/count:\n get:\n operationId: getGroupCount\n tags:\n - Groups\n summary: |\n Retrieve the number of groups optionally matching a filter.\n description: |\n **Permissions: Organization Administrator or Organization Application Manager.**\n parameters:\n - $ref: '#/components/parameters/GroupsFilter'\n responses:\n '200':\n $ref: '#/components/responses/GroupCountResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/groups/{groupId}:\n get:\n operationId: getGroupById\n tags:\n - Groups\n summary: |\n Get a group by its ID.\n description: |\n Returns a group with the specified ID.\n parameters:\n - $ref: '#/components/parameters/GroupId'\n responses:\n '200':\n $ref: '#/components/responses/GroupResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n put:\n operationId: updateGroup\n tags:\n - Groups\n summary: |\n Update a group specified in the request body.\n description: |\n **Permissions: Org Admin Only.** An authenticated user can update a group. **Note**: \n * Group names cannot be less than 3 characters and greater than 50 characters in length.\n * Group names may not contain the special character `/`.\n parameters:\n - $ref: '#/components/parameters/GroupId'\n requestBody:\n $ref: '#/components/requestBodies/GroupUpdateRequest'\n responses:\n '200':\n $ref: '#/components/responses/GroupResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '409':\n $ref: '#/paths/~1api~1ciam~1users/post/responses/409'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n delete:\n operationId: deleteGroup\n tags:\n - Groups\n summary: |\n Delete a group\n description: |\n **Permissions: Org Admin Only.** An authenticated user can delete a group\n parameters:\n - $ref: '#/components/parameters/GroupId'\n responses:\n '204':\n description: |\n The group was successfully deleted.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/groups/{groupId}/users:\n get:\n operationId: getGroupUsers\n tags:\n - Groups\n summary: |\n Get members of a group.\n description: |\n Returns a list of users that belong to the group.\n parameters:\n - $ref: '#/components/parameters/GroupId'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n responses:\n '200':\n $ref: '#/components/responses/GroupUserResponses'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n patch:\n operationId: updateGroupUsers\n tags:\n - Groups\n summary: |\n Assign a list of users to the group.\n description: |\n **Permissions: Organization Administrator or Organization Application Manager.**\n > An authenticated user can assign users to a group.\n\n **Note**: \n * If the users are already assigned, trying to reassign will have no effect (ie, the behaviour is idempotent).\n * If the user(s) provided in request body don't exist, 400 Bad Request will be thrown and there won't be any assignments.\n parameters:\n - $ref: '#/components/parameters/GroupId'\n requestBody:\n $ref: '#/components/requestBodies/GroupUserAssignmentRequest'\n responses:\n '204':\n description: |\n Users are successfully assigned to group.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/groups/{groupId}/users/{userId}:\n delete:\n operationId: removeUserFromGroup\n tags:\n - Groups\n summary: |\n Remove user from group\n description: |\n **Permissions: Organization Administrator or Organization Application Manager.** Removes a specific user from a group.\n parameters:\n - in: path\n name: groupId\n schema:\n type: string\n format: uuid\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n required: true\n description: ID of the group containing the user to remove.\n - $ref: '#/components/parameters/UserId'\n responses:\n '204':\n description: When the user was successfully removed from the group.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/groups/{groupId}/roles/{roleId}:\n put:\n operationId: assignOrgRoleToGroup\n tags:\n - Groups\n summary: |\n Assign an organization-level role to a group.\n description: >\n **Permissions: Only organization administrators may use this API.** Organization-level roles are global roles that allow access to organization-level resources such as IAM. Examples are\n 'Administrator' and 'Application Manager'. Assigning a group a particular role grants all users in that group that role.\n parameters:\n - name: groupId\n in: path\n required: true\n description: ID of the group being assigned the role.\n schema:\n type: string\n format: uuid\n example: fb990429-3876-4744-86f2-21913cb0bd37\n - name: roleId\n in: path\n required: true\n description: ID of the role being assigned to the group.\n schema:\n type: string\n format: uuid\n example: fb990429-3876-4744-86f2-21913cb0bd37\n responses:\n '204':\n description: |\n When the role was successfully assigned to the group.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n delete:\n operationId: removeOrgRoleFromGroup\n tags:\n - Groups\n summary: |\n Remove an organization-level role from a group\n description: |\n **Permissions: Only organization administrators may use this API.*** Removes a role that was previously assigned to the group.\n parameters:\n - name: groupId\n in: path\n required: true\n description: ID of the group assigned the role.\n schema:\n type: string\n format: uuid\n example: fb990429-3876-4744-86f2-21913cb0bd37\n - name: roleId\n in: path\n required: true\n description: ID of the role being removed from the group.\n schema:\n type: string\n format: uuid\n example: fb990429-3876-4744-86f2-21913cb0bd37\n responses:\n '204':\n description: |\n When the assignment either has been deleted, or didn't exist in the first place.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/groups/{groupId}/roles:\n get:\n operationId: getGroupOrgRoles\n tags:\n - Groups\n summary: |\n Get a list of organization-levels assigned to a group.\n description: |\n **Permissions: Only organization administrators may use this API**\n parameters:\n - $ref: '#/components/parameters/GroupId'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n responses:\n '200':\n $ref: '#/components/responses/GroupOrgRoleResponses'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/groups/{groupId}/applications:\n post:\n operationId: assignApplicationRolesToGroup\n tags:\n - Groups\n summary: |\n Assign a list of application roles to the group.\n description: >\n **Permissions: Organization Administrator or Organization Application Manager or Application Administrator.** API to assign list of application roles to the group.\n\n **Note**: * If an assignment already exists in the application for the group with same role, then trying to reassign will have no effect (i.e. the behaviour is idempotent). * If an assignment\n already exists in the application for the group with different role, then this API will overwrite the existing assignment with the role in the request. * If the applicationId(s) provided in\n request body does not exist, 404 Not Found will be returned and there won't be any assignments. * If the roleId(s) provided in request body does not exist, 400 Bad Request will be returned and\n there won't be any assignments.\n parameters:\n - $ref: '#/components/parameters/GroupId'\n requestBody:\n $ref: '#/components/requestBodies/GroupApplicationRoleAssignmentRequest'\n responses:\n '204':\n description: |\n The list of application roles are successfully assigned to group.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n get:\n operationId: getApplicationRolesForGroup\n tags:\n - Groups\n summary: |\n Get a list of application roles assigned to a group.\n description: |\n **Permissions**: Only Organization Admins and Organization Application Managers\n parameters:\n - $ref: '#/components/parameters/GroupId'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/0'\n - $ref: '#/paths/~1api~1ciam~1users/get/parameters/1'\n - $ref: '#/components/parameters/GroupApplicationRoleFilter'\n - $ref: '#/components/parameters/GroupApplicationRoleSort'\n responses:\n '200':\n $ref: '#/components/responses/GroupAppRoleResponses'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/groups/{groupId}/applications/count:\n get:\n operationId: getApplicationRoleCountForGroup\n tags:\n - Groups\n summary: |\n Get the number of application roles assigned to a group.\n description: |\n **Permissions**: Only Organization Admins and Organization Application Managers\n parameters:\n - $ref: '#/components/parameters/GroupId'\n - $ref: '#/components/parameters/GroupApplicationRoleFilter'\n - $ref: '#/components/parameters/GroupApplicationRoleSort'\n responses:\n '200':\n $ref: '#/components/responses/GroupAppRoleCountResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/applications/{applicationId}/groups:\n post:\n operationId: assignGroupsRolesToApplication\n tags:\n - Groups\n summary: |\n Assign a list of group roles to an application.\n description: |\n **Permissions: Organization Administrator, Organization Application Manager and Application Administrator.**\n > API to assign a list of group roles to the application.\n\n **Note**:\n * If the assignment already exists in an application for a group with same role, then trying to reassign will have no effect (i.e. the behaviour is idempotent).\n * If the assignment already exists in an application for a group with different role, then this API will overwrite the existing assignment with the role in the request.\n * If the groupId(s) provided in request body does not exist, 400 Bad Request will be returned and there won't be any assignments.\n * If the roleId(s) provided in request body does not exist, 400 Bad Request will be returned and there won't be any assignments.\n parameters:\n - $ref: '#/components/parameters/ApplicationId'\n requestBody:\n $ref: '#/components/requestBodies/ApplicationGroupRoleAssignmentRequest'\n responses:\n '204':\n description: |\n The list of group roles are successfully assigned to application.\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n get:\n operationId: getGroupsForApplication\n tags:\n - Groups\n summary: |\n Get groups assigned to an application.\n description: |\n **Permissions**: Only Organization Admins and Organization Application Managers\n parameters:\n - $ref: '#/components/parameters/ApplicationId'\n - $ref: '#/components/parameters/ApplicationGroupRoleFilter'\n - $ref: '#/components/parameters/ApplicationGroupRoleSort'\n responses:\n '200':\n $ref: '#/components/responses/GroupAppRoleResponses'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\n /api/auth/applications/{applicationId}/groups/count:\n get:\n operationId: getApplicationRoleCountForApplications\n tags:\n - Groups\n summary: |\n Get the number of groups assigned to an application.\n description: |\n **Permissions**: Only Organization Admins and Organization Application Managers\n parameters:\n - $ref: '#/components/parameters/ApplicationId'\n - $ref: '#/components/parameters/ApplicationGroupRoleFilter'\n responses:\n '200':\n $ref: '#/components/responses/AppRoleGroupCountResponse'\n '400':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/400'\n '401':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/401'\n '403':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/403'\n '404':\n $ref: '#/paths/~1api~1ciam~1scopes/get/responses/404'\n '405':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/405'\n '500':\n $ref: '#/paths/~1api~1ciam~1users/get/responses/500'\ncomponents:\n securitySchemes:\n ApiKeyAuth:\n type: apiKey\n in: header\n name: Api-Token\n parameters:\n OrganizationsFilter:\n name: _filter\n in: query\n required: true\n description: |\n A filter string that further limits the results returned, expressed in the [rsql](https://github.com/jirutka/rsql-parser) format.\n\n | Key | Operator | Description | RSQL Example |\n |--------------|----------------|---------------------------------------------------------------------------------|-------------------------------------|\n | `user.email` | `==` | The user's email. Allows to retrieve all the organizations the user belongs to. | `user.email==\"johndoe@example.com\"` |\n schema:\n type: string\n format: rsql\n example: user.email==john@com\n UserId:\n name: userId\n in: path\n required: true\n description: |\n The user id.\n schema:\n type: string\n format: uuid\n example: b898feae-23ef-4cee-b9ad-80679f4f3e3f\n UsersFields:\n name: _fields\n in: query\n description: |\n A set of fields to be returned in the result, separated by a comma (`,`).\n\n **Default:** id, organizationId, email, firstName, lastName, enabled\n **Supported:** id, organizationId, email, firstName, lastName, enabled\n schema:\n type: string\n example: id,email\n UsersFilter:\n name: _filter\n in: query\n description: >\n A filter string that further limits the results returned, expressed in the [rsql](https://github.com/jirutka/rsql-parser) format.\n\n\n | Key | Operator | Case Sensitive | Description \n | RSQL Example |\n\n |--------------|----------------|----------------------|----------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------|\n\n | `email` | `==` | No | The email address. \n | `email==\"janedoe@example.com\"` |\n\n | `firstName` | `==` | No | The first name. \n | `firstName==\"Jane\"` |\n\n | `lastName` | `==` | No | The last name. \n | `lastName==\"Doe\"` |\n\n | `search` | `==` | No | A search string contained in the email, first or last name. Can't be used with any other filter keys. \n | `search==\"jane doe\"` |\n\n | `id` | `=in=` | No | The list of userIds. The maximum size allowed for the list is '50'. Can't be used with any other filter keys. \n | `id=in=(a738feae-23ef-4cee-b9ad-80679f4f4b2e,c248feae-23ef-4cee-b9ad-80679f4f9e2d)` |\n\n | `roleName` | `==` | Yes | The name of the role. Example of role names are administrator and application-manager. Can't be used with any other filter keys. \n | `roleName==\"administrator\"` |\n schema:\n type: string\n format: rsql\n example: email==\"janedoe@example.com\"\n UserCountFilter:\n name: _filter\n in: query\n description: >\n A filter string that further limits the results returned, expressed in the [rsql](https://github.com/jirutka/rsql-parser) format.\n\n\n | Key | Operator | Case Sensitive | Description | RSQL Example |\n\n |--------------|----------------|----------------------|-------------------------------------------------------------------------------------------------------|------------------------------|\n\n | `search` | `==` | No | A search string contained in the email, first or last name. Can't be used with any other filter keys. | `search==\"jane doe\"` \n |\n schema:\n type: string\n format: rsql\n example: search==\"jane doe\"\n UserScopesFilter:\n name: _filter\n in: query\n description: >\n A filter string that further limits the results returned, expressed in the [rsql](https://github.com/jirutka/rsql-parser) format.\n\n\n | Key | Operator | Case Sensitive | Optional |\n Description | RSQL Example |\n\n |-----------------|----------------|----------------------|----------------|-----------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------|\n\n | `resourceType` | `==` | No | Yes | The resource type. Supported enum values: `application`, `organization`. By default\n organization. | `resourceType==organization` |\n\n | `resourceId` | `==` | No | Yes | The resource id. If no filter is specified, the response includes the scopes for all the resources of the\n organization. | `resourceId==fceece4e-3a97-4e0c-acc9-84167475244b` |\n\n | `scope` | `==`, `=in=` | No | No | The scope names. Resources having none of the requested scopes aren't included into the\n result. | `scope=in=(sca.read,scan.run)` |\n schema:\n type: string\n format: rsql\n example: resourceType==organization\n ApplicationUserScopesFilter:\n name: _filter\n in: query\n description: >\n A filter string that further limits the results returned, expressed in the [rsql](https://github.com/jirutka/rsql-parser) format.\n\n\n | Key | Operator | Case Sensitive | Optional |\n Description | RSQL Example |\n\n |-----------------|----------------|----------------------|----------------|-----------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------|\n\n | `applicationId` | `==` | No | Yes | The application id. If no filter is specified, the response includes the scopes for all the applications of the\n organization. | `applicationId==\"fceece4e-3a97-4e0c-acc9-84167475244b\"` |\n\n | `scope` | `==`, `=in=` | No | No | The scope names. Applications having none of the requested scopes aren't included into the\n result. | `scope=in=(sca.read,scan.run)` |\n schema:\n type: string\n format: rsql\n example: applicationId==\"fceece4e-3a97-4e0c-acc9-84167475244b\"\n ApplicationRoleUsersFields:\n name: _fields\n in: query\n description: |\n A set of fields to be returned in the result, separated by a comma (`,`).\n\n **Default:** user.id, role.id, application.id\n **Supported:** user.id, user.email, user.firstName, user.lastName, role.id, application.id\n schema:\n type: string\n example: user.id, role.id, application.id\n ApplicationRoleUsersFilter:\n name: _filter\n in: query\n description: |\n A filter string that further limits the results returned, expressed in the [rsql](https://github.com/jirutka/rsql-parser) format.\n\n | Key | Operator | Case Sensitive | Description | RSQL Example |\n |--------------|----------------|----------------------|------------------|------------------------------------------------|\n | `roleId` | `==` | No | The role id. | `roleId==\"fceece4e-3a97-4e0c-acc9-84167475244b\"` |\n schema:\n type: string\n format: rsql\n example: roleId==\"fceece4e-3a97-4e0c-acc9-84167475244b\"\n SamlIdpNameFilter:\n name: _filter\n in: query\n description: |\n A filter string that further limits the results returned, expressed in the [rsql](https://github.com/jirutka/rsql-parser) format.\n\n | Key | Operator | Case Sensitive | Description | RSQL Example |\n |--------------|----------------|----------------------|---------------------------------------|------------------------------|\n | `name` | `==` | No | A search string contained in the name.| `name==\"saml\"` |\n schema:\n type: string\n format: rsql\n example: name==\"saml\"\n SamlIdpId:\n name: samlIdpId\n in: path\n required: true\n description: |\n The SAML identity provider id.\n schema:\n type: string\n format: uuid\n example: b898feae-23ef-4cee-b9ad-80679f4f3e3f\n GroupId:\n name: groupId\n in: path\n required: true\n description: |\n The group id.\n schema:\n type: string\n format: uuid\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n GroupsFilter:\n name: _filter\n in: query\n description: |\n A filter string expressed in the [rsql](https://github.com/jirutka/rsql-parser) format.\n\n | Key | Operator | Case Sensitive | Description | RSQL Example |\n |--------------|----------------|----------------------|----------------------------------------------------|------------------------------|\n | `search` | `==` | No | A string to search in the group names. | `search==\"test group\"` |\n schema:\n type: string\n format: rsql\n example: search==\"test group\"\n UserGroupCountFilter:\n name: _filter\n in: query\n description: |\n A filter string expressed in the [rsql](https://github.com/jirutka/rsql-parser) format.\n\n | Key | Operator | Case Sensitive | Description | RSQL Example |\n |--------------|----------------|----------------------|----------------------------------------------------|------------------------------|\n | `search` | `==` | No | A string to search in the group names. | `search==\"test group\"` |\n schema:\n type: string\n format: rsql\n example: search==\"test group\"\n GroupApplicationRoleFilter:\n name: _filter\n in: query\n required: false\n description: >\n A filter string that further limits the results returned, expressed in the [rsql](https://github.com/jirutka/rsql-parser) format.\n\n\n | Key | Operator | Description | RSQL\n Example | |\n\n |-------------------|------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------|---|\n\n | `applicationName` | `==` | A filter to limit based on the name of the application assigned to the group. Wildcards (*) may be included in the value to indicate a partial match. |\n `applicationName=\"myapplication\" applicationName==\"a*\" applicationName==\"*a*\"` | |\n schema:\n type: string\n format: rsql\n example: applicationName==\"myapplication\"\n GroupApplicationRoleSort:\n name: _sort\n in: query\n required: false\n description: >\n An indicator of the sort order that results should be returned. It takes the form of: `field`|`(ASC or DESC)`. Note that the URL will need to be encoded to be encoded.\n\n\n | Field | Directions | Description |\n Example | |\n\n |-------------------|------------------------------------------------------------------------|---------------------------------------------------------------------------|-----------------------------------------------------|---|\n\n | `applicationName` | `ASC` (alphanumeric ascending), `DESC` (alphanumeric descending) | A parameter to sort by the name of the application assigned to the group. |\n `applicationName|ASC`, `applicationName|DESC` |---|\n schema:\n type: string\n example: applicationName|ASC\n ApplicationGroupRoleFilter:\n name: _filter\n in: query\n required: false\n description: >\n A filter string that further limits the results returned, expressed in the [rsql](https://github.com/jirutka/rsql-parser) format.\n\n\n | Key | Operator | Description | RSQL\n Example | |\n\n |-----------------|------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|---|\n\n | `groupName` | `==` | A filter to limit based on the name of the group assigned to the application. Wildcards (*) may be included in the value to indicate a partial match. |\n `groupName=\"mygroup\" groupName==\"g*\" groupName==\"*ygrou*\"` | |\n schema:\n type: string\n format: rsql\n example: groupName==\"mygroup\"\n ApplicationGroupRoleSort:\n name: _sort\n in: query\n required: false\n description: >\n An indicator of the sort order that results should be returned. It takes the form of: `field`|`(ASC or DESC)`. Note that the URL will need to be encoded to be encoded.\n\n\n | Field | Directions | Description |\n Example | |\n\n |-------------------|------------------------------------------------------------------------|---------------------------------------------------------------------------|-------------------------------------------------|---|\n\n | `groupName` | `ASC` (alphanumeric ascending), `DESC` (alphanumeric descending) | A parameter to sort by the name of the group assigned to the application. |\n `groupName|ASC`,`groupName|DESC` |---|\n schema:\n type: string\n example: groupName|ASC\n ApplicationId:\n name: applicationId\n in: path\n required: true\n description: |\n The application id.\n schema:\n type: string\n format: uuid\n example: b877b8b3-7e95-485c-92a3-b3bee3c62463\n RolesFilter:\n name: _filter\n in: query\n description: >\n A filter string that further limits the results returned, expressed in the [rsql](https://github.com/jirutka/rsql-parser) format. When this is omitted we retrieve all organization-level roles\n for the organization specified in the Organization-Id header. No client-level roles will be included without the filter.\n\n\n | Key | Operator | Description | RSQL\n Example |\n\n |--------------|----------------|-----------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------|\n\n | `name` | `==` | The role's name. Allows for retrieval of roles by a particular name. Case sensitive. |\n `name==\"administrator\"` |\n\n |--------------|----------------|-----------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------|\n\n | `clientId` | `==` | Only applicable for client-level roles. ID of client associated with the client-level role being queried. UUID. |\n `clientId==\"fb990429-3876-4744-86f2-21913cb0bd37\"` |\n schema:\n type: string\n format: rsql\n example: name==\"administrator\"\n RoleId:\n name: roleId\n in: path\n required: true\n description: |\n The role id.\n schema:\n type: string\n format: uuid\n example: b898feae-23ef-4cee-b9ad-80679f4f3e3f\n TokenId:\n name: apiTokenId\n in: path\n required: true\n description: |\n api token id\n schema:\n type: string\n format: uuid\n example: fb990429-3876-4744-86f2-21913cb0bd37\n ApplicationUsersFilter:\n name: _filter\n in: query\n description: >\n A filter string that further limits the results returned, expressed in the [rsql](https://github.com/jirutka/rsql-parser) format.\n\n\n | Key | Operator | Case Sensitive | Description \n | RSQL Example |\n\n |--------------|----------------|----------------------|----------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------| \n\n | `search` | `==` | No | A search string contained in the email, first or last name. \n | `search==\"jane doe\"` |\n schema:\n type: string\n format: rsql\n example: search==\"janedoe@example.com\"\n PermissionGroupFilter:\n name: _filter\n in: query\n description: >\n A filter string that further limits the results returned, expressed in the [rsql](https://github.com/jirutka/rsql-parser) format.\n\n\n | Key | Operator | Case Sensitive | Description \n | RSQL Example |\n\n |--------------|----------------|----------------------|----------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------| \n\n | `search` | `==` | No | A search string contained in the permission group's name. |\n `search==\"jane doe\"` |\n schema:\n type: string\n format: rsql\n example: search==\"manage\"\n ApplicationRoleFilter:\n name: _filter\n in: query\n description: >\n A filter string that further limits the results returned, expressed in the [rsql](https://github.com/jirutka/rsql-parser) format.\n\n\n | Key | Operator | Case Sensitive | Description \n | RSQL Example |\n\n |--------------|----------------|----------------------|----------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------| \n\n | `search` | `==` | No | A search string contained in the application role's name. |\n `search==\"custom app role\"` |\n schema:\n type: string\n format: rsql\n example: search==\"manage\"\n ApplicationRoleCountFilter:\n name: _filter\n in: query\n description: >\n A filter string that further limits the results returned, expressed in the [rsql](https://github.com/jirutka/rsql-parser) format.\n\n\n | Key | Operator | Case Sensitive | Description \n | RSQL Example |\n\n |--------------|----------------|----------------------|----------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------| \n\n | `search` | `==` | No | A search string contained in the application role's name. |\n `search==\"custom app role\"` |\n schema:\n type: string\n format: rsql\n example: search==\"manage\"\n requestBodies:\n DeprecatedCreateApiTokenRequest:\n description: |\n A request to create an API token, in the context of offline tokens.\n required: true\n content:\n application/vnd.ciam.api-token-1+json:\n schema:\n $ref: '#/components/schemas/CreateApiTokenRequestBody'\n DeprecatedAddRolesRequest:\n description: |\n A request to assign roles to the user.\n required: true\n content:\n application/vnd.ciam.user-role-1+json:\n schema:\n $ref: '#/components/schemas/AddRolesRequestBody'\n DeprecatedRemoveRolesRequest:\n description: |\n A request to remove role assignments from the user.\n required: true\n content:\n application/vnd.ciam.user-role-1+json:\n schema:\n $ref: '#/components/schemas/RemoveRolesRequestBody'\n DeprecatedAssignUserRolesRequest:\n description: |\n A request to assign role assignments to a user. This requires the \"user.role.assign\" scope.\n required: true\n content:\n application/vnd.ciam.application-role-user-1+json:\n schema:\n $ref: '#/components/schemas/AssignUserRolesRequestBody'\n DeprecatedSamlIdpRequestDeprecated:\n description: |\n A request to create a SAML identity provider. This requires the 'saml.idp.write' scope.\n required: true\n content:\n application/vnd.ciam.saml-identity-provider-2+json:\n schema:\n $ref: '#/components/schemas/SamlIdpRequestBody'\n application/vnd.ciam.saml-identity-provider-1+json:\n schema:\n $ref: '#/components/schemas/SamlIdpCreateRequestBody'\n DeprecatedSamlIdpPatchRequestDeprecated:\n description: |\n A request to update a SAML identity provider. This requires the 'saml.idp.write' scope.\n required: true\n content:\n application/vnd.ciam.saml-identity-provider-2+json:\n schema:\n $ref: '#/components/schemas/SamlIdpRequestBody'\n application/vnd.ciam.saml-identity-provider-1+json:\n schema:\n $ref: '#/components/schemas/SamlIdpUpdateRequestBody'\n DeprecatedLoginRequest:\n description: |\n The login request.\n required: true\n content:\n application/vnd.ciam.login-1+json:\n schema:\n $ref: '#/components/schemas/LoginRequestBody'\n DeprecatedApplicationGroupRoleAssignmentRequest:\n description: |\n List of groupId and roleId pairs to be assigned to the application\n required: true\n content:\n application/vnd.ciam.application-group-role-1+json:\n schema:\n $ref: '#/components/schemas/ApplicationGroupRoleAssignmentRequestBody'\n DeprecatedGroupCreateRequest:\n description: |\n Request for group creation.\n required: true\n content:\n application/vnd.ciam.group-1+json:\n schema:\n $ref: '#/components/schemas/GroupCreateRequestBody'\n DeprecatedGroupUpdateRequest:\n description: |\n Request for group update.\n required: true\n content:\n application/vnd.ciam.group-1+json:\n schema:\n $ref: '#/components/schemas/GroupUpdateRequestBody'\n DeprecatedGroupUserAssignmentRequest:\n description: |\n Request for assigning users to group\n required: true\n content:\n application/vnd.ciam.group-user-1+json:\n schema:\n $ref: '#/components/schemas/GroupUserAssignmentRequestBody'\n DeprecatedGroupApplicationRoleAssignmentRequest:\n description: |\n List of applicationId and roleId pairs to be assigned to the group\n required: true\n content:\n application/vnd.ciam.group-application-role-1+json:\n schema:\n $ref: '#/components/schemas/GroupApplicationRoleAssignmentRequestBody'\n DeprecatedAuthorizationRequest:\n description: |\n The authorization request.\n required: true\n content:\n application/vnd.ciam.authorize-1+json:\n schema:\n $ref: '#/components/schemas/AuthorizationRequestBody'\n DeprecatedCreateUserRequest:\n description: |\n A request to create a user.\n required: true\n content:\n application/vnd.ciam.user-1+json:\n schema:\n $ref: '#/components/schemas/CreateUserBody'\n DeprecatedUpdateUserRequest:\n description: |\n A request to update a user.\n required: true\n content:\n application/vnd.ciam.user-1+json:\n schema:\n $ref: '#/components/schemas/UpdateUserBody'\n CreateApiTokenRequest:\n description: |\n A request to create an API token, in the context of offline tokens.\n required: true\n content:\n application/vnd.polaris.auth.api-token-1+json:\n schema:\n $ref: '#/components/schemas/CreateApiTokenRequestBody'\n AddRolesRequest:\n description: |\n A request to assign roles to the user.\n required: true\n content:\n application/vnd.polaris.auth.user-role-1+json:\n schema:\n $ref: '#/components/schemas/AddRolesRequestBody'\n RemoveRolesRequest:\n description: |\n A request to remove role assignments from the user.\n required: true\n content:\n application/vnd.polaris.auth.user-role-1+json:\n schema:\n $ref: '#/components/schemas/RemoveRolesRequestBody'\n AssignUserRolesRequest:\n description: |\n A request to assign role assignments to a user. This requires the \"user.role.assign\" scope.\n required: true\n content:\n application/vnd.polaris.auth.application-role-user-1+json:\n schema:\n $ref: '#/components/schemas/AssignUserRolesRequestBody'\n SamlIdpRequest:\n description: |\n A request to create a SAML identity provider. This requires the 'saml.idp.write' scope.\n required: true\n content:\n application/vnd.polaris.auth.saml-identity-provider-2+json:\n schema:\n $ref: '#/components/schemas/SamlIdpRequestBody'\n SamlIdpPatchRequest:\n description: |\n A request to update a SAML identity provider. This requires the 'saml.idp.write' scope.\n required: true\n content:\n application/vnd.polaris.auth.saml-identity-provider-2+json:\n schema:\n $ref: '#/components/schemas/SamlIdpUpdateRequestBody'\n LoginRequest:\n description: |\n The login request.\n required: true\n content:\n application/vnd.polaris.auth.login-1+json:\n schema:\n $ref: '#/components/schemas/LoginRequestBody'\n ApplicationGroupRoleAssignmentRequest:\n description: |\n List of groupId and roleId pairs to be assigned to the application\n required: true\n content:\n application/vnd.polaris.auth.application-group-role-1+json:\n schema:\n $ref: '#/components/schemas/ApplicationGroupRoleAssignmentRequestBody'\n GroupCreateRequest:\n description: |\n Request for group creation.\n required: true\n content:\n application/vnd.polaris.auth.group-1+json:\n schema:\n $ref: '#/components/schemas/GroupCreateRequestBody'\n GroupUpdateRequest:\n description: |\n Request for group update.\n required: true\n content:\n application/vnd.polaris.auth.group-1+json:\n schema:\n $ref: '#/components/schemas/GroupUpdateRequestBody'\n GroupUserAssignmentRequest:\n description: |\n Request for assigning users to group\n required: true\n content:\n application/vnd.polaris.auth.group-user-1+json:\n schema:\n $ref: '#/components/schemas/GroupUserAssignmentRequestBody'\n GroupApplicationRoleAssignmentRequest:\n description: |\n List of applicationId and roleId pairs to be assigned to the group\n required: true\n content:\n application/vnd.polaris.auth.group-application-role-1+json:\n schema:\n $ref: '#/components/schemas/GroupApplicationRoleAssignmentRequestBody'\n AuthorizationRequest:\n description: |\n The authorization request.\n required: true\n content:\n application/vnd.polaris.auth.authorize-1+json:\n schema:\n $ref: '#/components/schemas/AuthorizationRequestBody'\n CreateUserRequest:\n description: |\n A request to create a user.\n required: true\n content:\n application/vnd.polaris.auth.user-1+json:\n schema:\n $ref: '#/components/schemas/CreateUserBody'\n UpdateUserRequest:\n description: |\n A request to update a user.\n required: true\n content:\n application/vnd.polaris.auth.user-1+json:\n schema:\n $ref: '#/components/schemas/UpdateUserBody'\n RoleCreateRequest:\n description: |\n Request for role creation.\n required: true\n content:\n application/vnd.polaris.auth.application-role-2+json:\n schema:\n $ref: '#/components/schemas/RoleCreateRequestBody'\n RoleUpdateRequest:\n description: |\n A request to update an application role.\n required: true\n content:\n application/vnd.polaris.auth.application-role-2+json:\n schema:\n $ref: '#/components/schemas/RoleUpdateRequestBody'\n responses:\n DeprecatedOrganizations:\n description: |\n A list of organizations.\n content:\n application/vnd.ciam.organization-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/UserScopes/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of organizations.\n items:\n $ref: '#/components/schemas/Organization'\n DeprecatedLoginResponse:\n description: |\n The redirect URI and organization ID for the user.\n content:\n application/vnd.ciam.login-1+json:\n schema:\n allOf:\n - type: object\n properties:\n _type:\n type: string\n description: |\n An indicator of the resource type.\n id:\n type: string\n description: |\n The organization ID of the user.\n uri:\n type: string\n description: |\n Redirect URI for login.\n example: https://domain.example.com/identity/signin/callback/d49dd48e-5fb8-4b25-a233-3455c7be4291?login_hint=happyAdmin@com&kc_idp_hint=OKTA SSO\n DeprecatedApiToken:\n description: |\n A newly created API token.\n content:\n application/vnd.ciam.api-token-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/ApiToken'\n DeprecatedApiTokens:\n description: |\n A paginated list of API token metadata belonging to the user. The newest token appears on the top of the list.\n content:\n application/vnd.ciam.api-token-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of API token metadata.\n items:\n $ref: '#/components/schemas/ApiTokenMeta'\n DeprecatedAuthorizationResponse:\n description: |\n An authorization response.\n content:\n application/vnd.ciam.authorize-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/AuthorizationResponse'\n DeprecatedUsers:\n description: |\n A list of users.\n content:\n application/vnd.ciam.user-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of users.\n items:\n $ref: '#/components/schemas/User'\n DeprecatedCreatedUser:\n description: |\n The created user.\n content:\n application/vnd.ciam.user-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User'\n DeprecatedUserById:\n description: |\n The user fetched by user ID.\n content:\n application/vnd.ciam.user-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User'\n DeprecatedUserCount:\n description: |\n The number of users.\n content:\n application/vnd.ciam.user-count-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A user count response.\n properties:\n count:\n type: integer\n description: |\n The number of users.\n example: 10\n DeprecatedUserRoles:\n description: |\n A list of user's roles.\n content:\n application/vnd.ciam.user-role-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/UserScopes/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of user's roles.\n items:\n $ref: '#/components/schemas/UserRole'\n DeprecatedUpdatedUser:\n description: |\n The user with newly updated values.\n content:\n application/vnd.ciam.user-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User'\n DeprecatedDeleteUserById:\n description: |\n The user has been successfully deleted\n DeprecatedUsersForRole:\n description: |\n A list of users.\n content:\n application/vnd.ciam.role-user+1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of users.\n items:\n $ref: '#/components/schemas/UserForRole'\n DeprecatedUserForRoleCount:\n description: |\n The number of users.\n content:\n application/vnd.ciam.role-user-count+1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A user count response.\n properties:\n count:\n type: integer\n description: |\n The number of users.\n example: 10\n DeprecatedApplicationUserScopes:\n description: |\n A list of authorization scopes per application.\n content:\n application/vnd.ciam.application-user-scope-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/UserScopes/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of authorization scopes per application.\n items:\n $ref: '#/components/schemas/ApplicationUserScope'\n DeprecatedUserScopes:\n description: |\n A list of authorization scopes per resource.\n content:\n application/vnd.ciam.user-scope-1+json:\n schema:\n $ref: '#/components/schemas/UserScopes'\n DeprecatedReset2FA:\n description: |\n The reset 2FA email has been sent.\n DeprecatedDeleteBruteForceDetection:\n description: |\n An empty response.\n DeprecatedGetBruteForceDetectionById:\n description: |\n Get user's locked status.\n content:\n application/vnd.ciam.brute-force-detection-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n properties:\n disabled:\n type: boolean\n description: |\n User's locked status in true or false.\n example: false\n DeprecatedApplicationRoles:\n description: |\n A list of application roles.\n content:\n application/vnd.ciam.application-role-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/UserScopes/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of application roles.\n items:\n $ref: '#/components/schemas/ApplicationRole'\n DeprecatedApplicationRoleUsers:\n description: |\n A list of users assigned to application roles.\n content:\n application/vnd.ciam.application-role-user-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of users assigned to application roles.\n items:\n $ref: '#/components/schemas/ApplicationRoleUser'\n DeprecatedSamlIdpResponseDeprecated:\n description: |\n The SAML identity provider representation.\n content:\n application/vnd.ciam.saml-identity-provider-2+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/SamlIdpResponse'\n application/vnd.ciam.saml-identity-provider-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/SamlIdp'\n DeprecatedSamlIdpResponsesDeprecated:\n description: |\n A list of SAML identity providers.\n content:\n application/vnd.ciam.saml-identity-provider-2+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: |\n A list of SAML identity providers.\n items:\n $ref: '#/components/schemas/SamlIdpResponse'\n application/vnd.ciam.saml-identity-provider-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of SAML identity providers.\n items:\n $ref: '#/components/schemas/SamlIdp'\n DeprecatedSamlSignatureAlgorithmResponses:\n description: |\n A list of SAML signature algorithms.\n content:\n application/vnd.ciam.saml-signature-algorithm-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of SAML signature algorithms.\n items:\n $ref: '#/components/schemas/SamlSignatureAlgorithm'\n DeprecatedSamlGroupCollisionConfigOptionResponses:\n description: |\n A list of SAML group collision config options.\n content:\n application/vnd.ciam.saml-group-collision-config-option-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of SAML group collision config options.\n items:\n $ref: '#/components/schemas/SamlGroupCollisionConfigOption'\n DeprecatedSamlXmlMetadataResponse:\n description: |\n SAML metadata in a downloadable XML file.\n content:\n application/xml:\n schema:\n allOf:\n - $ref: '#/components/schemas/SamlMetadataXmlExample'\n DeprecatedGroupResponse:\n description: |\n An object that represents the group.\n content:\n application/vnd.ciam.group-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/Group'\n DeprecatedGroupResponses:\n description: |\n A list of groups.\n content:\n application/vnd.ciam.group-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of groups.\n items:\n $ref: '#/components/schemas/Group'\n DeprecatedGroupCountResponse:\n description: |\n The number of groups.\n content:\n application/vnd.ciam.group-count-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A response representing the number of groups.\n properties:\n count:\n type: integer\n description: |\n The number of groups.\n example: 10\n DeprecatedGroupAppRoleResponses:\n description: |\n A list of group to application role assignments.\n content:\n application/vnd.ciam.group-application-role-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of group to application role assignments.\n items:\n $ref: '#/components/schemas/GroupAppRole'\n DeprecatedGroupAppRoleCountResponse:\n description: |\n The number of application roles assigned to the group\n content:\n application/vnd.ciam.group-application-role-count-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n An application role for group count.\n properties:\n count:\n type: integer\n description: |\n The number of application roles assigned to the group.\n example: 10\n DeprecatedAppRoleGroupCountResponse:\n description: |\n The number of groups assigned to the application\n content:\n application/vnd.ciam.application-role-group-count-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A group count.\n properties:\n count:\n type: integer\n description: |\n The number of groups assigned to an application role.\n example: 10\n DeprecatedGroupUserResponses:\n description: |\n A list of users that belong to a given group.\n content:\n application/vnd.ciam.group-user-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of users that belong to a given group.\n items:\n $ref: '#/components/schemas/GroupUser'\n DeprecatedUserGroupResponse:\n description: |\n A list of groups associated to the user.\n content:\n application/vnd.ciam.user-group-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of groups associated to the user.\n items:\n $ref: '#/components/schemas/UserGroup'\n DeprecatedGroupOrgRoleResponses:\n description: |\n A list of organization-level roles assigned to a group.\n content:\n application/vnd.ciam.group-role-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of organization-level roles assigned to a group.\n items:\n $ref: '#/components/schemas/GroupOrgRole'\n DeprecatedUserGroupCountResponse:\n description: |\n The number of groups assigned to the user\n content:\n application/vnd.ciam.user-group-count-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A user group count response.\n properties:\n count:\n type: integer\n description: |\n The number of groups assigned to the user.\n example: 10\n DeprecatedOidcSuccessResponse:\n description: Compliant openid connect return structure as defined in the specification.\n content:\n application/json:\n schema:\n type: object\n required:\n - sub\n - email_verified\n - organization\n - roles\n - preferred_username\n - given_name\n - family_name\n - email\n properties:\n sub:\n type: string\n description: |\n The subject of the token. This is the unique identifier of the user.\n example: d87a8b16-a797-444c-904a-109c08ce6f5c\n email_verified:\n type: boolean\n description: |\n Whether the email has been verified.\n example: true\n organization:\n type: object\n required:\n - name\n - id\n properties:\n name:\n type: string\n description: |\n The name of the organization.\n example: test\n id:\n type: string\n description: |\n The ID of the organization.\n example: 21a7f3ea-8330-439d-8e7b-dd92430b6195\n description: |\n The organization the user belongs to.\n roles:\n type: object\n required:\n - realm\n properties:\n realm:\n type: array\n items:\n type: string\n description: |\n The roles the user has in the realm.\n example:\n - administrator\n - offline_access\n - default-roles-test\n - uma_authorization\n description: |\n The roles the user has.\n name:\n type: string\n description: |\n The name of the user.\n example: Test User\n preferred_username:\n type: string\n description: |\n The preferred username of the user. This is the email address.\n example: test@example.com\n given_name:\n type: string\n description: |\n The given name of the user.\n example: Test\n family_name:\n type: string\n description: |\n The family name of the user.\n example: User\n email:\n type: string\n description: |\n The email of the user.\n example: test@example.com\n example:\n sub: d87a8b16-a797-444c-904a-109c08ce6f5c\n email_verified: true\n organization:\n name: test\n id: 21a7f3ea-8330-439d-8e7b-dd92430b6195\n roles:\n realm:\n - administrator\n - offline_access\n - default-roles-test\n - uma_authorization\n name: Test User\n preferred_username: test@example.com\n given_name: Test\n family_name: User\n email: test@example.com\n DeprecatedRoles:\n description: |\n A list of roles.\n content:\n application/vnd.ciam.roles-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of roles.\n items:\n $ref: '#/components/schemas/Role'\n DeprecatedAssignUserRolesResponse:\n description: |\n A list of user IDs that have their application roles updated\n content:\n application/vnd.ciam.application-role-user-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A user application role assignment response\n properties:\n userIds:\n type: array\n description: |\n The list of user IDs that have their application roles updated\n items:\n type: string\n format: uuid\n example: 7b781190-cff8-43b9-9939-02aac3d8e387\n Organizations:\n description: |\n A list of organizations.\n content:\n application/vnd.polaris.auth.organization-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/UserScopes/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of organizations.\n items:\n $ref: '#/components/schemas/Organization'\n LoginResponse:\n description: |\n The redirect URI and organization ID for the user.\n content:\n application/vnd.polaris.auth.login-1+json:\n schema:\n allOf:\n - type: object\n properties:\n _type:\n type: string\n description: |\n An indicator of the resource type.\n id:\n type: string\n description: |\n The organization ID of the user.\n uri:\n type: string\n description: |\n Redirect URI for login.\n example: https://domain.example.com/identity/signin/callback/d49dd48e-5fb8-4b25-a233-3455c7be4291?login_hint=happyAdmin@com&kc_idp_hint=OKTA SSO\n ApiToken:\n description: |\n A newly created API token.\n content:\n application/vnd.polaris.auth.api-token-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/ApiToken'\n ApiTokens:\n description: |\n A paginated list of API token metadata belonging to the user. The newest token appears on the top of the list.\n content:\n application/vnd.polaris.auth.api-token-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of API token metadata.\n items:\n $ref: '#/components/schemas/ApiTokenMeta'\n AuthorizationResponse:\n description: |\n An authorization response.\n content:\n application/vnd.polaris.auth.authorize-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/AuthorizationResponse'\n Users:\n description: |\n A list of users.\n content:\n application/vnd.polaris.auth.user-1+json:\n schema:\n allOf:\n - type: object\n properties:\n _links:\n $ref: '#/components/schemas/User/allOf/0/properties/_links'\n _collection:\n type: object\n description: |\n A collection meta object for paginated collections.\n properties:\n currentPage:\n type: integer\n description: |\n The current page number of the results (one-based), given the current offset and limit settings. An empty result does not have a current page.\n example: 3\n _type:\n $ref: '#/components/schemas/User/allOf/0/properties/_type'\n hasNextPage:\n type: boolean\n description: |\n A Boolean value indicating whether the paginated collection has a next page. This may be present in the case where a total item count is not accessible.\n example: false\n - type: object\n properties:\n _items:\n type: array\n description: The list of users.\n items:\n $ref: '#/components/schemas/User'\n CreatedUser:\n description: |\n The created user.\n content:\n application/vnd.polaris.auth.user-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User'\n UserById:\n description: |\n The user fetched by user ID.\n content:\n application/vnd.polaris.auth.user-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User'\n UserCount:\n description: |\n The number of users.\n content:\n application/vnd.polaris.auth.user-count-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A user count response.\n properties:\n count:\n type: integer\n description: |\n The number of users.\n example: 10\n UserRoles:\n description: |\n A list of user's roles.\n content:\n application/vnd.polaris.auth.user-role-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/UserScopes/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of user's roles.\n items:\n $ref: '#/components/schemas/UserRole'\n UpdatedUser:\n description: |\n The user with newly updated values.\n content:\n application/vnd.polaris.auth.user-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User'\n DeleteUserById:\n description: |\n The user has been successfully deleted\n UsersForRole:\n description: |\n A list of users.\n content:\n application/vnd.polaris.auth.role-user-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of users.\n items:\n $ref: '#/components/schemas/UserForRole'\n UserForRoleCount:\n description: |\n The number of users.\n content:\n application/vnd.polaris.auth.role-user-count-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A user count response.\n properties:\n count:\n type: integer\n description: |\n The number of users.\n example: 10\n ApplicationUserScopes:\n description: |\n A list of authorization scopes per application.\n content:\n application/vnd.polaris.auth.application-user-scope-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/UserScopes/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of authorization scopes per application.\n items:\n $ref: '#/components/schemas/ApplicationUserScope'\n UserScopes:\n description: |\n A list of authorization scopes per resource.\n content:\n application/vnd.polaris.auth.user-scope-1+json:\n schema:\n $ref: '#/components/schemas/UserScopes'\n ResetMFA:\n description: |\n The reset MFA email has been sent.\n DeleteBruteForceDetection:\n description: |\n An empty response.\n GetBruteForceDetectionById:\n description: |\n Get user's locked status.\n content:\n application/vnd.polaris.auth.brute-force-detection-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n properties:\n disabled:\n type: boolean\n description: |\n User's locked status in true or false.\n example: false\n ApplicationRoles:\n description: |\n A list of application roles.\n content:\n application/vnd.polaris.auth.application-role-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/UserScopes/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of application roles.\n items:\n $ref: '#/components/schemas/ApplicationRole'\n application/vnd.polaris.auth.application-role-2+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/UserScopes/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of application roles.\n items:\n $ref: '#/components/schemas/ApplicationRoleV2'\n ApplicationRoleCount:\n description: |\n The number of application roles.\n content:\n application/vnd.polaris.auth.application-role-count-2+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A response representing the number of application roles.\n properties:\n count:\n type: integer\n description: |\n The number of application roles.\n example: 10\n ApplicationRoleUsers:\n description: |\n A list of users assigned to application roles.\n content:\n application/vnd.polaris.auth.application-role-user-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of users assigned to application roles.\n items:\n $ref: '#/components/schemas/ApplicationRoleUser'\n ApplicationRoleUser:\n description: |\n User assigned to application role.\n content:\n application/vnd.polaris.auth.application-role-user-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/ApplicationRoleUser'\n ApplicationUserById:\n description: |\n The application-user details fetched by user ID.\n content:\n application/vnd.polaris.auth.application-user-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User'\n ApplicationUsers:\n description: |\n A list of application-users.\n content:\n application/vnd.polaris.auth.application-user-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of application-users.\n items:\n $ref: '#/components/schemas/User'\n SamlIdpResponse:\n description: |\n The SAML identity provider representation.\n content:\n application/vnd.polaris.auth.saml-identity-provider-2+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/SamlIdpResponse'\n SamlIdpResponses:\n description: |\n A list of SAML identity providers.\n content:\n application/vnd.polaris.auth.saml-identity-provider-2+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of SAML identity providers.\n items:\n $ref: '#/components/schemas/SamlIdpResponse'\n SamlSignatureAlgorithmResponses:\n description: |\n A list of SAML signature algorithms.\n content:\n application/vnd.polaris.auth.saml-signature-algorithm-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of SAML signature algorithms.\n items:\n $ref: '#/components/schemas/SamlSignatureAlgorithm'\n SamlGroupCollisionConfigOptionResponses:\n description: |\n A list of SAML group collision config options.\n content:\n application/vnd.polaris.auth.saml-group-collision-config-option-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of SAML group collision config options.\n items:\n $ref: '#/components/schemas/SamlGroupCollisionConfigOption'\n SamlXmlMetadataResponse:\n description: |\n SAML metadata in a downloadable XML file.\n content:\n application/xml:\n schema:\n allOf:\n - $ref: '#/components/schemas/SamlMetadataXmlExample'\n GroupResponse:\n description: |\n An object that represents the group.\n content:\n application/vnd.polaris.auth.group-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/Group'\n GroupResponses:\n description: |\n A list of groups.\n content:\n application/vnd.polaris.auth.group-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of groups.\n items:\n $ref: '#/components/schemas/Group'\n GroupCountResponse:\n description: |\n The number of groups.\n content:\n application/vnd.polaris.auth.group-count-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A response representing the number of groups.\n properties:\n count:\n type: integer\n description: |\n The number of groups.\n example: 10\n GroupAppRoleResponses:\n description: |\n A list of group to application role assignments.\n content:\n application/vnd.polaris.auth.group-application-role-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of group to application role assignments.\n items:\n $ref: '#/components/schemas/GroupAppRole'\n GroupAppRoleCountResponse:\n description: |\n The number of application roles assigned to the group\n content:\n application/vnd.polaris.auth.group-application-role-count-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n An application role for group count.\n properties:\n count:\n type: integer\n description: |\n The number of application roles assigned to the group.\n example: 10\n AppRoleGroupCountResponse:\n description: |\n The number of groups assigned to the application\n content:\n application/vnd.polaris.auth.application-role-group-count-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A group count.\n properties:\n count:\n type: integer\n description: |\n The number of groups assigned to an application role.\n example: 10\n GroupUserResponses:\n description: |\n A list of users that belong to a given group.\n content:\n application/vnd.polaris.auth.group-user-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of users that belong to a given group.\n items:\n $ref: '#/components/schemas/GroupUser'\n UserGroupResponse:\n description: |\n A list of groups associated to the user.\n content:\n application/vnd.polaris.auth.user-group-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of groups associated to the user.\n items:\n $ref: '#/components/schemas/UserGroup'\n GroupOrgRoleResponses:\n description: |\n A list of organization-level roles assigned to a group.\n content:\n application/vnd.polaris.auth.group-role-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of organization-level roles assigned to a group.\n items:\n $ref: '#/components/schemas/GroupOrgRole'\n UserGroupCountResponse:\n description: |\n The number of groups assigned to the user\n content:\n application/vnd.polaris.auth.user-group-count-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A user group count response.\n properties:\n count:\n type: integer\n description: |\n The number of groups assigned to the user.\n example: 10\n OidcSuccessResponse:\n description: Compliant openid connect return structure as defined in the specification.\n content:\n application/json:\n schema:\n type: object\n required:\n - sub\n - email_verified\n - organization\n - roles\n - preferred_username\n - given_name\n - family_name\n - email\n properties:\n sub:\n type: string\n description: |\n The subject of the token. This is the unique identifier of the user.\n example: d87a8b16-a797-444c-904a-109c08ce6f5c\n email_verified:\n type: boolean\n description: |\n Whether the email has been verified.\n example: true\n organization:\n type: object\n required:\n - name\n - id\n properties:\n name:\n type: string\n description: |\n The name of the organization.\n example: test\n id:\n type: string\n description: |\n The ID of the organization.\n example: 21a7f3ea-8330-439d-8e7b-dd92430b6195\n description: |\n The organization the user belongs to.\n roles:\n type: object\n required:\n - realm\n properties:\n realm:\n type: array\n items:\n type: string\n description: |\n The roles the user has in the realm.\n example:\n - administrator\n - offline_access\n - default-roles-test\n - uma_authorization\n description: |\n The roles the user has.\n name:\n type: string\n description: |\n The name of the user.\n example: Test User\n preferred_username:\n type: string\n description: |\n The preferred username of the user. This is the email address.\n example: test@example.com\n given_name:\n type: string\n description: |\n The given name of the user.\n example: Test\n family_name:\n type: string\n description: |\n The family name of the user.\n example: User\n email:\n type: string\n description: |\n The email of the user.\n example: test@example.com\n example:\n sub: d87a8b16-a797-444c-904a-109c08ce6f5c\n email_verified: true\n organization:\n name: test\n id: 21a7f3ea-8330-439d-8e7b-dd92430b6195\n roles:\n realm:\n - administrator\n - offline_access\n - default-roles-test\n - uma_authorization\n name: Test User\n preferred_username: test@example.com\n given_name: Test\n family_name: User\n email: test@example.com\n Roles:\n description: |\n A list of roles.\n content:\n application/vnd.polaris.auth.roles-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of roles.\n items:\n $ref: '#/components/schemas/Role'\n AssignUserRolesResponse:\n description: |\n A list of user IDs that have their application roles updated\n content:\n application/vnd.polaris.auth.application-role-user-1+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A user application role assignment response\n properties:\n userIds:\n type: array\n description: |\n The list of user IDs that have their application roles updated\n items:\n type: string\n format: uuid\n example: 7b781190-cff8-43b9-9939-02aac3d8e387\n RoleResponseV2:\n description: |\n An object that represents the role.\n content:\n application/vnd.polaris.auth.application-role-2+json:\n schema:\n allOf:\n - $ref: '#/components/schemas/RoleV2'\n PermissionGroups:\n description: |\n A list of permission groups.\n content:\n application/vnd.polaris.auth.application-role-permissiongroup-list-1+json:\n schema:\n allOf:\n - $ref: '#/components/responses/Users/content/application~1vnd.polaris.auth.user-1+json/schema/allOf/0'\n - type: object\n properties:\n _items:\n type: array\n description: The list of permission groups.\n items:\n $ref: '#/components/schemas/PermissionGroup'\n schemas:\n Organization:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A single organization.\n properties:\n id:\n type: string\n format: uuid\n description: |\n The organization id.\n example: fb990429-3876-4744-86f2-21913cb0bd37\n name:\n type: string\n description: |\n The organization name.\n example: blackduck\n ApiToken:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n An API token\n properties:\n id:\n type: string\n format: uuid\n description: |\n Token ID.\n example: fb990429-3876-4744-86f2-21913cb0bd37\n name:\n type: string\n description: |\n The token name.\n example: my-token\n token:\n type: string\n description: |\n The raw token string. **Note:** This is not saved so make sure to copy it.\n ApiTokenMeta:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n An API token metadata.\n properties:\n id:\n type: string\n format: uuid\n description: |\n Token ID.\n example: fb990429-3876-4744-86f2-21913cb0bd37\n name:\n type: string\n description: |\n The token name.\n example: my-token\n lastAccessed:\n type: string\n format: date-time\n description: |\n Time when the token was last accessed. This is null if the token has never been used. Formatted in the ISO_8601 standard.\n example: '2007-12-03T10:15:30+01:00'\n CreateApiTokenRequestBody:\n allOf:\n - type: object\n required:\n - name\n properties:\n name:\n type: string\n description: |\n Name of the API token. Unique on a user level. Max length of 255 characters.\n example: my-token\n LoginRequestBody:\n allOf:\n - type: object\n required:\n - email\n properties:\n email:\n type: string\n description: |\n The email of a user requesting to login.\n example: user@example.com\n AuthorizationRequestBody:\n allOf:\n - type: object\n required:\n - resource\n - scope\n properties:\n resource:\n type: object\n required:\n - id\n - type\n description: |\n The resource to access.\n properties:\n id:\n type: string\n format: uuid\n description: |\n The resource id.\n example: 0f2e993a-0736-41c5-88f0-e529b11983d6\n type:\n type: string\n enum:\n - application\n description: |\n The resource type.\n example: application\n scope:\n type: string\n description: |\n The authorization scope.\n example: scan.read\n AuthorizationResponse:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n An authorization response.\n properties:\n access:\n type: string\n enum:\n - granted\n - denied\n description: |\n The authorization decision.\n example: granted\n User:\n allOf:\n - type: object\n description: |\n A single resource object.\n properties:\n _type:\n type: string\n description: |\n An indicator of the resource type.\n example: test\n _links:\n type: array\n description: |\n An array of links that can be followed for further information about this resource.\n items:\n type: object\n description: |\n An individual link that can be followed for further information about this resource.\n required:\n - href\n - rel\n - method\n properties:\n href:\n type: string\n format: uri\n description: |\n The URI to follow for this reference.\n example: http://example.com\n rel:\n type: string\n format: rel\n description: |\n The relation name.\n example: self\n method:\n type: string\n description: |\n The HTTP method to use while following this reference.\n example: GET\n - type: object\n description: |\n A single user.\n properties:\n id:\n type: string\n format: uuid\n description: |\n The user id.\n example: b898feae-23ef-4cee-b9ad-80679f4f3e3f\n organizationId:\n type: string\n format: uuid\n description: |\n The id of the organization the user belongs to.\n example: fb990429-3876-4744-86f2-21913cb0bd37\n email:\n type: string\n description: |\n The user email address.\n example: janedoe@example.com\n firstName:\n type: string\n description: |\n The user's first name.\n example: Jane\n lastName:\n type: string\n description: |\n The user's last name.\n example: Doe\n enabled:\n type: boolean\n description: |\n Indicates whether the user is active or inactive.\n example: true\n CreateUserBody:\n allOf:\n - type: object\n required:\n - email\n description: |\n The create user request body.\n properties:\n email:\n type: string\n description: |\n The user's email address.\n example: janedoe@example.com\n firstName:\n type: string\n description: |\n The user's first name.\n example: Jane\n lastName:\n type: string\n description: |\n The user's last name.\n example: Doe\n enabled:\n type: boolean\n default: true\n description: |\n Indicates whether the user is active or inactive. Default is `true` (active).\n example: true\n UpdateUserBody:\n allOf:\n - type: object\n description: |\n The update user request body.\n properties:\n email:\n type: string\n description: |\n The user's email address.\n example: janedoe@example.com\n firstName:\n type: string\n description: |\n The user's first name.\n example: Jane\n lastName:\n type: string\n description: |\n The user's last name.\n example: Doe\n enabled:\n type: boolean\n description: |\n Indicates whether the user is active or inactive.\n example: true\n UserRole:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A single user's role.\n properties:\n id:\n type: string\n format: uuid\n description: |\n The role id.\n example: 378ef8d8-1389-4156-b052-ff7263e0a0f2\n name:\n type: string\n description: |\n The role name.\n example: administrator\n displayName:\n type: string\n description: |\n The role name to be displayed in the UI.\n example: Administrator\n attributes:\n type: object\n description: |\n The custom role attributes. The presence of the polaris=true attribute denotes that the role is a Polaris system role.\n example:\n polaris:\n - 'true'\n UserScopes:\n allOf:\n - type: object\n properties:\n _links:\n $ref: '#/components/schemas/User/allOf/0/properties/_links'\n _collection:\n type: object\n description: |\n A collection meta object for unpaginated collections.\n properties:\n _type:\n $ref: '#/components/schemas/User/allOf/0/properties/_type'\n - type: object\n properties:\n _items:\n type: array\n description: |\n A list of authorization scopes for a single resource.\n items:\n $ref: '#/components/schemas/ScopeResponse'\n ScopeResponse:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A list of authorization scopes for a single resource.\n properties:\n resourceId:\n type: string\n format: uuid\n description: |\n The resource ID.\n example: b898feae-23ef-4cee-b9ad-80679f4f3e3f\n resourceType:\n type: string\n description: |\n The resource type.\n example: application\n scopes:\n type: array\n description: |\n The authorization scopes.\n items:\n type: string\n example:\n - scan.read\n - scan.run\n ApplicationUserScope:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A list of authorization scopes for a single application.\n properties:\n applicationId:\n type: string\n format: uuid\n description: |\n The application ID.\n example: b898feae-23ef-4cee-b9ad-80679f4f3e3f\n scopes:\n type: array\n description: |\n The authorization scopes.\n items:\n type: string\n example:\n - scan.read\n - scan.run\n ApplicationRole:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A single application role.\n properties:\n id:\n type: string\n format: uuid\n description: |\n The role ID.\n example: fceece4e-3a97-4e0c-acc9-84167475244b\n name:\n type: string\n description: |\n The role name.\n example: administrator\n displayName:\n type: string\n description: |\n The role name to display in the UI.\n example: Administrator\n ApplicationRoleV2:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A single application role.\n properties:\n id:\n type: string\n format: uuid\n description: |\n The role ID.\n example: fceece4e-3a97-4e0c-acc9-84167475244b\n name:\n type: string\n description: |\n The role name.\n example: administrator\n description:\n type: string\n description: |\n The role description.\n example: Manages the organization\n default:\n type: boolean\n description: |\n Boolean value that represents if the application role is a default/built-in role\n example: true\n ApplicationRoleUser:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A single user assigned to an application role.\n properties:\n user:\n type: object\n description: |\n The user assigned to the application role.\n properties:\n id:\n type: string\n format: uuid\n description: |\n The user ID.\n example: b898feae-23ef-4cee-b9ad-80679f4f3e3f\n email:\n type: string\n description: |\n The user email address.\n example: janedoe@example.com\n firstName:\n type: string\n description: |\n The user's first name.\n example: Jane\n lastName:\n type: string\n description: |\n The user's last name.\n example: Doe\n role:\n type: object\n description: |\n The application role assigned to the user.\n properties:\n id:\n type: string\n format: uuid\n description: |\n The role ID.\n example: fceece4e-3a97-4e0c-acc9-84167475244b\n application:\n type: object\n description: |\n The application the user is assigned to.\n properties:\n id:\n type: string\n format: uuid\n description: |\n The application ID.\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n SamlIdpCreateRequestBody:\n allOf:\n - type: object\n description: |\n A request to create a SAML IDP provider.\n required:\n - name\n - singleSignOnUrl\n - domain\n - signatureAlgorithm\n - certificate\n properties:\n name:\n type: string\n description: |\n The name of the SAML identity provider. This will be unique per organization.\n example: OKTA SSO\n singleSignOnUrl:\n type: string\n description: |\n Identity provider single sign on url.\n example: https://okta.com/app/sig_pocsaml2sesaml2demo_1/exk1drn5f89OhWUP40h8/sso/saml\n singleLogoutUrl:\n type: string\n description: |\n Identity provider single logout url.\n example: https://okta.com/app/sig_pocsaml2sesaml2demo_1/exk1drn5f89OhWUP40h8/sso/saml\n domain:\n type: string\n description: |\n Domain names of the organization. Comma separated value\n example: example.com,test.com\n signatureAlgorithm:\n type: string\n description: |\n Identity provider signing algorithm.\n example: RSA_SHA256\n certificate:\n type: string\n description: |\n Identity provider certificate.\n enabled:\n type: boolean\n default: true\n description: |\n Indicates whether the identity provider is active or inactive. Default is `true` (active).\n example: true\n disableLocalAuthentication:\n type: boolean\n default: false\n description: |\n Indicates whether the local authentication is enabled or disabled. Default is `false` (enabled).\n example: false\n disableAutoProvision:\n type: boolean\n default: false\n description: |\n Indicates whether the auto provisioning of user is enabled or disabled. Default is `false` (enabled).\n example: false\n SamlIdpRequestBody:\n type: object\n x-stoplight:\n id: d819ad75f1c00\n description: |\n A request to create SAML identity provider.\n properties:\n name:\n type: string\n description: |\n The name of the SAML identity provider. This will be unique per organization.\n example: OKTA SSO\n singleSignOnUrl:\n type: string\n description: |\n Identity provider single sign on url.\n example: https://okta.com/app/sig_pocsaml2sesaml2demo_1/exk1drn5f89OhWUP40h8/sso/saml\n singleLogoutUrl:\n type: string\n description: |\n Identity provider single logout url.\n example: https://okta.com/app/sig_pocsaml2sesaml2demo_1/exk1drn5f89OhWUP40h8/sso/saml\n domain:\n type: string\n description: |\n Domain names of the organization. Comma separated value\n example: com,test.com\n identityProviderIssuer:\n type: string\n description: |\n Identity provider Issuer.\n example: https://polaris.com//auth/realms/SML2\n signatureAlgorithm:\n type: string\n description: |\n Identity provider signing algorithm.\n example: RSA_SHA256\n certificate:\n type: string\n description: |\n Identity provider certificate.\n enabled:\n type: boolean\n default: true\n description: |\n Indicates whether the identity provider is active or inactive. Default is `true` (active).\n example: true\n disableLocalAuthentication:\n type: boolean\n default: false\n description: |\n Indicates whether the local authentication is enabled or disabled. Default is `false` (enabled).\n example: false\n disableAutoProvision:\n type: boolean\n default: false\n description: |\n Indicates whether the auto provisioning of user is enabled or disabled. Default is `false` (enabled).\n example: false\n syncGroups:\n type: boolean\n default: false\n description: |\n Indicates if groups should be synchronized from IDP. If this is true, the syncGroupsConfig field must be provided.\n example: false\n syncGroupsConfig:\n type: object\n description: |\n Configuration for group synchronization.\n properties:\n groupAttributeName:\n type: string\n description: |\n The name of the group membership claim in the SAML response.\n example: members\n groupCollisionConfig:\n type: string\n format: uuid\n description: |\n The ID of the group collision configuration.\n SamlIdpUpdateRequestBody:\n allOf:\n - type: object\n description: |\n A request to update SAML IDP provider.\n properties:\n name:\n type: string\n description: |\n The name of the SAML identity provider. This will be unique per organization.\n example: OKTA SSO\n singleSignOnUrl:\n type: string\n description: |\n Identity provider single sign on url.\n example: https://okta.com/app/sig_pocsaml2sesaml2demo_1/exk1drn5f89OhWUP40h8/sso/saml\n singleLogoutUrl:\n type: string\n description: |\n Identity provider single logout url.\n example: https://okta.com/app/sig_pocsaml2sesaml2demo_1/exk1drn5f89OhWUP40h8/sso/saml\n domain:\n type: string\n description: |\n Domain names of the organization. Comma separated value\n example: example.com,test.com\n signatureAlgorithm:\n type: string\n description: |\n Identity provider signing algorithm.\n example: RSA_SHA256\n certificate:\n type: string\n description: |\n Identity provider certificate.\n enabled:\n type: boolean\n default: true\n description: |\n Indicates whether the identity provider is active or inactive. Default is `true` (active).\n example: true\n disableLocalAuthentication:\n type: boolean\n default: false\n description: |\n Indicates whether the local authentication is enabled or disabled. Default is `false` (enabled).\n example: false\n disableAutoProvision:\n type: boolean\n default: false\n description: |\n Indicates whether the auto provisioning of user is enabled or disabled. Default is `false` (enabled).\n example: false\n SamlIdp:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n Saml identity provider response.\n properties:\n id:\n type: string\n format: uuid\n description: |\n The SAML identity provider ID.\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n name:\n type: string\n description: |\n The name of the SAML identity provider. This will be unique per organization.\n example: OKTA SSO\n singleSignOnUrl:\n type: string\n description: |\n Identity provider single sign on url.\n example: https://okta.com/app/sig_pocsaml2sesaml2demo_1/exk1drn5f89OhWUP40h8/sso/saml\n singleLogoutUrl:\n type: string\n description: |\n Identity provider single logout url.\n example: https://okta.com/app/sig_pocsaml2sesaml2demo_1/exk1drn5f89OhWUP40h8/sso/saml\n domain:\n type: string\n description: |\n Domain names of the organization. Comma separated value\n example: example.com,test.com\n signatureAlgorithm:\n type: string\n description: |\n Identity provider signing algorithm.\n example: RSA_SHA256\n certificate:\n type: string\n description: |\n Identity provider certificate.\n enabled:\n type: boolean\n default: true\n description: |\n Indicates whether the identity provider is active or inactive. Default is `true` (active).\n example: true\n isDefault:\n type: boolean\n default: false\n description: |\n Indicates whether the identity provider is created by default.\n example: false\n disableLocalAuthentication:\n type: boolean\n default: false\n description: |\n Indicates whether the local authentication is enabled or disabled. Default is `false` (enabled).\n example: false\n disableAutoProvision:\n type: boolean\n default: false\n description: |\n Indicates whether the auto provisioning of user is enabled or disabled. Default is `false` (enabled).\n example: false\n SamlIdpResponse:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - $ref: '#/components/schemas/SamlIdpRequestBody'\n - type: object\n properties:\n id:\n type: string\n format: uuid\n description: |\n ID of the SAML identity provider.\n isDefault:\n type: boolean\n default: false\n description: |\n Indicates whether the identity provider is created by default.\n SamlMetadataXmlExample:\n allOf:\n - type: object\n xml:\n name: EntityDescriptor\n properties:\n ID:\n type: string\n description: The unique identifier of the entity.\n xml:\n attribute: true\n example: ID_c693ae52-a1e3-409c-b141-2f9a54aaa79b\n entityID:\n type: string\n description: The unique identifier of the entity.\n xml:\n attribute: true\n example: https://se.altair.com/auth/realms/test\n xmlns:\n type: string\n description: The namespace of the entity.\n xml:\n attribute: true\n example: urn:oasis:names:tc:SAML:2.0:metadata\n SPSSODescriptor:\n type: object\n description: The service provider SAML descriptor.\n properties:\n AuthnRequestsSigned:\n type: boolean\n description: Indicates whether the authentication requests are signed.\n xml:\n attribute: true\n example: true\n WantAssertionsSigned:\n type: boolean\n description: Indicates whether the assertions are signed.\n xml:\n attribute: true\n example: true\n protocolSupportEnumeration:\n type: string\n description: The protocol support enumeration.\n xml:\n attribute: true\n example: urn:oasis:names:tc:SAML:2.0:protocol\n KeyDescriptor:\n type: object\n description: The key descriptor.\n properties:\n use:\n type: string\n description: The use of the key.\n xml:\n attribute: true\n example: signing\n KeyInfo:\n type: object\n description: The key information.\n properties:\n KeyName:\n type: string\n description: The key name.\n example: CdvvTvV1r86EKknlWoiZekvOjx8QHRPTkawd0aLn3ZU\n X509Data:\n type: object\n description: The X509 data.\n properties:\n X509Certificate:\n type: string\n description: The X509 certificate.\n example: >-\n MIIClzCCAX8CBgGNOGr7zjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARDU1AwMB4XDTI0MDEyMzIyMjA1MVoXDTM0MDEyMzIyMjIzMVowDzENMAsGA1UEAwwEQ1NQMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALbbkhIN60yl3uFR5bBXsNn9i5jBQ1MjJnudzuFoL7iOYY94tQqakGa5BJMKR9ZCDUJH01upov2nnF/EXhNpetiI2BpeUMivSJ4/x7Gql+RtQsaeXCL6GpI7kpfliGIi73C33+Zme6nRdTgX9EX3MYPTxslQV0m61VNfCk2R0+uFIHk1ht8mFvMGw1zX9ftyWvgRYiIegMFj2rqDkoGpFC+uTZn4i+/aWChSQ3fH0XeWv5bJ9ugRbbfyix7rzvz2gD+OxaDA57TXW56pGpU0NLYDiUO41FuHhJgA18vfGBZ1sBDJ+ZuNOf7iIrEAFm4D3o4jiA616M35PyN6HafGOskCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAbIIWTBbBEZDaS6XIzBY+hPFDQSisSGK3ckT3XcaBxS8oNe/uvTX8Uw/KA8iIcFFNqx/G2YzqqW4670ZQBsFqUrFJWd1jo5Cpkug7ilNKY9GVA8rlD+TaC9OfRME+ZeQW6UqYFHsQxIHt7YJkX+iYyjbTdAOAK6/RK5xhoFviQYcZshSQdHRuutgfb9iqL8NgZmZgQ7U9wX1e82PbeCVypsPf5SWTANciQfG5Khk4c6A0W4oPL2We/w5VsZo2gVXRmDNgMlGxK4AqF1SHRWeGrtY9mdV5/4Bo/S1MEpYdyFwJZPTy3OSOnUze4sHKhsV0MmhyFZvYZNiNTD7cScBZ1A==\n SingleLogoutService:\n type: object\n description: The single logout service.\n properties:\n Binding:\n type: string\n description: The binding of the single logout service.\n xml:\n attribute: true\n example: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\n Location:\n type: string\n description: The location of the single logout service.\n xml:\n attribute: true\n example: https://se.altair.com/auth/realms/test/broker/sso/endpoint\n NameIDFormat:\n type: string\n description: The name ID format.\n example: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\n AssertionConsumerService:\n type: object\n description: The assertion consumer service.\n properties:\n Binding:\n type: string\n description: The binding of the assertion consumer service.\n xml:\n attribute: true\n example: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\n Location:\n type: string\n description: The location of the assertion consumer service.\n xml:\n attribute: true\n example: https://se.altair.com/auth/realms/test/broker/sso/endpoint\n index:\n type: integer\n description: The index of the assertion consumer service.\n xml:\n attribute: true\n example: 1\n isDefault:\n type: boolean\n description: Indicates whether the assertion consumer service is the default.\n xml:\n attribute: true\n example: true\n AttributeConsumingService:\n type: object\n description: The attribute consuming service.\n properties:\n index:\n type: integer\n description: The index of the attribute consuming service.\n xml:\n attribute: true\n example: 1\n isDefault:\n type: boolean\n description: Indicates whether the attribute consuming service is the default.\n xml:\n attribute: true\n example: true\n RequestedAttribute:\n type: object\n description: The requested attribute.\n properties:\n FriendlyName:\n type: string\n description: The friendly name of the requested attribute.\n xml:\n attribute: true\n example: email\n Name:\n type: string\n description: The name of the requested attribute.\n xml:\n attribute: true\n example: user.email\n NameFormat:\n type: string\n description: The name format of the requested attribute.\n xml:\n attribute: true\n example: urn:oasis:names:tc:SAML:2.0:attrname-format:basic\n SamlSignatureAlgorithm:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n SAML Signature Algorithm response.\n properties:\n name:\n type: string\n description: |\n The name of the SAML signature algorithm.\n example: RSA_SHA256\n SamlGroupCollisionConfigOption:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n SAML group collision config option response.\n properties:\n id:\n type: string\n format: uuid\n description: |\n The id of the SAML group collision config option.\n name:\n type: string\n description: |\n The name of the SAML group collision config option.\n Group:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n Group Response\n properties:\n id:\n type: string\n format: uuid\n description: |\n Group ID\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n name:\n type: string\n description: |\n Group Name\n example: SquadA\n readonly:\n type: boolean\n description: |\n Indicates whether the group is readonly not editable. Groups imported from idp is marked as readonly. Default is `false`.\n example: false\n GroupAppRole:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n Group Response\n properties:\n groupId:\n type: string\n format: uuid\n description: |\n Group ID\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n groupName:\n type: string\n description: |\n Group Name\n example: SquadA\n applicationId:\n type: string\n format: uuid\n description: |\n Application ID\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n applicationName:\n type: string\n description: |\n Application Name\n example: my_application\n roleId:\n type: string\n format: uuid\n description: |\n Role ID\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n roleName:\n type: string\n description: |\n Role Name\n example: Administrator\n GroupUser:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A user that belongs to a given group\n properties:\n id:\n type: string\n format: uuid\n description: |\n User ID\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n UserGroup:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n Group Response\n properties:\n id:\n type: string\n format: uuid\n description: |\n Group ID\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n name:\n type: string\n description: |\n Group Name\n example: SquadA\n readonly:\n type: boolean\n description: |\n Indicates whether the group is readonly not editable. Groups imported from idp is marked as readonly. Default is `false`.\n example: false\n GroupOrgRole:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n properties:\n roleId:\n type: string\n format: uuid\n description: |\n Role ID\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n roleName:\n type: string\n description: |\n Role Name\n example: Application Manager\n ApplicationGroupRoleAssignmentRequestBody:\n allOf:\n - type: object\n description: |\n A request to assign group roles to applications.\n properties:\n assignments:\n type: array\n description: |\n The list of group application role assignments.\n items:\n type: object\n description: |\n The group application role assignment.\n required:\n - groupId\n - roleId\n properties:\n groupId:\n type: string\n format: uuid\n description: |\n The group id.\n example: 0f2e993a-0736-41c5-88f0-e529b11983d6\n roleId:\n type: string\n format: uuid\n description: |\n The role id.\n example: fceece4e-3a97-4e0c-acc9-84167475244b\n GroupCreateRequestBody:\n allOf:\n - type: object\n required:\n - name\n properties:\n name:\n type: string\n description: |\n The group name.\n example: SquadA\n GroupUpdateRequestBody:\n allOf:\n - type: object\n required:\n - name\n properties:\n name:\n type: string\n description: |\n The group name.\n example: SquadA\n GroupUserAssignmentRequestBody:\n allOf:\n - type: array\n items:\n type: object\n required:\n - userId\n properties:\n userId:\n type: string\n format: uuid\n description: |\n The id of user.\n example: 0f2e993a-0736-41c5-88f0-e529b11983d6\n GroupApplicationRoleAssignmentRequestBody:\n allOf:\n - type: object\n properties:\n assignments:\n type: array\n description: |\n The list of group application role assignments.\n items:\n type: object\n description: |\n The group application role assignment.\n required:\n - applicationId\n - roleId\n properties:\n applicationId:\n type: string\n format: uuid\n description: |\n The application id.\n example: 0f2e993a-0736-41c5-88f0-e529b11983d6\n roleId:\n type: string\n format: uuid\n description: |\n The role id.\n example: fceece4e-3a97-4e0c-acc9-84167475244b\n Role:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A single role.\n properties:\n id:\n type: string\n format: uuid\n description: |\n The role id.\n example: fb990429-3876-4744-86f2-21913cb0bd37\n name:\n type: string\n description: |\n The role name.\n example: administrator\n displayName:\n type: string\n description: |\n User-friendly display name for the role.\n example: Application Manager\n isClientRole:\n type: boolean\n description: |\n True if the role is a client-level role, false if it is an organization-level role.\n example: true\n attributes:\n type: object\n description: |\n The custom role attributes. The presence of the polaris=true attribute denotes that the role is a Polaris system role.\n example:\n polaris:\n - 'true'\n UserForRole:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n A single user returned when querying for users assigned a role.\n properties:\n userId:\n type: string\n format: uuid\n description: |\n The user id.\n example: fb990429-3876-4744-86f2-21913cb0bd37\n email:\n type: string\n description: |\n The user's email.\n example: me@example.com\n AssignUserRolesRequestBody:\n allOf:\n - type: object\n description: |\n A request to assign user roles to users. Specified users will be assigned the new role. This endpoint will not remove users from roles but will result in removal of the user's former role.\n properties:\n userIds:\n type: array\n description: List of IDs of users to assign roles to.\n items:\n type: string\n format: uuid\n description: |\n List of IDs of users to assign roles to.\n RemoveRolesRequestBody:\n allOf:\n - type: object\n description: |\n A list of roles to remove from the user.\n properties:\n roles:\n type: array\n description: The roles to remove from the user.\n items:\n type: object\n properties:\n id:\n type: string\n format: uuid\n description: |\n The role ID.\n example: 4dd6a44c-15e9-46a9-9b3e-d3233b731d0c\n AddRolesRequestBody:\n allOf:\n - type: object\n description: |\n A list of roles to assign to the user.\n properties:\n roles:\n type: array\n description: The roles to assign to the user.\n items:\n type: object\n properties:\n id:\n type: string\n format: uuid\n description: |\n The role id.\n example: 4dd6a44c-15e9-46a9-9b3e-d3233b731d0c\n RoleCreateRequestBody:\n allOf:\n - type: object\n required:\n - name\n properties:\n name:\n type: string\n description: |\n The role name.\n example: My Test Role\n description:\n type: string\n description: |\n The role's description.\n example: A role for testing\n RoleUpdateRequestBody:\n allOf:\n - type: object\n required:\n - name\n properties:\n name:\n type: string\n description: |\n The role name.\n example: My Test Role\n description:\n type: string\n description: |\n The role's description.\n example: A role for testing\n RoleV2:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n Application Role Response\n properties:\n id:\n type: string\n format: uuid\n description: |\n Group ID\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n name:\n type: string\n description: |\n Role Name\n example: My Test Role\n description:\n type: string\n description: |\n Role's Description\n example: A role for testing\n default:\n type: boolean\n description: |\n Indicates whether the application role is a default role or not.\n example: false\n PermissionGroup:\n allOf:\n - $ref: '#/components/schemas/User/allOf/0'\n - type: object\n description: |\n Permission Group Response\n properties:\n id:\n type: string\n format: uuid\n description: |\n Group ID\n example: 48f7a3f5-c216-4766-bb80-298c1c929ff5\n name:\n type: string\n description: |\n Permission Group's Name\n example: Manage applications\n category:\n type: string\n description: |\n Permission Group's category\n example: Application\n"