Run Dry Run on Identity

Execute a policy dry run against a specific identity to preview actions without performing them

Endpoint

POST /api/private/lifecycle_management/policies/{policy_id}/identities/{identity_id}:dry_run

Description

Execute a policy dry run against a specific identity to preview what actions would be taken without actually performing them. This is essential for testing policy configurations, validating conditions, and understanding policy behavior before activation.

Use this endpoint to:

Test new policies before activating them
Validate policy changes against specific users
Debug why policies are or aren't executing for certain identities
Demonstrate policy behavior to stakeholders
Ensure policy changes won't have unintended consequences

Dry runs are read-only operations that simulate policy execution without making any actual changes to user access or system state.

Authentication Required

This endpoint requires a valid Veza API key for authentication.

See Authentication for more about creating and managing API keys.

All requests must include the API key as a Bearer token in the Authorization header.

Example:

curl -X GET "$BASE_URL/api/preview/keys" \
  -H "authorization: Bearer $VEZA_TOKEN"

API Reference

post

Authorizations

Path parameters

policy_idstringRequired

idstringRequired

Body

policy_idstringOptional

idstringOptional

version_numberinteger · int32Optional

stateinteger · enumOptional

Responses

200

application/json

default

Default error response

application/json

post

POST /api/private/lifecycle_management/policies/{policy_id}/identities/{id}:dry_run HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 61

{
  "policy_id": "text",
  "id": "text",
  "version_number": 1,
  "state": 1
}

{
  "workflows_matched": [
    "text"
  ],
  "job_requests": [
    {
      "job_id": "text",
      "data_source": {
        "id": "text",
        "external_id": "text",
        "agent_type": "text",
        "data_provider_id": "text",
        "data_source_config": {
          "@type": "text",
          "ANY_ADDITIONAL_PROPERTY": "anything"
        },
        "data_provider_type": 1,
        "data_provider_secret_refs": [
          {
            "id": "text",
            "secret_id": "text",
            "vault_id": "text",
            "vault": {
              "id": "text",
              "name": "text",
              "vault_provider": "text",
              "insight_point_id": "text",
              "deleted": true
            }
          }
        ]
      },
      "input_entities": [
        {
          "table": "text",
          "primary_key": [
            "text"
          ],
          "constraints": [
            {
              "type": 1,
              "field_names": [
                "text"
              ]
            }
          ]
        }
      ],
      "action_type": 1,
      "action_config": {
        "@type": "text",
        "ANY_ADDITIONAL_PROPERTY": "anything"
      },
      "action_job_id": "text",
      "action_name": "text",
      "identity_id": "text",
      "stop_on_error": true,
      "ttl": "text"
    }
  ],
  "messages": [
    "text"
  ],
  "access_profile_ids": [
    "text"
  ],
  "job_request_workflow_names": {
    "ANY_ADDITIONAL_PROPERTY": "text"
  }
}

Request Examples

curl -X POST "https://your-tenant.vezacloud.com/api/private/lifecycle_management/policies/policy-123e4567-e89b-12d3-a456-426614174000/identities/identity-456:dry_run" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "policy_id": "policy-123e4567-e89b-12d3-a456-426614174000",
    "id": "identity-456",
    "version_number": 2,
    "state": "NEW"
  }'

Response

post

Authorizations

Path parameters

policy_idstringRequired

idstringRequired

Body

policy_idstringOptional

idstringOptional

version_numberinteger · int32Optional

stateinteger · enumOptional

Responses

200

application/json

default

Default error response

application/json

post

POST /api/private/lifecycle_management/policies/{policy_id}/identities/{id}:dry_run HTTP/1.1
Host: your-tenant.cookiecloud.ai
Authorization: Bearer JWT
Content-Type: application/json
Accept: */*
Content-Length: 61

{
  "policy_id": "text",
  "id": "text",
  "version_number": 1,
  "state": 1
}

{
  "workflows_matched": [
    "text"
  ],
  "job_requests": [
    {
      "job_id": "text",
      "data_source": {
        "id": "text",
        "external_id": "text",
        "agent_type": "text",
        "data_provider_id": "text",
        "data_source_config": {
          "@type": "text",
          "ANY_ADDITIONAL_PROPERTY": "anything"
        },
        "data_provider_type": 1,
        "data_provider_secret_refs": [
          {
            "id": "text",
            "secret_id": "text",
            "vault_id": "text",
            "vault": {
              "id": "text",
              "name": "text",
              "vault_provider": "text",
              "insight_point_id": "text",
              "deleted": true
            }
          }
        ]
      },
      "input_entities": [
        {
          "table": "text",
          "primary_key": [
            "text"
          ],
          "constraints": [
            {
              "type": 1,
              "field_names": [
                "text"
              ]
            }
          ]
        }
      ],
      "action_type": 1,
      "action_config": {
        "@type": "text",
        "ANY_ADDITIONAL_PROPERTY": "anything"
      },
      "action_job_id": "text",
      "action_name": "text",
      "identity_id": "text",
      "stop_on_error": true,
      "ttl": "text"
    }
  ],
  "messages": [
    "text"
  ],
  "access_profile_ids": [
    "text"
  ],
  "job_request_workflow_names": {
    "ANY_ADDITIONAL_PROPERTY": "text"
  }
}

Example Response

Dry Run Response

This example shows a more detailed response including job requests and workflow matching:

{
  "workflows_matched": [
    "Active Employees"
  ],
  "access_profile_ids": [
    "3a2371b6-95ec-4d9e-b95c-d75d51daa39b",
    "ead4616a-7f0e-45ad-a721-375320e15cfd"
  ],
  "job_requests": [
    {
      "job_id": "fd7624af-cc5f-4b7e-87ef-e21fa9868d87",
      "data_source": {
        "id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa",
        "name": "Workday HRIS",
        "type": "workday"
      },
      "input_entities": [
        {
          "entity_id": "employee_12345",
          "entity_type": "WorkdayWorker",
          "attributes": {
            "employment_status": "ACTIVE",
            "work_location": "US",
            "department": "Sales",
            "manager": true
          }
        }
      ],
      "action_type": "SYNC_IDENTITIES",
      "action_config": {
        "@type": "type.googleapis.com/lifecyclemanagement.v1.SyncIdentitiesJobConfig",
        "attributes_to_sync": {
          "email": "work_email",
          "name": "full_name",
          "department": "department_name"
        },
        "create_allowed": true,
        "continuous_sync_allowed": true,
        "attributes_not_to_continuous_sync": ["manager_approval_date"]
      },
      "action_job_id": "d55fda69-0720-4742-a963-f22bd8fd1b57",
      "action_name": "SyncADIdentities"
    },
    {
      "job_id": "f6b68999-43d8-49ae-8027-94e8985eafd8",
      "data_source": {
        "id": "ad-connector-001",
        "name": "Active Directory",
        "type": "active_directory"
      },
      "input_entities": [
        {
          "entity_id": "employee_12345",
          "entity_type": "ActiveDirectoryUser"
        }
      ],
      "action_type": "MANAGE_RELATIONSHIPS",
      "action_config": {
        "@type": "type.googleapis.com/lifecyclemanagement.v1.ManageRelationshipsJobConfig",
        "relationships_to_create": [
          {
            "entity_type": "ActiveDirectoryGroup",
            "entity_id": "366db2d0-6c4e-47fe-9c57-1a8dc4916da4"
          },
          {
            "entity_type": "ActiveDirectoryGroup",
            "entity_id": "cbb024a6-e227-4aaf-b893-f61478d45f8a"
          }
        ]
      },
      "action_job_id": "09b61164-d50f-4dbe-bcfc-bfff31530438",
      "action_name": "UsActiveDirectoryGroups"
    }
  ],
  "messages": [
    "Policy would execute for identity with email: [email protected]",
    "2 job requests generated",
    "Access profiles affected: 2"
  ]
}

Response Fields

Field

Description

workflows_matched

Array of workflow names that matched the dry run criteria

job_requests

Array of job request objects that would be created

messages

Array of informational messages about the dry run execution

access_profile_ids

Array of access profile IDs that were found in the dry run

PreviousAdd Action to Policy Configuration NextSCIM Provisioning

Last updated 2 days ago

Was this helpful?

POST /api/private/lifecycle_management/policies/{policy_id}/identities/{id}:dry_run HTTP/1.1 Host: your-tenant.cookiecloud.ai Authorization: Bearer JWT Content-Type: application/json Accept: */* Content-Length: 61 { "policy_id": "text", "id": "text", "version_number": 1, "state": 1 }

{ "workflows_matched": [ "text" ], "job_requests": [ { "job_id": "text", "data_source": { "id": "text", "external_id": "text", "agent_type": "text", "data_provider_id": "text", "data_source_config": { "@type": "text", "ANY_ADDITIONAL_PROPERTY": "anything" }, "data_provider_type": 1, "data_provider_secret_refs": [ { "id": "text", "secret_id": "text", "vault_id": "text", "vault": { "id": "text", "name": "text", "vault_provider": "text", "insight_point_id": "text", "deleted": true } } ] }, "input_entities": [ { "table": "text", "primary_key": [ "text" ], "constraints": [ { "type": 1, "field_names": [ "text" ] } ] } ], "action_type": 1, "action_config": { "@type": "text", "ANY_ADDITIONAL_PROPERTY": "anything" }, "action_job_id": "text", "action_name": "text", "identity_id": "text", "stop_on_error": true, "ttl": "text" } ], "messages": [ "text" ], "access_profile_ids": [ "text" ], "job_request_workflow_names": { "ANY_ADDITIONAL_PROPERTY": "text" } }

curl -X POST "https://your-tenant.vezacloud.com/api/private/lifecycle_management/policies/policy-123e4567-e89b-12d3-a456-426614174000/identities/identity-456:dry_run" \ -H "Authorization: Bearer YOUR_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "policy_id": "policy-123e4567-e89b-12d3-a456-426614174000", "id": "identity-456", "version_number": 2, "state": "NEW" }'

{ "workflows_matched": [ "Active Employees" ], "access_profile_ids": [ "3a2371b6-95ec-4d9e-b95c-d75d51daa39b", "ead4616a-7f0e-45ad-a721-375320e15cfd" ], "job_requests": [ { "job_id": "fd7624af-cc5f-4b7e-87ef-e21fa9868d87", "data_source": { "id": "549a4b5e-0328-4c87-a19d-ee8a2926d1aa", "name": "Workday HRIS", "type": "workday" }, "input_entities": [ { "entity_id": "employee_12345", "entity_type": "WorkdayWorker", "attributes": { "employment_status": "ACTIVE", "work_location": "US", "department": "Sales", "manager": true } } ], "action_type": "SYNC_IDENTITIES", "action_config": { "@type": "type.googleapis.com/lifecyclemanagement.v1.SyncIdentitiesJobConfig", "attributes_to_sync": { "email": "work_email", "name": "full_name", "department": "department_name" }, "create_allowed": true, "continuous_sync_allowed": true, "attributes_not_to_continuous_sync": ["manager_approval_date"] }, "action_job_id": "d55fda69-0720-4742-a963-f22bd8fd1b57", "action_name": "SyncADIdentities" }, { "job_id": "f6b68999-43d8-49ae-8027-94e8985eafd8", "data_source": { "id": "ad-connector-001", "name": "Active Directory", "type": "active_directory" }, "input_entities": [ { "entity_id": "employee_12345", "entity_type": "ActiveDirectoryUser" } ], "action_type": "MANAGE_RELATIONSHIPS", "action_config": { "@type": "type.googleapis.com/lifecyclemanagement.v1.ManageRelationshipsJobConfig", "relationships_to_create": [ { "entity_type": "ActiveDirectoryGroup", "entity_id": "366db2d0-6c4e-47fe-9c57-1a8dc4916da4" }, { "entity_type": "ActiveDirectoryGroup", "entity_id": "cbb024a6-e227-4aaf-b893-f61478d45f8a" } ] }, "action_job_id": "09b61164-d50f-4dbe-bcfc-bfff31530438", "action_name": "UsActiveDirectoryGroups" } ], "messages": [ "Policy would execute for identity with email: [email protected]", "2 job requests generated", "Access profiles affected: 2" ] }