Print Download PDF Send Feedback

Previous

Next

Delete Identity (v1.0)

Description

Delete Identity Awareness associations for one IP address, a range of IP addresses, or a subnet.

Syntax

POST https://<GW_IP_or_FQDN>/_IA_API/v1.0/delete-identity

Parameter

Type

Description

Default value

shared-secret

String

Shared secret.

N/A

ip-address

String (IP)

Association IP address. Required when you revoke a single IP address.

Empty

revoke-method

String

Type of revoke method. It can be empty for the deletion of a single association by an IP address.

Otherwise permitted values:

mask - for the deletion of all associations in a subnet.

range - for the deletion of all associations in a range.

Empty

subnet

String (IP)

Subnet. Required when the revoke method is mask.

Empty

subnet-mask

String (IP)

Subnet mask. Required when the revoke method is mask.

Empty

ip-address-first

String (IP)

First IP address in the range. Required when the revoke method is range.

Empty

ip-address-last

String (IP)

Last IP address in the range. Required when the revoke method is range.

Empty

client-type

String

Deletes only associations created by the specified identity source. If no value is set for the client-type parameter, or if it is set to any, the gateway deletes all identities associated with the given IP (or IPs) (see the client type table for a list of the permitted values).

Note - When the client-type is set to vpn (remote access), the gateway deletes all the identities associated with the given IP address(es). This is because when you delete an identity associated with an Office Mode IP address, this usually means that this Office Mode IP address is no longer valid.

Any

List of identity sources for the client-type parameter:

Client type

Description

any

All identity sources

captive-portal

Browser-Based Authentication

ida-agent

Identity Agents

vpn

Remote Access

ad-query

Active Directory query

multihost-agent

Terminal Servers (multi-user host agent)

radius

RADIUS Accounting

ida-api

Identity Web API

identity-collector

Identity Collector

Response

Parameter

Type

Description

ipv6-address

String (IP)

Deleted IPv6 association

ipv4-address

String (IP)

Deleted IPv4 association

message

String

Textual description of the command’s result

count

Unsigned integer

Number of deleted identities

Examples

Example request 1: Delete by IP

POST https://gw.acme.com/_IA_API/1.0/delete-identity

{

"shared-secret":"****",

"ip-address":"1.1.1.1"

}

Response 1

{

"count":"1",

"ipv4-address":"1.1.1.1",

"message":"Disassociation sent to PDP."

}

Example request 2: Delete by IP range

POST https://gw.acme.com/_IA_API/v1.0/delete-identity

{

"shared-secret":"****",

"revoke-method":"range",

"ip-address-first":"1.1.1.2",

"ip-address-last":"1.1.1.3"

}

Response 2

{

"count":"2",

"message":"Total of 2 IPs disassociations will be processed."

}

Example request 3: Delete by IP subnet

POST https://gw.acme.com/_IA_API/idasdk/delete-identity

{

"shared-secret":"****",

"revoke-method":" mask",

"subnet":"1.1.1.1",

"subnet-mask":"255.255.255.0"

}

Response 3

{

"count":"100",

"message":"Total of 100 IPs disassociations will be processed."

}

17 October 2020
Was this helpful?
Incorrect information Not what I'm looking for Too much information Confusing information
© 2020 Check Point Software Technologies Ltd. All rights reserved.