Print Download PDF Send Feedback

Previous

Next

Add Identity (v1.0)

Description

Creates a new Identity Awareness association for a specified IP address.

Syntax

POST https://<Gateway_IP_or_FQDN>/_IA_API/v1.0/add-identity

Parameter

Type

Description

Default value

shared-secret

String

Shared secret

N/A

ip-address

String (IP)

Association IP. Supports either IPv4 or IPv6, but not both.

N/A

user

String

User name

Empty string

machine

String

Computer name

Empty string

domain

String

Domain name

Empty string

session-timeout

Integer

Timeout (in seconds) for this Identity Awareness association

43200 (12 hours)

fetch-user-groups

Boolean (0/1)

Defines whether Identity Awareness fetches the user's groups from the user directories defined in SmartConsole.

1

fetch-machine-groups

Boolean (0/1)

Defines whether Identity Awareness fetches the machine's groups from the user directories defined in SmartConsole.

1

user-groups

Array of strings

List of groups, to which the user belongs (when Identity Awareness does not fetch user groups).

Empty array

machine-groups

Array of strings

List of groups, to which the computer belongs (when Identity Awareness does not fetch computer groups).

Empty array

calculate-roles

Boolean (0/1)

Defines whether Identity Awareness calculates the identity’s Access Roles.

1

roles

Array of strings

List of roles to assign to this identity (when Identity Awareness does not calculate roles).

Empty array

machine-os

String

Host operating system. For example: Windows 7.

Empty string

host-type

String

Type of host device. For example: Apple iOS device.

Empty string

Response

Parameter

Type

Description

ipv6-address

String (IP)

Created IPv6 identity

ipv4-address

String (IP)

Created IPv4 identity

message

String

Textual description of the command’s result

Best Practice - You must include the domain name whenever available. This ensures the user is authorized by the correct server, improves performance and prevents incorrect authorization, when there are identical user names in more than one domain.

Notes:

Examples

Example request 1: Minimum request for user identity generation

POST https://gw.acme.com/_IA_API/v1.0/add-identity

{

"shared-secret":"****",

"ip-address":"1.2.3.5",

"user":"mary",

}

Response 1

{

"ipv4-address":"1.2.3.5",

"message":"Association sent to PDP."

}

Example request 2: User-defined groups, calculate roles

POST https://gw.acme.com/_IA_API/v1.0/add-identity

{

"shared-secret":"****",

"ip-address":"1.1.1.1",

"user":"john",

"machine":"",

"domain":"cme.com",

"user-groups": ["MyUserGroup"],

"roles":[],

"timeout":43200,

"fetch-user-groups":0,

"calculate-roles":1,

"identity-source":"ACME API Client"

}

Response 2

{

"ipv4-address":"1.1.1.1",

"message":"Association sent to PDP."

}

Example request 3: User-defined groups and roles, detailed information

{

"shared-secret":"****",

"user":"John",

"machine":"Laptop_1234",

"ip-address":"2.2.2.2",

"identity-source":"ACME API Client",

"machine-os":"Windows 10 (Build 1176)",

"host-type":"Laptop",

"fetch-user-groups":0,

"fetch-machine-groups":0,

"calculate-roles":0,

"session-timeout":43200,

"user-groups":["EnterpriseFinanceUsers","ad_user_JohnDoe"],

"machine-groups":["EnterpriseLaptopMachines"],

"roles":["FinanceUser","StandardLaptop"]

}

Response 3

{

"ipv4-address" : "2.2.2.2",

"message" : "Association sent to PDP."

}