Integrate Administration API

Administrators can integrate Identity as a Service user administration into their application by using the Identity as a Service Administrator REST APIs. This API allows you to seamlessly perform administrative actions on Identity as a Service users and authenticators without logging in to the Identity as a Service administrator portal. Identity as a Service provides a JSON file that contains the credentials needed for the API integration to authenticate to Identity as a Service.

Step 1: Add an Administration API and configure the General settings

1. Click > Security > Applications. The Applications page appears.

2. Click Add. The Select an Application Template page appears.

3. Do one of the following:

● Select Identity as a Service Integrations from the search drop-down list and scroll to find the application you want to add to IDaaS.

- or -

● In the Search bar, enter a search option to filter for the application you want to add to IDaaS.

4. Click Administration API. The Add Administration API page appears.

5. In the Application Name field, type a name for your application.

6. In the Application Description field, type a description for your application.

7. From the Select Role drop-down list, select to the role you want to assign to the API application. The role defines the operations that can be performed using this API application. You can select one of the Identity as a Service system-defined roles or a custom role. You cannot select No Role Assigned.

System-defined roles include:

● Auditor: This role grants view-only access to users, authenticators, roles, and tokens on the integrated Identity as a Service account.

● Help Desk Administrators: This role allows you to add or remove users and their authenticators.

● SIEM Add-on: This role provides full access to all SIEM management functions in view-only mode.

● Super Administrator: This role allows you to add or remove users and their authenticators, and query your Identity as a Service account roles.

● SCIM Provisioning: This role allows the SCIM provisioning application to perform resource provisioning using SCIM protocols.

● On-boarding Administrator: This role allows a user assigned this role to manage Tenant accounts. Only for Service Provider super account managers can select this role. If you are not a Service Provider super account manager, this option is not visible.

● AD Connector: This role allows the AD Connector application to perform AD Connector directory synchronization.

8. If required, from the Select IP List drop-down list, select the IP List to restrict user access only to IP addresses included in the IP List. The default is None to allow access for all IP addresses.

9. Select Allow this application to use a long-lived token for authentication. This generates a long-lived token (one that does not expire) for API requests.

10. Click Save. The Application Credentials dialog box appears. Do one of the following:

● Click Copy to Clipboard to copy the applicationId, hostname and sharedSecret. You need these values to set up your Administration API.

● Click Download to download a JSON file that contains the API credentials for this application.

11. Click OK.

12. Proceed to Step 2: Configure Customizations.

Step 2: Configure Customizations

1. Click the Customization tab. The Customization page appears.

2. Optional. Add a custom application logo, as follows:

a. Click next to Application Logo. The Upload Logo dialog box appears.

b. Click to select an image file to upload.

c. Browse to select your file and click Open. The Upload Logo dialog box displays your selected image.

d. If required, resize your image.

e. Click OK.

3. Click Save.

4. Proceed to Step 3: Configure a resource rule.

Integrate Administration API

Step 1: Add an Administration API and configure the General settings

Step 2: Configure Customizations

Steps 3: Configure a resource rule