Query Identity (v1.0)

Description

Queries the Identity Awareness associations of a given IP address.

Syntax

POST https://<Gateway_IP_or_FQDN>/_IA_API/idasdk/show-identity

Parameter	Type	Description	Default Value
`shared-secret`	String	Shared secret	N/A
`ip-address`	String (IP)	Identity IP address	N/A

Response

Parameter	Type	Description
`ipv6-address`	String (IP)	Queried IPv6 identity
`ipv4-address`	String (IP)	Queried IPv4 identity
`message`	String	Textual description of the command’s result
`users`	Array	All user identities on this IP. The Information includes these fields: Users' full names (full name if available, falls back to user name if not) Array of groups Array of roles Identity source
`machine`	String	Computer name, if available
`machine-groups`	Array	List of computer groups
`combined-roles`	Array	List of all the Access Roles on this IP, for auditing and enforcement purposes.
`machine-identity-source`	String	Machine session’s identity source, if the machine session is available.

Note - If more than one identity source authenticated the user, the result shows a separate record for each identity source.

Examples

Request 1

POST https://gw.acme.com/_IA_API/v1.0/show-identity

{

"shared-secret":"****",

"ip-address":"1.1.1.1"

}

Response 1: User identity is available

{

"combined-roles":[

"All_Identified_Users",

"User_John"

"domain":"cme.com",

"ipv4-address":"1.1.1.1",

"machine":"admin-pc@cme.com",

"message":"total 1 user records were found.",

"users":[

{

"groups":[

"All Users",

"ad_user_John_Smith"

"identity-source':AD Query",

"roles":[

"All_identified_Users",

"User_John"

"user":"JohnSmith"

}

]

}

Response 2: User and computer identities are available

{

"combined-roles":[

"Admin-PC_cme.com",

"All_Identified_Users",

"User_John"

"domain":"cme.com",

"ipv4-address":"192.168.110.126",

"machine":"admin-pc@ad.ida",

"machine-groups":[

"ad_machine_ADMINPC",

"All Machines"

"machine-identity-source":"Identiy Awareness API (ACME API Client):,

"message":"total 1 user records were found.",

"users":[

{

"groups":[

"All Users",

"ad_user_John_Smith"

"identity-source": "Identity Awareness API (ACME API Client)",

"roles":[

"Admin-PC_ad.ida",

"All_Identified_Users",

"User_John"

"user":"John Smith"

}

]

}

Response 3: Multiple user identities are available

{

"combined-roles":[

"Admin-PC",

"All_Identified_Users",

"User_John"

"domain":"cme.com",

"ipv4-address":"192.168.110.126",

"machine":"admin-pc@cme.com",

"machine-identity-source":"AD Query",

"ad_machine_ADMINPC",

"All Machines"

"message":"total 2 user records were found.",

"users":[

{

"groups":[

"All Users"

"identity-source": "AD Query",

"roles":[

"Admin-PC",

"All_Identified_Users"

"user":"George Black"

{

"groups":[

"All Users",

"ad_user_John_Smith"

"identity-source": "AD Query",

"roles":[

"Admin-PC",

"All_Identified_Users",

"User_John"

"user":"John Smith"

}

]

}

Response 4: No identity found

{

"ipv4-address" : "1.1.1.1",

"message" : "total 0 user records were found."

}