Release Notes

Update Certification Result

Add decisions and notes to a certification result

Apply a decision, note, sign-off, or reviewer change to a numbered certification result.

Each row of the certification results can be annotated, marked as ACCEPTED, or REJECTED, signed-off, or assigned to a different reviewer.

Method
syntax

PUT

{{base_url}}/api/preview/awf/certifications/{certification_id}/results

Parameters

Name
Type
In
Description

cert_id

string

path

id of the certification to update

value

object

body

Mutable fields to update

value must include the result_id and any mutable fields to update:

Name
Type
Req.
Description

result_id

int

Y

certification result number to update

decision

enum

N

The decision to apply to the result

notes

string

N

Send an empty string " " to clear the current note

signed_off_state

string

N

Can be: NOT_SIGNED_OFF, SIGNED_OFF

reviewers

Reviewersarray

N

Contains Workflow User details for assigned reviewers

Valid decisions are:

  • NONE // No decision has been made

  • ACCEPTED // The access described in the result row is acceptable

  • REJECTED // The access described in the result row isn't correct

  • FIXED // The access was rejected but has been fixed

Adding a note overwrites the previous value. Historical notes are included in the action log when Listing Certification Results. When viewing the row in the UI, only the most recent note is shown.

Re-assigning reviewers

A result’s reviewer can be reassigned by updating the reviewers field with a list of one or more Access Workflow User objects:

Name
Type
Req.
Description

user_type

string

Y

Must be the same user_type as configured for the primary workflows Identity Provider. Typical values are OktaUser, CustomIDPUser, or AzureADUser.

id

string

Y

The user_identity_property set when configuring the workflows IdP is used to validate a Workflow Reviewer's identity. For an Okta user, this would be an id such as 00upa6s0hSGtl1eGL5d5. For a Custom IdP user, this will typically be the IdP users identity set within the OAA payload.

email

string

Y

Must match the email property on the local user or graph node.

name

string

Y

Must match the name property on the local user or graph node.

curl -X PUT '{{baseurl}}/api/preview/awf/certifications/{{cert_id}}/results' \
-H 'authorization: Bearer ' $TOKEN \
 --data-raw '{"value": {"result_id": 0,"reviewers": [{"user_type": "CustomIDPUser", "id": "125", "email": "[email protected]", "name": "Valid Reviewer"}]}}'

Note that all fields are required when assigning a reviewer. As of the current release, there is no customer-facing API to get local user ids. For this reason, API-based reviewer reassignment is recommended only when a graph IdP is configured as the Global Workflows IdP, and you can programmatically retrieve required identifiers such as user "name," "id," and "email."

Examples

Reject with note

curl -X PUT '{{baseurl}}/api/preview/awf/certifications/f9123002-f056-491f-978f-f203bc9885ed/results' \
  -H 'authorization: Bearer '$token \
  --data-raw '{
  "value": {
    "result_id": 0,
    "decision": "REJECTED",
    "notes": "Over-privileged"
  }
}'

Change the reviewer to a Custom IdP user

curl -X PUT '{{baseurl}}/api/preview/awf/certifications/{{cert_id}}/results' \
-H 'authorization: Bearer ' $TOKEN \
 --data-raw '{"value": {"result_id": 0,"reviewers": [{"user_type": "CustomIDPUser", "id": "125", "email": "[email protected]", "name": "Valid Reviewer"}]}}'

Assign a local user as a reviewer

curl -X PUT '{{baseurl}}/api/preview/awf/certifications/{{cert_id}}/results' \
-H 'authorization: Bearer ' $TOKEN \
--data-raw '{"value": {"result_id": 0,"reviewers": [{"user_type": "localCookieUser", "id": "0ffcfbc7-6339-4aed-afa4-ff3bea505485", "email": "[email protected]", "name": "demo-auth0"}]}}'

Response

A successful response will be empty: {}.

PreviousList Certification ResultsNextForce Update Result

Last updated

Was this helpful?