Print Download PDF Send Feedback

Previous

Next

Query Identity (v1.0)

Description

Queries the Identity Awareness associations of a given IP address.

Syntax

POST https://<Gateway_IP_or_FQDN>/_IA_API/idasdk/show-identity

Parameter

Type

Description

Default Value

shared-secret

String

Shared secret

N/A

ip-address

String (IP)

Identity IP address

N/A

Response

Parameter

Type

Description

ipv6-address

String (IP)

Queried IPv6 identity

ipv4-address

String (IP)

Queried IPv4 identity

message

String

Textual description of the command’s result

users

Array

All user identities on this IP. The Information includes these fields:

  • Users' full names (full name if available, falls back to user name if not)
  • Array of groups
  • Array of roles
  • Identity source

machine

String

Computer name, if available

machine-groups

Array

List of computer groups

combined-roles

Array

List of all the Access Roles on this IP, for auditing and enforcement purposes.

machine-identity-source

String

Machine session’s identity source, if the machine session is available.

Note - If more than one identity source authenticated the user, the result shows a separate record for each identity source.

Examples

Request 1

POST https://gw.acme.com/_IA_API/v1.0/show-identity

{

"shared-secret":"****",

"ip-address":"1.1.1.1"

}

 

Response 1: User identity is available

{

"combined-roles":[

"All_Identified_Users",

"User_John"

],

"domain":"cme.com",

"ipv4-address":"1.1.1.1",

"machine":"admin-pc@cme.com",

"message":"total 1 user records were found.",

"users":[

{

"groups":[

"All Users",

"ad_user_John_Smith"

],

"identity-source':AD Query",

"roles":[

"All_identified_Users",

"User_John"

],

"user":"JohnSmith"

}

]

}

Response 2: User and computer identities are available

{

"combined-roles":[

"Admin-PC_cme.com",

"All_Identified_Users",

"User_John"

],

"domain":"cme.com",

"ipv4-address":"192.168.110.126",

"machine":"admin-pc@ad.ida",

"machine-groups":[

"ad_machine_ADMINPC",

"All Machines"

],

"machine-identity-source":"Identiy Awareness API (ACME API Client):,

"message":"total 1 user records were found.",

"users":[

{

"groups":[

"All Users",

"ad_user_John_Smith"

],

"identity-source": "Identity Awareness API (ACME API Client)",

"roles":[

"Admin-PC_ad.ida",

"All_Identified_Users",

"User_John"

],

"user":"John Smith"

}

]

}

Response 3: Multiple user identities are available

{

"combined-roles":[

"Admin-PC",

"All_Identified_Users",

"User_John"

],

"domain":"cme.com",

"ipv4-address":"192.168.110.126",

"machine":"admin-pc@cme.com",

"machine-identity-source":"AD Query",

"ad_machine_ADMINPC",

"All Machines"

],

"message":"total 2 user records were found.",

"users":[

{

"groups":[

"All Users"

],

"identity-source": "AD Query",

"roles":[

"Admin-PC",

"All_Identified_Users"

],

"user":"George Black"

},

{

"groups":[

"All Users",

"ad_user_John_Smith"

],

"identity-source": "AD Query",

"roles":[

"Admin-PC",

"All_Identified_Users",

"User_John"

],

"user":"John Smith"

}

]

}

Response 4: No identity found

{

"ipv4-address" : "1.1.1.1",

"message" : "total 0 user records were found."

}