Update Certification Result
Add decisions and notes to a certification result
Last updated
Was this helpful?
Add decisions and notes to a certification result
Last updated
Was this helpful?
Was this helpful?
Apply a decision, note, sign-off, or reviewer change to a numbered certification result.
Each row of the certification results can be annotated, marked as ACCEPTED, or REJECTED, signed-off, or assigned to a different reviewer.
PUT
{{base_url}}/api/preview/awf/certifications/{certification_id}/results
cert_id
string
path
id of the certification to update
value
object
body
Mutable fields to update
value must include the result_id and any mutable fields to update:
result_id
int
Y
certification result number to update
decision
enum
N
The decision to apply to the result
notes
string
N
Send an empty string " " to clear the current note
signed_off_state
string
N
Can be: NOT_SIGNED_OFF, SIGNED_OFF
Valid decisions are:
NONE // No decision has been made
ACCEPTED // The access described in the result row is acceptable
REJECTED // The access described in the result row isn't correct
FIXED // The access was rejected but has been fixed
Adding a note overwrites the previous value. Historical notes are included in the action log when Listing Certification Results. When viewing the row in the UI, only the most recent note is shown.
reviewersA result’s reviewer can be reassigned by updating the reviewers field with a list of one or more Access Workflow User objects:
user_type
string
Y
Must be the same user_type as configured for the primary workflows Identity Provider. Typical values are OktaUser, CustomIDPUser, or AzureADUser.
id
string
Y
The user_identity_property set when configuring the workflows IdP is used to validate a Workflow Reviewer's identity. For an Okta user, this would be an id such as 00upa6s0hSGtl1eGL5d5. For a Custom IdP user, this will typically be the IdP users identity set within the OAA payload.
email
string
Y
Must match the email property on the local user or graph node.
name
string
Y
Must match the name property on the local user or graph node.
curl -X PUT '{{baseurl}}/api/preview/awf/certifications/{{cert_id}}/results' \
-H 'authorization: Bearer ' $TOKEN \
--data-raw '{"value": {"result_id": 0,"reviewers": [{"user_type": "CustomIDPUser", "id": "125", "email": "[email protected]", "name": "Valid Reviewer"}]}}'Note that all fields are required when assigning a reviewer. As of the current release, there is no customer-facing API to get local user ids. For this reason, API-based reviewer reassignment is recommended only when a graph IdP is configured as the Global Workflows IdP, and you can programmatically retrieve required identifiers such as user "name," "id," and "email."
curl -X PUT '{{baseurl}}/api/preview/awf/certifications/f9123002-f056-491f-978f-f203bc9885ed/results' \
-H 'authorization: Bearer '$token \
--data-raw '{
"value": {
"result_id": 0,
"decision": "REJECTED",
"notes": "Over-privileged"
}
}'curl -X PUT '{{baseurl}}/api/preview/awf/certifications/{{cert_id}}/results' \
-H 'authorization: Bearer ' $TOKEN \
--data-raw '{"value": {"result_id": 0,"reviewers": [{"user_type": "CustomIDPUser", "id": "125", "email": "[email protected]", "name": "Valid Reviewer"}]}}'curl -X PUT '{{baseurl}}/api/preview/awf/certifications/{{cert_id}}/results' \
-H 'authorization: Bearer ' $TOKEN \
--data-raw '{"value": {"result_id": 0,"reviewers": [{"user_type": "localCookieUser", "id": "0ffcfbc7-6339-4aed-afa4-ff3bea505485", "email": "[email protected]", "name": "demo-auth0"}]}}'A successful response will be empty: {}.