Skip to content
ConductorOne Docs
  • Auto
  • Light
  • Dark
Get Started

Create

Create
client.policies.create(PolicyCreateParamsbody, RequestOptionsoptions?): policyPolicyPolicyCreateResponse
post/api/v1/policies

Create a policy.

Parameters
bodydisplayNamestringdescriptionstringpolicyStepsRecord<string, PolicySteps>policyTypeunionpostActionsunionreassignTasksToDelegatesbooleanrulesunionPolicyCreateParams
Hide ParametersShow Parameters
displayNamestring

The display name of the new policy.

descriptionstring
optional

The description of the new policy.

policyStepsRecord<string, PolicySteps>
optional

The map of policy type to policy steps. The key is the stringified version of the enum. See other policies for examples.

Hide ParametersShow Parameters
stepsunion
optional
Array<acceptunionapprovalunionprovisionunionrejectunionwaitunionC1APIPolicyV1PolicyStep> | null

An array of policy steps indicating the processing flow of a policy. These steps are oneOfs, and only one property may be set for each array index at a time.

Hide ParametersShow Parameters
acceptunion
optional
acceptMessagestringC1APIPolicyV1Accept | null

This policy step indicates that a ticket should have an approved outcome. This is a terminal approval state and is used to explicitly define the end of approval steps.

approvalunion
optional
agentunionallowedReassigneesunionallowReassignmentbooleanappOwnersunionassignedbooleanentitlementOwnersunionescalationEscalationescalationEnabledbooleanexpressionuniongroupunionmanagerunionrequireApprovalReasonbooleanrequireDenialReasonbooleanrequireReassignmentReasonbooleanrequiresStepUpProviderIdstringresourceOwnersunionselfunionusersunionwebhookunionApproval | null

The Approval message.

This message contains a oneof named typ. Only a single field of the following list may be set at a time:

  • users
  • manager
  • appOwners
  • group
  • self
  • entitlementOwners
  • expression
  • webhook
  • resourceOwners
  • agent
provisionunion
optional
assignedbooleanprovisionPolicyC1APIPolicyV1ProvisionPolicyprovisionTargetProvisionTargetProvision | null

The provision step references a provision policy for this step.

rejectunion
optional
rejectMessagestringC1APIPolicyV1Reject | null

This policy step indicates that a ticket should have a denied outcome. This is a terminal approval state and is used to explicitly define the end of approval steps.

waitunion
optional
commentOnFirstWaitstringcommentOnTimeoutstringconditionunionnamestringtimeoutDurationstringC1APIPolicyV1Wait | null

Define a Wait step for a policy to wait on a condition to be met.

This message contains a oneof named until. Only a single field of the following list may be set at a time:

  • condition
policyTypeunion
optional
"POLICY_TYPE_UNSPECIFIED" | "POLICY_TYPE_GRANT" | "POLICY_TYPE_REVOKE" | 3 more

The enum of the policy type.

Hide ParametersShow Parameters
"POLICY_TYPE_UNSPECIFIED"
"POLICY_TYPE_GRANT"
"POLICY_TYPE_REVOKE"
"POLICY_TYPE_CERTIFY"
"POLICY_TYPE_ACCESS_REQUEST"
"POLICY_TYPE_PROVISION"
postActionsunion
optional
Array<certifyRemediateImmediatelyunionPolicyPostActions> | null

Actions to occur after a policy finishes. As of now this is only valid on a certify policy to remediate a denied certification immediately.

Hide ParametersShow Parameters
certifyRemediateImmediatelyunion
optional
boolean | null

ONLY valid when used in a CERTIFY Ticket Type: Causes any deprovision or change in a grant to be applied when Certify Ticket is closed. This field is part of the action oneof. See the documentation for c1.api.policy.v1.PolicyPostActions for more details.

reassignTasksToDelegatesboolean
optional

Allows reassigning tasks to delegates.

rulesunion
optional
Array<conditionstringpolicyKeystringRule> | null

The rules field.

Hide ParametersShow Parameters
conditionstring
optional

The condition field.

policyKeystring
optional

This is a reference to a list of policy steps from policy_steps

Returns
PolicyCreateResponse

The CreatePolicyResponse message contains the created policy object.

Hide ParametersShow Parameters
policyidstringcreatedAtstringdeletedAtstringdescriptionstringdisplayNamestringpolicyStepsRecord<string, PolicySteps>policyTypeunionpostActionsunionreassignTasksToDelegatesbooleanrulesunionsystemBuiltinbooleanupdatedAtstringPolicy
optional

A policy describes the behavior of the ConductorOne system when processing a task. You can describe the type, approvers, fallback behavior, and escalation processes.

Request example TypeScript
import ConductoroneSDK from 'conductorone-sdk';

const client = new ConductoroneSDK({
  apiKey: 'My API Key',
});

const policy = await client.policies.create({ displayName: 'displayName' });

console.log(policy.policy);
200 Example
{
  "policy": {
    "description": "description",
    "displayName": "displayName",
    "policySteps": {
      "foo": {
        "steps": [
          {
            "accept": {
              "acceptMessage": "acceptMessage"
            },
            "approval": {
              "agent": {
                "agentMode": "APPROVAL_AGENT_MODE_UNSPECIFIED",
                "agentUserId": "agentUserId",
                "instructions": "instructions",
                "policyIds": [
                  "string"
                ]
              },
              "allowedReassignees": [
                "string"
              ],
              "allowReassignment": true,
              "appOwners": {
                "allowSelfApproval": true
              },
              "entitlementOwners": {
                "allowSelfApproval": true,
                "fallback": true,
                "fallbackUserIds": [
                  "string"
                ]
              },
              "escalation": {
                "escalationComment": "escalationComment",
                "expiration": "expiration",
                "reassignToApprovers": {
                  "approverIds": [
                    "string"
                  ]
                },
                "replacePolicy": {
                  "policyId": "policyId"
                }
              },
              "escalationEnabled": true,
              "expression": {
                "allowSelfApproval": true,
                "expressions": [
                  "string"
                ],
                "fallback": true,
                "fallbackUserIds": [
                  "string"
                ]
              },
              "group": {
                "allowSelfApproval": true,
                "appGroupId": "appGroupId",
                "appId": "appId",
                "fallback": true,
                "fallbackUserIds": [
                  "string"
                ]
              },
              "manager": {
                "allowSelfApproval": true,
                "fallback": true,
                "fallbackUserIds": [
                  "string"
                ]
              },
              "requireApprovalReason": true,
              "requireDenialReason": true,
              "requireReassignmentReason": true,
              "requiresStepUpProviderId": "requiresStepUpProviderId",
              "resourceOwners": {
                "allowSelfApproval": true,
                "fallback": true,
                "fallbackUserIds": [
                  "string"
                ]
              },
              "self": {
                "fallback": true,
                "fallbackUserIds": [
                  "string"
                ]
              },
              "users": {
                "allowSelfApproval": true,
                "userIds": [
                  "string"
                ]
              },
              "webhook": {
                "webhookId": "webhookId"
              }
            },
            "provision": {
              "assigned": true,
              "provisionPolicy": {
                "connector": {
                  "account": {
                    "config": {
                      "foo": "bar"
                    },
                    "connectorId": "connectorId",
                    "doNotSave": {},
                    "saveToVault": {
                      "vaultIds": [
                        "string"
                      ]
                    },
                    "schemaId": "schemaId"
                  },
                  "defaultBehavior": {
                    "connectorId": "connectorId"
                  },
                  "deleteAccount": {
                    "connectorId": "connectorId"
                  }
                },
                "delegated": {
                  "appId": "appId",
                  "entitlementId": "entitlementId",
                  "implicit": true
                },
                "externalTicket": {
                  "appId": "appId",
                  "connectorId": "connectorId",
                  "externalTicketProvisionerConfigId": "externalTicketProvisionerConfigId",
                  "instructions": "instructions"
                },
                "manual": {
                  "instructions": "instructions",
                  "userIds": [
                    "string"
                  ]
                },
                "unconfigured": {},
                "webhook": {
                  "webhookId": "webhookId"
                }
              },
              "provisionTarget": {
                "appEntitlementId": "appEntitlementId",
                "appId": "appId",
                "appUserId": "appUserId",
                "grantDuration": "grantDuration"
              }
            },
            "reject": {
              "rejectMessage": "rejectMessage"
            },
            "wait": {
              "commentOnFirstWait": "commentOnFirstWait",
              "commentOnTimeout": "commentOnTimeout",
              "condition": {
                "condition": "condition"
              },
              "name": "name",
              "timeoutDuration": "timeoutDuration"
            }
          }
        ]
      }
    },
    "policyType": "POLICY_TYPE_UNSPECIFIED",
    "postActions": [
      {
        "certifyRemediateImmediately": true
      }
    ],
    "reassignTasksToDelegates": true,
    "rules": [
      {
        "condition": "condition",
        "policyKey": "policyKey"
      }
    ]
  }
}