Update Certification Result

Add decisions and notes to a certification result

Apply a decision, note, sign-off, or reviewer change to a numbered certification result.

Each row of the certification results can be annotated, marked as ACCEPTED, or REJECTED, signed-off, or assigned to a different reviewer.

Method

syntax

PUT

{{base_url}}/api/preview/awf/certifications/{certification_id}/results

Parameters

Name

Type

Description

cert_id

string

path

id of the certification to update

value

object

body

Mutable fields to update

value must include the result_id and any mutable fields to update:

Name

Type

Req.

Description

result_id

int

certification result number to update

decision

enum

The decision to apply to the result

notes

string

Send an empty string " " to clear the current note

signed_off_state

string

Can be: NOT_SIGNED_OFF, SIGNED_OFF

reviewers

Reviewersarray

Contains Workflow User details for assigned reviewers

Valid decisions are:

NONE // No decision has been made
ACCEPTED // The access described in the result row is acceptable
REJECTED // The access described in the result row isn't correct
FIXED // The access was rejected but has been fixed

Adding a note overwrites the previous value. Historical notes are included in the action log when Listing Certification Results. When viewing the row in the UI, only the most recent note is shown.

Re-assigning `reviewers`

A result’s reviewer can be reassigned by updating the reviewers field with a list of one or more Access Workflow User objects:

Name

Type

Req.

Description

user_type

string

Must be the same user_type as configured for the primary workflows Identity Provider. Typical values are OktaUser, CustomIDPUser, or AzureADUser.

id

string

The user_identity_property set when configuring the workflows IdP is used to validate a Workflow Reviewer's identity. For an Okta user, this would be an id such as 00upa6s0hSGtl1eGL5d5. For a Custom IdP user, this will typically be the IdP users identity set within the OAA payload.

email

string

Must match the email property on the local user or graph node.

name

string

Must match the name property on the local user or graph node.

curl -X PUT '{{baseurl}}/api/preview/awf/certifications/{{cert_id}}/results' \
-H 'authorization: Bearer ' $TOKEN \
 --data-raw '{"value": {"result_id": 0,"reviewers": [{"user_type": "CustomIDPUser", "id": "125", "email": "cookiedemo@cookie.ai", "name": "Valid Reviewer"}]}}'

Note that all fields are required when assigning a reviewer. As of the current release, there is no customer-facing API to get local user ids. For this reason, API-based reviewer reassignment is recommended only when a graph IdP is configured as the Global Workflows IdP, and you can programmatically retrieve required identifiers such as user "name," "id," and "email."

Examples

Reject with note

curl -X PUT '{{baseurl}}/api/preview/awf/certifications/f9123002-f056-491f-978f-f203bc9885ed/results' \
  -H 'authorization: Bearer '$token \
  --data-raw '{
  "value": {
    "result_id": 0,
    "decision": "REJECTED",
    "notes": "Over-privileged"
  }
}'

Change the reviewer to a Custom IdP user

curl -X PUT '{{baseurl}}/api/preview/awf/certifications/{{cert_id}}/results' \
-H 'authorization: Bearer ' $TOKEN \
 --data-raw '{"value": {"result_id": 0,"reviewers": [{"user_type": "CustomIDPUser", "id": "125", "email": "cookiedemo@cookie.ai", "name": "Valid Reviewer"}]}}'

Assign a local user as a reviewer

curl -X PUT '{{baseurl}}/api/preview/awf/certifications/{{cert_id}}/results' \
-H 'authorization: Bearer ' $TOKEN \
--data-raw '{"value": {"result_id": 0,"reviewers": [{"user_type": "localCookieUser", "id": "0ffcfbc7-6339-4aed-afa4-ff3bea505485", "email": "cookie@cookie.ai", "name": "demo-auth0"}]}}'

Response

A successful response will be empty: {}.

PreviousList Certification Results NextForce Update Result

Last updated 5 months ago