LogoLogo
User GuideDeveloper DocumentationIntegrationsRelease Notes
  • 🏠Veza Documentation
  • ☑️Getting Started
  • 📖Veza Glossary
  • ❓Product FAQ
  • 🛡️Security FAQ
    • Advanced Security FAQ
  • Release Notes
    • 🗒️Release Notes
      • Release Notes: 2025-04-30
      • Release Notes: 2025-04-16
      • Release Notes: 2025-04-02
      • Release Notes: 2025-03-19
      • Archive
        • 2024.9.23
        • 2024.9.16
        • 2024.9.9
        • 2024.9.2
        • 2024.8.26
        • 2024.8.19
        • 2024.8.12
        • 2024.8.5
        • 2024.7.29
        • 2024.7.22
        • 2024.7.15
        • 2024.7.1
        • 2024.6.24
        • 2024.6.17
        • 2024.6.10
        • 2024.6.3
        • 2024.5.27
        • 2024.5.20
        • 2024.5.13
        • 2024.5.6
        • 2024.4.29
        • 2024.4.22
        • 2024.4.15
        • 2024.4.8
        • 2024.4.1
        • 2024.3.25
        • 2024.3.18
        • 2024.3.11
        • 2024.3.4
        • 2024.2.26
        • 2024.2.19
        • 2024.2.12
        • 2024.2.5
        • 2024.1.29
        • 2024.1.22
        • 2024.1.15
        • 2024.1.8
        • 2024.1.1
        • 2023.12.18
        • 2023.12.11
        • 2023.12.4
        • 2023.11.27
        • 2023.11.20
        • 2023.11.13
        • 2023.11.6
        • 2023.10.30
        • 2023.10.23
        • 2023.10.16
        • 2023.10.9
        • 2023.10.2
        • 2023.9.25
        • 2023.9.18
        • 2023.9.11
        • 2023.9.4
        • 2023.8.28
        • 2023.8.21
        • 2023.8.14
        • 2023.8.7
        • 2023.7.31
        • 2023.7.24
        • 2023.7.17
        • 2023.7.10
        • 2023.7.3
        • 2023.6.26
        • 2023.6.19
        • 2023.6.12
        • 2023.6.5
        • 2023.5.29
        • 2023.5.22
        • 2023.5.15
        • 2023.5.8
        • 2023.5.1
        • 2023.4.24
        • 2023.4.17
        • 2023.4.10
        • 2023.4.3
        • 2023.3.27
        • 2023.3.20
        • 2023.3.13
        • 2023.3.6
        • 2023.2.27
        • 2023.2.20
        • 2023.2.13
        • 2023.2.6
        • 2023.1.30
        • 2023.1.23
        • 2023.1.16
        • 2023.1.9
        • 2023.1.2
        • 2022.12.12
        • 2022.12.5
        • 2022.11.28
        • 2022.11.14
        • 2022.11.7
        • 2022.10.31
        • 2022.10.24
        • 2022.10.17
        • 2022.10.1
        • 2022.6.2
        • 2022.6.1
        • 2022.5.1
        • 2022.4.1
        • 2022.3.1
  • Features
    • 🔎Access Visibility
      • Graph
      • Query Builder
      • Saved Queries
      • Filters
      • Query Mode
      • Intermediate Entities
      • Regular Expressions
      • Tags
      • Tagged Entity Search
      • Assumed AWS IAM Roles
      • Veza Query Language
        • Quick Start
        • Syntax
        • VQL API
    • 💡Access Intelligence
      • Overview
      • Dashboards
        • Reports
        • Scheduled Exports of Query Results via a Secure Email Link
      • Risks
      • Analyze
      • Compare
      • Rules and Alerts
      • Entities
      • NHI Identify Classification Logic
      • NHI Secrets
    • 🔏Access Reviews
      • Get Started: Access Reviewers
      • Get Started: Review Operators
      • Access Review Tasks
        • Assign Reviewers
        • Create a Configuration
        • Create a Review
        • Draft Reviews
        • Edit a Configuration
        • Filters and Bulk Actions
        • Manage Access Reviews
        • Using the Reviewer Interface
        • Row Grouping for Access Reviews
        • Schedule an Access Review
      • Access Review Configuration
        • Access Reviews Query Builder
        • Access Reviews Global Settings
        • Configuring a Global Identity Provider
          • Alternate Manager Lookup
        • Customizing Default Columns
        • Email Notifications and Reminders
        • Identity Provider and HRIS Enrichment
        • Managers and Resource Owners
        • Multi-Level Review
        • 1-Step Access Reviews
        • On-Demand Reviews
        • Veza Actions for Access Reviews
        • Review Intelligence Policies
        • Review Presentation Options
        • Reviewer Selection Methods
        • Reviewer Digest Notifications
      • Access Review Scenarios
        • Access Reviews: Active Directory Security Groups
        • Access Reviews: Okta App Assignments
        • Access Reviews: Okta Group Membership
        • Access Reviews: Okta Admin Roles
        • Access Reviews: Azure AD Roles
        • Access Reviews with Saved Queries
        • Source-Only Access Reviews
    • 📊Access Monitoring
    • 🔄Lifecycle Management
      • Implementation and Core Concepts
      • Access Profiles
      • Policies
      • Conditions and Actions
      • Attribute Sync and Transformers
        • Lookup Tables
      • Integrations
        • Active Directory
        • Exchange Server
        • Okta
        • Salesforce
        • Workday
    • ⚖️Separation of Duties (SoD)
      • Managing SoD Risks with Veza
      • Creating SoD Detection Queries
      • Analyzing Separation of Duties Query Results
      • Example Separation of Duties Queries
      • SoD Manager Assignment
      • Access Reviews for SoD
  • Integrations
    • ✨Veza Integrations
      • Adobe Enterprise
      • Amazon Web Services
        • Add Existing AWS Accounts
        • Automatically Add New AWS Accounts
        • AWS DynamoDB
        • AWS KMS
        • AWS RDS MySQL
        • AWS RDS PostgreSQL
        • AWS Redshift
        • Activity Monitoring for AWS
        • Using AWS Secrets Manager for RDS Extraction
        • Notes & Supported Entities
      • Anaplan
      • Atlassian Cloud Products
      • Auth0
      • BambooHR
      • Bitbucket Data Center
      • BlackLine
      • Beeline
      • Boomi
      • Box
      • Bullhorn
      • Cassandra
      • Cisco Duo
      • Clickhouse
      • Concur
      • Confluence Server
      • Confluent
      • Coupa
      • Coupa Contingent Workforce
      • Crowdstrike Falcon
      • CSV Upload
        • CSV Upload Examples
        • CSV Upload Troubleshooting
        • CSV Upload API
      • Databricks (Single Workspace)
      • Databricks (Unity Catalog)
      • Delinea Secret Server
      • Device42
      • DocuSign
      • Dropbox
      • Egnyte
      • Expensify
      • Exchange Online (Microsoft 365)
      • Fastly
      • Google Cloud
        • Check Google Cloud Permissions
        • Notes & Supported Entities
      • Google Drive
      • GitHub
      • GitLab
      • HashiCorp Vault
      • HiBob
      • Hubspot
      • IBM Aspera
      • iManage
      • Ivanti Neurons
      • Jamf Pro
      • Jenkins
      • JFrog Artifactory
      • Jira Data Center
      • Kubernetes
      • LastPass
      • Looker
      • MongoDB
      • Microsoft Active Directory
      • Microsoft Azure
        • Azure SQL Database
        • Azure PostgreSQL Database
        • Microsoft Dynamics 365 CRM
        • Microsoft Dynamics 365 ERP
        • Notes & Supported Entities
      • Microsoft Azure AD
      • Microsoft SharePoint Online
      • Microsoft SharePoint Server
      • Microsoft SQL Server
      • MuleSoft
      • MySQL
      • NetSuite
      • New Relic
      • Okta
        • Okta MFA status
      • OneLogin
      • OpenAI
      • Oracle Cloud Infrastructure
      • Oracle Database
      • Oracle Database (AWS RDS)
      • Oracle E-Business Suite (EBS)
      • Oracle EPM
      • Oracle Fusion Cloud
      • Oracle JD Edwards EnterpriseOne
      • PagerDuty
      • Palo Alto Networks SASE/Prisma Access
      • PingOne
      • PostgreSQL
      • Power BI
      • Privacera
      • PTC Windchill
      • Qualys
      • QNXT
      • Ramp
      • Redis Cloud
      • Rollbar
      • Salesforce
      • Salesforce Commerce Cloud
      • SCIM integration
      • ServiceNow
      • Slack
      • Smartsheet
      • Snowflake
        • Snowflake Native Application
        • Snowflake Masking Policies
        • Exporting Saved Query Results to Snowflake
        • Audit Log Export
        • Event Export
      • Solarwinds
      • Spotio
      • Sumo Logic
      • Tableau Cloud
      • Teleport
      • Terraform
      • ThoughtSpot
      • Trello
      • Trino (PrestoSQL)
      • UKGPro
      • Veza
      • Windows Server
        • Enterprise Deployment
      • Workato
      • Workday
      • YouTrack
      • Zendesk
      • Zip
      • Zoom
      • Zscaler
      • 1Password
    • 🎯Integrations Overview
    • ⚠️Prerequisites and Connectivity
      • Insight Point
        • Deploying an Insight Point using the install script
        • Deploy with AWS EC2
        • Deploy with Virtual Appliance
          • Deploy with Virtual Appliance (Legacy)
        • Deploy with Azure Container Instances
        • Insight Point (Helm Chart)
      • Certificates with OpenSSL
    • ⚙️Configuring Integrations
      • Integrations FAQ
      • Extraction and Discovery Intervals
      • Custom Identity Mappings
      • Limiting Extractions
      • Enrichment Rules
      • ℹ️Running Veza Scripts with Python
  • Administration
    • 🛠️Veza Administration
      • Securing Your Veza Tenant
      • Veza Actions
        • Slack
        • ServiceNow
        • Jira
        • Webhooks
      • Virtual Private Veza
      • System Events
      • Sign-In Settings
        • Single Sign-On with Okta
        • Single Sign-On with Okta (OIDC)
        • Single Sign-On with Microsoft Entra
      • User Management
        • Multi-factor Authentication
        • Team Management
        • Support User Access
  • Developers
    • 🌐Veza APIs
      • Authentication
      • Troubleshooting
      • Pagination
      • Open Authorization API
        • Getting Started
        • Core Concepts
          • Connector Requirements
          • Using OAA Templates
          • Providers, Data Sources, Names and Types
          • Sourcing and Extracting Metadata
          • Naming and Identifying OAA Entities
          • Modeling Users, Permissions, and Roles
          • Custom Properties
          • Tagging with OAA
          • Cross Service IdP Connections
          • Incremental Updates
        • OAA Push API
          • OAA Operations
        • OAA Templates
          • Custom Application
          • Custom Identity Provider
          • Custom HRIS Provider
        • OAA .NET SDK
          • C# OAA Application Connector
        • OAA Python SDK
          • Application Outline
          • oaaclient modules
            • Client
            • Structures
            • Templates
            • Utils
        • Sample Apps
        • Example Connectors
      • Integration APIs
        • Enable/Disable Providers
        • Cloud Platforms and Data Providers
        • Identity Providers
        • Data Sources
        • Sync and Parse Status
      • Query APIs
        • Quick Start
        • Query Builder Terminology
        • Query Builder Parameters
        • Query Builder Results
        • List saved queries
        • Save a query
        • Get a saved query
        • Update a query
        • Delete a query
        • Get query node destinations
        • Get query nodes
        • Get query result
        • Get query spec node destinations
        • Get query spec nodes
        • Get query spec results
        • Private APIs
          • Get Access Relationship
          • Role Existence
          • Role Maintenance
          • Cohort Role Analysis
        • Tags
          • Create, Add, Remove Tag
          • Promoted Tags
      • Access Reviews APIs
        • Workflow Parameters Reference
        • List Workflows
        • List Certifications
        • List Certification Results
        • Update Certification Result
        • Force Update Result
        • Update Webhook Info
        • Get Certification Result
        • Manage Reviewer Deny List
        • Quick Filters
        • Help Page Templates
        • Smart Action Definitions
        • Delegate Reviewers
        • List Reviewer Infos
        • Get Access Graph
        • Automations API
        • Global Settings APIs
      • System Audit Logs
      • System Events
      • Notification Templates
        • Notification Templates API
      • Team and User Management APIs
        • Team API Keys
      • SCIM Provisioning
        • SCIM API Reference
        • SCIM Provisioning with Okta
  • Product Updates
    • 🆕Product Updates
      • Product Update: March'25
      • Product Update: February'25
      • UX Update - Integration Management
      • Product Update: January'25
      • Product Update: December'24
      • Product Update: November'24
      • Product Update: October'24
      • Product Update: September'24
      • Product Update: August'24
      • UX Update: Veza Integrations
      • Product Update: July'24
      • Product Update: June'24
      • Product Update: May'24
      • Product Update: April'24
      • UX Update - Enhanced Reviewer Experience for Veza Access Reviews
      • Product Update: March'24
      • Product Update: February'24
      • Design Update: February'24
      • UX Update - New Navigation Experience
      • UX Update - Access Review Dashboards
      • Building Veza’s Platform and Products
      • Veza Product Update - Jan'24
      • Veza Product Update - 2H 2023
      • Veza Product Update - December'23
      • Veza Product Update - November'23
      • Veza Product Update - October'23
      • Veza Product Update - September'23
      • Veza Product Update - August'23
      • Veza Product Update - July'23
      • Veza Product Update - June'23
      • Veza Product Update - May'23
      • Veza Product Update - April'23
      • Veza Product Update - March'23
      • Veza Product Update - Feb'23
      • Veza Product Update - Jan'23
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Developers
  2. Veza APIs
  3. Access Reviews APIs

Global Settings APIs

API operations for customizing the behavior and functionality of Veza Access Reviews.

PreviousAutomations APINextSystem Audit Logs

Last updated 4 months ago

Was this helpful?

These endpoints can be called by providing a Veza admin user API key. See Authentication to generate a bearer token for use in requests. Note that API operations in the private namespace are subject to change as features are added or modified.

Use these APIs to configure for Veza Access Reviews.

At present, the settings that can be configured by a Veza administrator are:

  • Auto-completion: Automatically complete reviews once all rows have a signed-off decision, or a non-rejected signed-off decision.

  • Completion requirements: Enable review completion at any time, or only when all rows are signed off with a non-rejected decision.

  • Data Source Status Acknowledgement: Require review creators to view and acknowledge the data source status shown at review creation.

  • Overdue Review Expiration: Enable or disable expiration of overdue reviews.

  • Review Expiration Behavior: Reject and sign off incomplete rows when a review expires.

  • Self Review Prevention: Prevent users from being assigned as reviewers for rows that relate to their own access and permissions.

  • Column Customization: Configure default columns which reviewers will see when they open a review.

  • UI Customization: Set whether notes are required when approving or rejecting access.

  • Sort Order: Set the default sort order and sorting column when opening a review.

  • Predefined Decision Notes: Add suggested notes as menu options when reviewers approve or reject rows.

For each endpoint, a GET request returns the current setting, and a PUT request updates the setting. Use your unique Veza URL and API key in your request, for example:

```bash
curl -X PUT 'https://your-organization.vezacloud.com/api/private/workflows/access/global_settings/cert_completion_settings' \
-H 'authorization: Bearer mZ1eqKMACtP...'
-d '{"value": "AUTO_COMPLETE_DISABLED"}

Optionally, you can use the Postman collection linked below to customize Access Reviews global settings:

Review Completion Allowed Settings

Customize the requirements for completing a review.

Example:

{
    "value": "COMPLETION_ALLOWED_ALL_ROWS_HAVE_DECISION"
}

An Admin or Operator user can complete a review by clicking the "Complete Review" button.

Once a review is marked as "completed," it becomes read-only and is no longer visible to reviewers. By default, a review can be completed when all rows have a signed-off decision.

This API allows you to modify this behavior, enabling a review to be completed at any time, or only when all rows are signed off with a non-rejected decision. The latter option is useful if your organization prefers to complete reviews only after all rejected access has been remediated.

Possible values are:

  • COMPLETION_ALLOWED_UNKNOWN = 0

  • COMPLETION_ALLOWED_ALL_ROWS_HAVE_DECISION = 1 (Review can be completed only when all result rows have a decision)

  • COMPLETION_ALLOWED_ANYTIME = 2 (Review can be completed any time)

Get Review Completion Allowed Settings

Set Review Completion Allowed Settings

Review Auto-Complete Settings

Enable or disable the "auto-complete" feature. When auto-complete is enabled, a review will automatically be completed once all rows have a signed-off decision, or a non-rejected signed-off decision, depending on the "Completion Allowed Settings."

Possible values are:

  • AUTO_COMPLETE_UNKNOWN

  • AUTO_COMPLETE_ENABLED

  • AUTO_COMPLETE_DISABLED

Example:

{
    "value": "DATASOURCE_ACKNOWLEDGEMENT_NOT_SHOWN"
}

Get Review Auto-Complete Settings

Set Review Auto-Complete Settings

Self Review Prevention

Enable or disable self-review prevention. When self-review prevention is enabled, users are prevented from being assigned as reviewers for rows that relate to their own access and permissions.

The value can be:

  • SELF_REVIEWER_CHECKING_UNKNOWN = 0

  • SELF_REVIEWER_CHECKING_DISABLED = 1

  • SELF_REVIEWER_CHECKING_ENABLED = 2

{
    "value": "SELF_REVIEWER_CHECKING_DISABLED"
}

Review UI Customizations

By default, when a reviewer approves a row, a "notes" pop-up appears, allowing the user to optionally add a note explaining their decision. When a reviewer rejects a row, the "notes" pop-up appears, and adding a note is required. This API allows you to customize this behavior. For example, you can choose to disable the pop-up when a row is approved and make the notes pop-up optional when a row is rejected.

Additionally, this API can enable the historical "Approve & Signoff" action in the reviewer experience when multiple rows are selected. Note: It is recommended that this feature remains disabled to ensure a more streamlined reviewer experience.

Example:

{
    "value": {
        "diff_dropdown_behavior": "ALWAYS_HIDE_FOR_ACCESS_REVIEWER_ROLE",
        "accept_notes_behavior": "NO_POP_UP",
        "reject_notes_behavior": "POP_UP_REQUIRED",
        "approve_and_sign_off_button_behavior": "SHOW"
    }
}

accept_notes_behavior can be:

  • NOTES_BEHAVIOR_UNKNOWN = 0

  • NO_POP_UP = 1

  • POP_UP_OPTIONAL = 2

  • POP_UP_REQUIRED = 3

reject_notes_behavior can be:

  • NOTES_BEHAVIOR_UNKNOWN = 0

  • NO_POP_UP = 1

  • POP_UP_OPTIONAL = 2

  • POP_UP_REQUIRED = 3

approve_and_sign_off_button_behavior can be:

  • HIDE_OR_SHOW_BEHAVIOR_UNKNOWN = 0

  • SHOW = 1

  • HIDE = 2

Review Column Defaults

This API configures the default columns which reviewers will see when they open a review. If workflow_id is specified then the configuration will only be applied to reviews related to the particular Review Configuration identified by workflow_id.

The valid values to show entity attributes include:

  • source.ATTR

  • destination.ATTR

  • waypoint.ATTR

  • path_summary.ATTR

  • idp.ATTR

Where ATTR is an attribute name such as “id” or “name”.

The following column values are also valid:

  • status

  • abstract_permissions

  • concrete_permissions

  • updated_at

  • notes

  • reviewers

  • decision

  • decision_by

  • decision_by_id

  • decision_by_name

  • decision_by_email

  • decision_at

  • marked_fixed_by_id

  • marked_fixed_by_name

  • marked_fixed_by_email

  • marked_fixed_at

  • signed_off_state

  • signed_off_by_id

  • signed_off_by_name

  • signed_off_by_email

  • signed_off_at

  • notification_status

  • automation_run_ids

  • no_decision_or_decision_by

  • Is_signed_off

Example:

{
  "value": {
    "default_ordered_columns": [
      "source.name",
      "source.department",
      "source.customprop_worker_status",
      "source.tags",
      "path_summary.name",
      "concrete_permissions",
      "destination.name",
      "destination.customprop_display_name",
      "reviewers"
    ]
  },
  "workflow_id": "002063d2-7898-4183-b5fb-1192758fdec7"
}

Review Default Sort Order

Configure the default order in which review rows are displayed. Note: Users can later sort the rows as they prefer.

The order is specified using a SCIM "order by" expression. The default value is source.type asc.

Valid values include:

  • source.ATTR

  • destination.ATTR

  • waypoint.ATTR

  • idp.ATTR

Where ATTR is an attribute name such as “id” or “name”.

Example

{
    "value": {
        "order_by": "destination.name desc"
    }
}

Expire Overdue Reviews

This setting is configurable on the Access Reviews > Settings page. Enable Auto-Expire overdue reviews to automatically expire reviews that aren't completed by the due date.

Enables or disable expiration of overdue reviews. By default, overdue reviews are not expired and remain available to reviewers. When expiration is enabled, the review will be “expired” when it becomes overdue. An expired review is read-only and is not shown to reviewers.

The value can be True or False.

Review Expiration Behavior

This setting is configurable on the Access Reviews > Settings page. Enable Reject incomplete rows to reject and sign off on undecided rows when a review expires.

This API allows you to change the behavior when a review expires (which can be enabled in Review Auto-Complete Settings). Depending on the behavior, incomplete rows can be auto-rejected when the review deadline passes.

Possible values are:

  • DO_NOTHING: No action is made on incomplete rows (default).

  • AUTO_REJECT_INCOMPLETE_RESULTS: Reject and sign-off any results that are incomplete when the review expires.

Review expiration behavior can be configured globally, or for all reviews for a single Review, specified by workflow_id in the request.

Get Review Expiration Behavior

Set Review Expiration Behavior

Data Source Acknowledgement Settings

By default, when a review is created, a user can optionally view the status of the data sources involved in the review. This API allows the behavior to change, requiring that the data source status is shown to the user and acknowledged during review creation.

Possible values are:

  • DATASOURCE_ACKNOWLEDGEMENT_UNKNOWN = 0

  • DATASOURCE_ACKNOWLEDGEMENT_NOT_SHOWN = 1

  • DATASOURCE_ACKNOWLEDGEMENT_REQUIRED = 2

Predefined Decision Notes

Configure predefined notes as menu options when reviewers approve or reject rows. This feature can be configured globally for all reviews or specifically for individual review configurations. When configured for a specific review configuration (using workflow_id), those settings override any global predefined notes.

The predefined notes appear as selectable options in the notes dialog when making decisions, suggesting standardized responses alongside free-form text entry.

Example request body:

{
    "value": {
        "reject_notes": [
            "Rotate now",
            "Delete secret"
        ],
        "accept_notes": []
    },
    "workflow_id": "8ae1c414-3a76-46cb-950a-925316b3f264"  // Optional
}

The request body accepts:

  • reject_notes: Array of predefined note options shown when rejecting rows

  • accept_notes: Array of predefined note options shown when approving rows

  • workflow_id: (Optional) Specific review configuration ID to override global settings

Get Predefined Notes Settings

Retrieve the current predefined notes settings. Include the optional workflow_id query parameter to get settings for a specific review configuration.

Global Settings Request:

curl -L 'https://your-organization.vezacloud.com/api/private/workflows/access/global_settings/predefined_decision_notes' \
-H 'Authorization: Bearer YOUR_API_KEY'

Configuration-Specific Request:

curl -L 'https://your-organization.vezacloud.com/api/private/workflows/access/global_settings/predefined_decision_notes?workflow_id=8ae1c414-3a76-46cb-950a-925316b3f264' \
-H 'Authorization: Bearer YOUR_API_KEY'

Example response:

{
    "value": {
        "reject_notes": [
            "Rotate now",u
            "Delete secret"
        ],
        "accept_notes": []
    }
}

Set Predefined Notes Settings

Update the predefined notes settings globally or for a specific review configuration.

Configuration-Specific Request:

curl -L -X PUT 'https://your-organization.vezacloud.com/api/private/workflows/access/global_settings/predefined_decision_notes' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer YOUR_API_KEY' \
-d '{
    "value": {
        "reject_notes": [
            "Rotate now",
            "Delete secret"
        ],
        "accept_notes": []
    },
    "workflow_id": "8ae1c414-3a76-46cb-950a-925316b3f264"
}'
🌐
global settings
46KB
access-reviews-global-settings.postman_collection.json

Get Completion Allowed Settings

get
Authorizations
Header parameters
AcceptstringOptionalExample: application/json
Responses
200
OK
application/json
Responseobject
get
GET /api/private/workflows/access/global_settings/cert_completion_settings HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
200

OK

{
  "value": "COMPLETION_ALLOWED_ALL_ROWS_HAVE_DECISION"
}

Get Auto-Complete Settings

get
Authorizations
Header parameters
AcceptstringOptionalExample: application/json
Responses
200
OK
application/json
Responseobject
get
GET /api/private/workflows/access/global_settings/cert_auto_complete_settings HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
200

OK

{
  "value": "AUTO_COMPLETE_DISABLED"
}

Get Self-Reviewer Settings

get
Authorizations
Header parameters
AcceptstringOptionalExample: application/json
Responses
200
OK
application/json
Responseobject
get
GET /api/private/workflows/access/global_settings/self_reviewer_settings HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
200

OK

{
  "value": "SELF_REVIEWER_CHECKING_DISABLED"
}

Get Review Customization Settings

get
Authorizations
Header parameters
AcceptstringOptionalExample: application/json
Responses
200
OK
application/json
Responseobject
get
GET /api/private/workflows/access/global_settings/ui_customization_settings HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
200

OK

{
  "value": {
    "diff_dropdown_behavior": "ALWAYS_HIDE_FOR_ACCESS_REVIEWER_ROLE",
    "accept_notes_behavior": "NO_POP_UP",
    "reject_notes_behavior": "POP_UP_REQUIRED",
    "approve_and_sign_off_button_behavior": "SHOW"
  }
}

Get Review Columns

get
Authorizations
Header parameters
AcceptstringOptionalExample: application/json
Responses
200
OK
application/json
Responseobject
get
GET /api/private/workflows/access/global_settings/ui_column_settings HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
200

OK

{
  "value": {
    "default_ordered_columns": [
      "source.name",
      "source.identity_unique_id",
      "concrete_permissions",
      "idp.on_premises_distinguished_name",
      "idp.name",
      "destination.name",
      "destination.type",
      "reviewers",
      "notes",
      "decision_by",
      "decision_at",
      "notification_status",
      "automation_run_ids"
    ]
  }
}

Get All Column Customizations

get
Authorizations
Header parameters
AcceptstringOptionalExample: application/json
Responses
200
OK
application/json
Responseobject
500
Internal Server Error
application/json
get
GET /api/private/workflows/access/global_settings/ui_column_settings:list_all HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
{
  "global_settings": {
    "default_ordered_columns": [
      "source.name",
      "source.identity_unique_id",
      "concrete_permissions",
      "idp.on_premises_distinguished_name",
      "idp.name",
      "destination.name",
      "destination.type",
      "reviewers",
      "notes",
      "decision_by",
      "decision_at",
      "notification_status",
      "automation_run_ids"
    ]
  },
  "workflow_settings": [
    {
      "workflow_id": "002063d2-7898-4183-b5fb-1192758fdec7",
      "settings": {
        "default_ordered_columns": [
          "source.name",
          "source.department",
          "source.customprop_worker_status",
          "source.tags",
          "path_summary.name",
          "concrete_permissions",
          "destination.name",
          "destination.type",
          "destination.customprop_display_name",
          "reviewers",
          "notes"
        ]
      }
    },
    {
      "workflow_id": "84459ad9-3976-4f21-9d56-fa9c0694a8a7",
      "settings": {
        "default_ordered_columns": [
          "source.aws_userid",
          "source.name",
          "source.identity_unique_id",
          "concrete_permissions",
          "destination.name",
          "destination.type",
          "reviewers",
          "notes",
          "decision_by",
          "decision_at",
          "notification_status",
          "automation_run_ids"
        ]
      }
    }
  ]
}

Get Review Sort Settings

get
Authorizations
Header parameters
AcceptstringOptionalExample: application/json
Responses
200
OK
application/json
Responseobject
get
GET /api/private/workflows/access/global_settings/view_sort_settings HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
200

OK

{
  "value": {
    "order_by": "source.type asc"
  }
}

Get Expire Overdue Certifications Setting

get
Authorizations
Header parameters
AcceptstringOptionalExample: application/json
Responses
200
OK
application/json
Responseobject
get
GET /api/private/workflows/access/global_settings/expire_overdue_certifications HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
200

OK

{
  "value": false
}

Get Review Expiration Settings

get
Authorizations
Query parameters
workflow_idstringOptionalExample: <string>
Header parameters
AcceptstringOptionalExample: application/json
Responses
200
OK
application/json
Responseobject
get
GET /api/private/workflows/access/global_settings/review_expiration_behavior HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
200

OK

{
  "value": "DO_NOTHING"
}

Get Data Source Acknowledgement Settings

get
Authorizations
Header parameters
AcceptstringOptionalExample: application/json
Responses
200
OK
application/json
Responseobject
get
GET /api/private/workflows/access/global_settings/datasource_acknowledgement HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*
200

OK

{
  "value": "DATASOURCE_ACKNOWLEDGEMENT_REQUIRED"
}
  • Review Completion Allowed Settings
  • GETGet Completion Allowed Settings
  • PUTSet Certification Completion Allowed Settings
  • Review Auto-Complete Settings
  • GETGet Auto-Complete Settings
  • PUTSet Auto-Complete Settings
  • Self Review Prevention
  • GETGet Self-Reviewer Settings
  • PUTSet Self-Reviewer Settings
  • Review UI Customizations
  • GETGet Review Customization Settings
  • PUTSet Review Customization Settings
  • Review Column Defaults
  • GETGet Review Columns
  • PUTSet Review Columns
  • GETGet All Column Customizations
  • Review Default Sort Order
  • GETGet Review Sort Settings
  • PUTSet Review Sort Settings
  • Expire Overdue Reviews
  • GETGet Expire Overdue Certifications Setting
  • PUTSet Expire Overdue Certifications Setting
  • Review Expiration Behavior
  • GETGet Review Expiration Settings
  • PUTSet Review Expiration Settings
  • Data Source Acknowledgement Settings
  • GETGet Data Source Acknowledgement Settings
  • PUTSet Data Source Acknowledgement Settings
  • Predefined Decision Notes

Set Certification Completion Allowed Settings

put
Authorizations
Header parameters
Content-TypestringOptionalExample: application/json
AcceptstringOptionalExample: application/json
Body
objectOptionalExample: {"value":"<integer>"}
Responses
200
OK
application/json
Responseobject
put
PUT /api/private/workflows/access/global_settings/cert_completion_settings HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 21

{
  "value": "<integer>"
}
200

OK

{
  "value": "COMPLETION_ALLOWED_ALL_ROWS_HAVE_DECISION"
}

Set Auto-Complete Settings

put
Authorizations
Header parameters
Content-TypestringOptionalExample: application/json
AcceptstringOptionalExample: application/json
Body
objectOptionalExample: {"value":"<integer>"}
Responses
200
OK
application/json
Responseobject
put
PUT /api/private/workflows/access/global_settings/cert_auto_complete_settings HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 21

{
  "value": "<integer>"
}
200

OK

{
  "value": "AUTO_COMPLETE_DISABLED"
}

Set Self-Reviewer Settings

put
Authorizations
Header parameters
Content-TypestringOptionalExample: application/json
AcceptstringOptionalExample: application/json
Body
objectOptionalExample: {"value":"<integer>"}
Responses
200
OK
application/json
Responseobject
put
PUT /api/private/workflows/access/global_settings/self_reviewer_settings HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 21

{
  "value": "<integer>"
}
200

OK

{
  "value": "SELF_REVIEWER_CHECKING_DISABLED"
}

Set Review Customization Settings

put
Authorizations
Header parameters
Content-TypestringOptionalExample: application/json
AcceptstringOptionalExample: application/json
Body
objectOptionalExample: {"value":{"diff_dropdown_behavior":"<integer>","accept_notes_behavior":"<integer>","reject_notes_behavior":"<integer>","approve_and_sign_off_button_behavior":"<integer>"}}
Responses
200
OK
application/json
Responseobject
put
PUT /api/private/workflows/access/global_settings/ui_customization_settings HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 171

{
  "value": {
    "diff_dropdown_behavior": "<integer>",
    "accept_notes_behavior": "<integer>",
    "reject_notes_behavior": "<integer>",
    "approve_and_sign_off_button_behavior": "<integer>"
  }
}
200

OK

{
  "value": {
    "diff_dropdown_behavior": "ALWAYS_HIDE_FOR_ACCESS_REVIEWER_ROLE",
    "accept_notes_behavior": "NO_POP_UP",
    "reject_notes_behavior": "POP_UP_REQUIRED",
    "approve_and_sign_off_button_behavior": "SHOW"
  }
}

Set Review Columns

put
Authorizations
Header parameters
Content-TypestringOptionalExample: application/json
AcceptstringOptionalExample: application/json
Body
objectOptionalExample: {"value":{"default_ordered_columns":["source.name","source.identity_unique_id","concrete_permissions","idp.on_premises_distinguished_name","idp.name","destination.name","destination.type","reviewers","notes","decision_by","decision_at","notification_status","automation_run_ids"]}}
Responses
200
OK
application/json
Responseobject
put
PUT /api/private/workflows/access/global_settings/ui_column_settings HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 281

{
  "value": {
    "default_ordered_columns": [
      "source.name",
      "source.identity_unique_id",
      "concrete_permissions",
      "idp.on_premises_distinguished_name",
      "idp.name",
      "destination.name",
      "destination.type",
      "reviewers",
      "notes",
      "decision_by",
      "decision_at",
      "notification_status",
      "automation_run_ids"
    ]
  }
}
200

OK

{
  "value": {
    "default_ordered_columns": [
      "source.name",
      "source.identity_unique_id",
      "concrete_permissions",
      "idp.on_premises_distinguished_name",
      "idp.name",
      "destination.name",
      "destination.type",
      "reviewers",
      "notes",
      "decision_by",
      "decision_at",
      "notification_status",
      "automation_run_ids"
    ]
  }
}

Set Review Sort Settings

put
Authorizations
Header parameters
Content-TypestringOptionalExample: application/json
AcceptstringOptionalExample: application/json
Body
objectOptionalExample: {"value":{"order_by":"<string>"}}
Responses
200
OK
application/json
Responseobject
put
PUT /api/private/workflows/access/global_settings/view_sort_settings HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 33

{
  "value": {
    "order_by": "<string>"
  }
}
200

OK

{
  "value": {
    "order_by": "source.type asc"
  }
}

Set Expire Overdue Certifications Setting

put
Authorizations
Header parameters
Content-TypestringOptionalExample: application/json
AcceptstringOptionalExample: application/json
Body
objectOptionalExample: {"value":"<boolean>"}
Responses
200
OK
application/json
Responseobject
put
PUT /api/private/workflows/access/global_settings/expire_overdue_certifications HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 21

{
  "value": "<boolean>"
}
200

OK

{
  "value": false
}

Set Review Expiration Settings

put
Authorizations
Header parameters
Content-TypestringOptionalExample: application/json
AcceptstringOptionalExample: application/json
Body
objectOptionalExample: {"value":"<integer>","workflow_id":"<string>"}
Responses
200
OK
application/json
Responseobject
put
PUT /api/private/workflows/access/global_settings/review_expiration_behavior HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 46

{
  "value": "<integer>",
  "workflow_id": "<string>"
}
200

OK

{
  "value": "AUTO_REJECT_INCOMPLETE_RESULTS"
}

Set Data Source Acknowledgement Settings

put
Authorizations
Header parameters
Content-TypestringOptionalExample: application/json
AcceptstringOptionalExample: application/json
Body
objectOptionalExample: {"value":"<integer>"}
Responses
200
OK
application/json
Responseobject
put
PUT /api/private/workflows/access/global_settings/datasource_acknowledgement HTTP/1.1
Host: {{baseurl}}
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 21

{
  "value": "<integer>"
}
200

OK

{
  "value": "DATASOURCE_ACKNOWLEDGEMENT_REQUIRED"
}