Tasks

Tasks

Tasks

Get

client.tasks.retrieve(stringid, RequestOptionsoptions?): expandeduniontaskViewTaskViewTaskRetrieveResponse

get/api/v1/tasks/{id}

Create Grant Task

client.tasks.createGrantTask(TaskCreateGrantTaskParamsbody, RequestOptionsoptions?): expandeduniontaskViewTaskViewTaskCreateGrantTaskResponse

post/api/v1/task/grant

Create Offboarding Task

client.tasks.createOffboardingTask(TaskCreateOffboardingTaskParamsbody?, RequestOptionsoptions?): expandeduniontaskViewTaskViewTaskCreateOffboardingTaskResponse

post/api/v1/task/offboarding

Create Revoke Task

client.tasks.createRevokeTask(TaskCreateRevokeTaskParamsbody, RequestOptionsoptions?): expandeduniontaskViewTaskViewTaskCreateRevokeTaskResponse

post/api/v1/task/revoke

List

client.tasks.listAudits(TaskListAuditsParamsbody?, RequestOptionsoptions?): listunionnextPageTokenstringTaskListAuditsResponse

post/api/v1/task/audits

App Entitlement Reference

AppEntitlementReference

This object references an app entitlement's ID and AppID.

ShowShow

appEntitlementIdstring

optional

The ID of the Entitlement.

appIdstring

optional

The ID of the App this entitlement belongs to.

Approval

Approval

The Approval message.

This message contains a oneof named typ. Only a single field of the following list may be set at a time:

• users
• manager
• appOwners
• group
• self
• entitlementOwners
• expression
• webhook
• resourceOwners
• agent

ShowShow

agentunion

optional

agentModeunionagentUserIdstringinstructionsstringpolicyIdsunionAgent | null

The agent to assign the task to.

Hide ParametersShow Parameters

agentModeunion

optional

"APPROVAL_AGENT_MODE_UNSPECIFIED" | "APPROVAL_AGENT_MODE_FULL_CONTROL" | "APPROVAL_AGENT_MODE_CHANGE_POLICY_ONLY" | "APPROVAL_AGENT_MODE_COMMENT_ONLY"

The mode of the agent, full control, change policy only, or comment only.

Hide ParametersShow Parameters

"APPROVAL_AGENT_MODE_UNSPECIFIED"

"APPROVAL_AGENT_MODE_FULL_CONTROL"

"APPROVAL_AGENT_MODE_CHANGE_POLICY_ONLY"

"APPROVAL_AGENT_MODE_COMMENT_ONLY"

agentUserIdstring

optional

The agent user ID to assign the task to.

instructionsstring

optional

Instructions for the agent.

policyIdsunion

optional

Array<string> | null

The allow list of policy IDs to re-route the task to.

allowedReassigneesunion

optional

Array<string> | null

List of users for whom this step can be reassigned.

allowReassignmentboolean

optional

Configuration to allow reassignment by reviewers during this step.

appOwnersunion

optional

allowSelfApprovalbooleanAppOwners | null

App owner approval provides the configuration for an approval step when the app owner is the target.

Hide ParametersShow Parameters

allowSelfApprovalboolean

optional

Configuration that allows a user to self approve if they are an app owner during this approval step.

assignedboolean

optional

A field indicating whether this step is assigned.

entitlementOwnersunion

optional

allowSelfApprovalbooleanfallbackbooleanfallbackUserIdsunionEntitlementOwners | null

The entitlement owner approval allows configuration of the approval step when the target approvers are the entitlement owners.

Hide ParametersShow Parameters

allowSelfApprovalboolean

optional

Configuration to allow self approval if the target user is an entitlement owner during this step.

fallbackboolean

optional

Configuration to allow a fallback if the entitlement owner cannot be identified.

fallbackUserIdsunion

optional

Array<string> | null

Configuration to specific which users to fallback to if fallback is enabled and the entitlement owner cannot be identified.

escalationescalationCommentstringexpirationstringreassignToApproversunionreplacePolicyunionEscalation

optional

The Escalation message.

This message contains a oneof named escalation_policy. Only a single field of the following list may be set at a time:

• replacePolicy
• reassignToApprovers

Hide ParametersShow Parameters

escalationCommentstring

optional

The escalationComment field.

expirationstring

optional

The expiration field.

formatint64

reassignToApproversunion

optional

approverIdsunionReassignToApprovers | null

The ReassignToApprovers message.

Hide ParametersShow Parameters

approverIdsunion

optional

Array<string> | null

The approverIds field.

replacePolicyunion

optional

policyIdstringReplacePolicy | null

The ReplacePolicy message.

Hide ParametersShow Parameters

policyIdstring

optional

The policyId field.

escalationEnabledboolean

optional

Whether escalation is enabled for this step.

expressionunion

optional

allowSelfApprovalbooleanassignedUserIdsunionexpressionsunionfallbackbooleanfallbackUserIdsunionExpression | null

The ExpressionApproval message.

Hide ParametersShow Parameters

allowSelfApprovalboolean

optional

Configuration to allow self approval of if the user is specified and also the target of the ticket.

assignedUserIdsunion

optional

Array<string> | null

The assignedUserIds field.

expressionsunion

optional

Array<string> | null

Array of dynamic expressions to determine the approvers. The first expression to return a non-empty list of users will be used.

fallbackboolean

optional

Configuration to allow a fallback if the expression does not return a valid list of users.

fallbackUserIdsunion

optional

Array<string> | null

Configuration to specific which users to fallback to if and the expression does not return a valid list of users.

groupunion

optional

allowSelfApprovalbooleanappGroupIdstringappIdstringfallbackbooleanfallbackUserIdsunionGroup | null

The AppGroupApproval object provides the configuration for setting a group as the approvers of an approval policy step.

Hide ParametersShow Parameters

allowSelfApprovalboolean

optional

Configuration to allow self approval if the target user is a member of the group during this step.

appGroupIdstring

optional

The ID of the group specified for approval.

appIdstring

optional

The ID of the app that contains the group specified for approval.

fallbackboolean

optional

Configuration to allow a fallback if the group is empty.

fallbackUserIdsunion

optional

Array<string> | null

Configuration to specific which users to fallback to if fallback is enabled and the group is empty.

managerunion

optional

allowSelfApprovalbooleanassignedUserIdsunionfallbackbooleanfallbackUserIdsunionManager | null

The manager approval object provides configuration options for approval when the target of the approval is the manager of the user in the task.

Hide ParametersShow Parameters

allowSelfApprovalboolean

optional

Configuration to allow self approval if the target user is their own manager. This may occur if a service account has an identity user and manager specified as the same person.

assignedUserIdsunion

optional

Array<string> | null

The array of users determined to be the manager during processing time.

fallbackboolean

optional

Configuration to allow a fallback if no manager is found.

fallbackUserIdsunion

optional

Array<string> | null

Configuration to specific which users to fallback to if fallback is enabled and no manager is found.

requireApprovalReasonboolean

optional

Configuration to require a reason when approving this step.

requireDenialReasonboolean

optional

Configuration to require a reason when denying this step.

requireReassignmentReasonboolean

optional

Configuration to require a reason when reassigning this step.

requiresStepUpProviderIdstring

optional

The ID of a step-up authentication provider that will be required for approvals on this step. If set, approvers must complete the step-up authentication flow before they can approve.

resourceOwnersunion

optional

allowSelfApprovalbooleanfallbackbooleanfallbackUserIdsunionResourceOwners | null

The resource owner approval allows configuration of the approval step when the target approvers are the resource owners.

Hide ParametersShow Parameters

allowSelfApprovalboolean

optional

Configuration to allow self approval if the target user is an resource owner during this step.

fallbackboolean

optional

Configuration to allow a fallback if the resource owner cannot be identified.

fallbackUserIdsunion

optional

Array<string> | null

Configuration to specific which users to fallback to if fallback is enabled and the resource owner cannot be identified.

selfunion

optional

assignedUserIdsunionfallbackbooleanfallbackUserIdsunionSelf | null

The self approval object describes the configuration of a policy step that needs to be approved by the target of the request.

Hide ParametersShow Parameters

assignedUserIdsunion

optional

Array<string> | null

The array of users determined to be themselves during approval. This should only ever be one person, but is saved because it may change if the owner of an app user changes while the ticket is open.

fallbackboolean

optional

Configuration to allow a fallback if the identity user of the target app user cannot be determined.

fallbackUserIdsunion

optional

Array<string> | null

Configuration to specific which users to fallback to if fallback is enabled and the identity user of the target app user cannot be determined.

usersunion

optional

allowSelfApprovalbooleanuserIdsunionUsers | null

The user approval object describes the approval configuration of a policy step that needs to be approved by a specific list of users.

Hide ParametersShow Parameters

allowSelfApprovalboolean

optional

Configuration to allow self approval of if the user is specified and also the target of the ticket.

userIdsunion

optional

Array<string> | null

Array of users configured for approval.

webhookunion

optional

webhookIdstringWebhook | null

The WebhookApproval message.

Hide ParametersShow Parameters

webhookIdstring

optional

The ID of the webhook to call for approval.

Approval Instance

ApprovalInstance

The approval instance object describes the way a policy step should be approved as well as its outcomes and state.

This message contains a oneof named outcome. Only a single field of the following list may be set at a time:

• approved
• denied
• reassigned
• restarted
• reassignedByError
• skipped

ShowShow

approvalunion

optional

agentunionallowedReassigneesunionallowReassignmentbooleanappOwnersunionassignedbooleanentitlementOwnersunionescalationEscalationescalationEnabledbooleanexpressionuniongroupunionmanagerunionrequireApprovalReasonbooleanrequireDenialReasonbooleanrequireReassignmentReasonbooleanrequiresStepUpProviderIdstringresourceOwnersunionselfunionusersunionwebhookunionApproval | null

The Approval message.

This message contains a oneof named typ. Only a single field of the following list may be set at a time:

• users
• manager
• appOwners
• group
• self
• entitlementOwners
• expression
• webhook
• resourceOwners
• agent

approvedunion

optional

approvedAtstringentitlementsunionstepUpTransactionIdstringuserIdstringApproved | null

The approved action indicates that the approvalinstance had an outcome of approved.

Hide ParametersShow Parameters

approvedAtstring

optional

formatdate-time

entitlementsunion

optional

Array<appEntitlementIdstringappIdstringAppEntitlementReference> | null

The entitlements that were approved. This will only ever be a list of one entitlement.

Hide ParametersShow Parameters

appEntitlementIdstring

optional

The ID of the Entitlement.

appIdstring

optional

The ID of the App this entitlement belongs to.

stepUpTransactionIdstring

optional

The ID of the step-up transaction that was used for this approval, if step-up was required.

userIdstring

optional

The UserID that approved this step.

deniedunion

optional

deniedAtstringuserIdstringDenied | null

The denied action indicates that the c1.api.policy.v1.ApprovalInstance had an outcome of denied.

Hide ParametersShow Parameters

deniedAtstring

optional

formatdate-time

userIdstring

optional

The UserID that denied this step.

escalationInstancealreadyEscalatedbooleanescalationCommentstringexpiresAtstringreassignToApproversunionreplacePolicyunionEscalationInstance

optional

The EscalationInstance message.

This message contains a oneof named escalation_policy. Only a single field of the following list may be set at a time:

• replacePolicy
• reassignToApprovers

Hide ParametersShow Parameters

alreadyEscalatedboolean

optional

The alreadyEscalated field.

escalationCommentstring

optional

The escalationComment field.

expiresAtstring

optional

formatdate-time

reassignToApproversunion

optional

approverIdsunionReassignToApprovers | null

The ReassignToApprovers message.

Hide ParametersShow Parameters

approverIdsunion

optional

Array<string> | null

The approverIds field.

replacePolicyunion

optional

policyIdstringReplacePolicy | null

The ReplacePolicy message.

Hide ParametersShow Parameters

policyIdstring

optional

The policyId field.

reassignedunion

optional

newPolicyStepIdstringreassignedAtstringuserIdstringReassigned | null

The ReassignedAction object describes the outcome of a policy step that has been reassigned.

Hide ParametersShow Parameters

newPolicyStepIdstring

optional

The ID of the policy step that was created as a result of this reassignment.

reassignedAtstring

optional

formatdate-time

userIdstring

optional

The UserID of the person who reassigned this step.

reassignedByErrorunion

optional

descriptionstringerrorCodestringerroredAtstringerrorUserIdstringnewPolicyStepIdstringreassignedAtstringReassignedByErrorAction | null

The ReassignedByErrorAction object describes the outcome of a policy step that has been reassigned because it had an error provisioning.

restartedunion

optional

oldPolicyStepIdstringrestartedAtstringuserIdstringRestarted | null

The restart action describes the outcome of policy steps for when the task was restarted. This can be applied to multiple steps since restart skips all pending next steps.

Hide ParametersShow Parameters

oldPolicyStepIdstring

optional

The step ID that was restarted. Potentially multiple "history" steps will reference this ID to indicate by what step they were restarted.

restartedAtstring

optional

formatdate-time

userIdstring

optional

The user that submitted the restart action.

skippedunion

optional

newPolicyStepIdstringskippedAtstringuserIdstringSkippedAction | null

The SkippedAction object describes the outcome of a policy step that has been skipped.

stateunion

optional

"APPROVAL_INSTANCE_STATE_UNSPECIFIED" | "APPROVAL_INSTANCE_STATE_INIT" | "APPROVAL_INSTANCE_STATE_SENDING_NOTIFICATIONS" | 2 more

The state of the approval instance

Hide ParametersShow Parameters

"APPROVAL_INSTANCE_STATE_UNSPECIFIED"

"APPROVAL_INSTANCE_STATE_INIT"

"APPROVAL_INSTANCE_STATE_SENDING_NOTIFICATIONS"

"APPROVAL_INSTANCE_STATE_WAITING"

"APPROVAL_INSTANCE_STATE_DONE"

Policy Step Instance

PolicyStepInstance

The policy step instance includes a reference to an instance of a policy step that tracks state and has a unique ID.

This message contains a oneof named instance. Only a single field of the following list may be set at a time:

• approval
• provision
• accept
• reject
• wait

ShowShow

idstring

optional

The ID of the PolicyStepInstance. This is required by many action submission endpoints to indicate what step you're approving.

acceptunion

optional

acceptMessagestringAccept | null

This policy step indicates that a ticket should have an approved outcome. This is a terminal approval state and is used to explicitly define the end of approval steps. The instance is just a marker for it being copied into an active policy.

Hide ParametersShow Parameters

acceptMessagestring

optional

An optional message to include in the comments when a task is automatically accepted.

approvalunion

optional

approvalunionapproveduniondeniedunionescalationInstanceEscalationInstancereassignedunionreassignedByErrorunionrestartedunionskippedunionstateunionApprovalInstance | null

The approval instance object describes the way a policy step should be approved as well as its outcomes and state.

This message contains a oneof named outcome. Only a single field of the following list may be set at a time:

• approved
• denied
• reassigned
• restarted
• reassignedByError
• skipped

policyGenerationIdstring

optional

The policy generation id refers to the version of the policy that this step was created from.

provisionunion

optional

cancelledunioncompletedunionerroredunionexternalTicketIdstringexternalTicketProvisionerConfigIdstringnotificationIdstringprovisionunionreassignedByErrorunionskippedunionstateunionwebhookIdstringwebhookInstanceIdstringProvision | null

A provision instance describes the specific configuration of an executing provision policy step including actions taken and notification id.

This message contains a oneof named outcome. Only a single field of the following list may be set at a time:

• completed
• cancelled
• errored
• reassignedByError
• skipped

Hide ParametersShow Parameters

cancelledunion

optional

cancelledAtstringcancelledByUserIdstringCancelled | null

The outcome of a provision instance that is cancelled.

Hide ParametersShow Parameters

cancelledAtstring

optional

formatdate-time

cancelledByUserIdstring

optional

The userID, usually the system, that cancells a provision instance.

completedunion

optional

completedAtstringentitlementsunionuserIdstringCompleted | null

The outcome of a provision instance that has been completed succesfully.

Hide ParametersShow Parameters

completedAtstring

optional

formatdate-time

entitlementsunion

optional

Array<appEntitlementIdstringappIdstringAppEntitlementReference> | null

The list of entitlements that were provisioned. This is leftover from an older design, and is only ever going to be a single entitlement.

Hide ParametersShow Parameters

appEntitlementIdstring

optional

The ID of the Entitlement.

appIdstring

optional

The ID of the App this entitlement belongs to.

userIdstring

optional

The UserID of who completed provisioning. For connector provisioning this is the system user id, for manual provisioning this is who clicked "provision complete"

erroredunion

optional

descriptionstringerrorCodestringerroredAtstringErrored | null

The outcome of a provision instance that has errored.

Hide ParametersShow Parameters

descriptionstring

optional

The description of a provision instance that has errored.

errorCodestring

optional

The error code of a provision instance that has errored. This is only PEC-1 for now, but more will be added in the future.

erroredAtstring

optional

formatdate-time

externalTicketIdstring

optional

This indicates the external ticket id for this step.

externalTicketProvisionerConfigIdstring

optional

This indicates the external ticket provisioner config id for this step.

notificationIdstring

optional

This indicates the notification id for this step.

provisionunion

optional

assignedbooleanprovisionPolicyC1APIPolicyV1ProvisionPolicyprovisionTargetProvisionTargetProvision | null

The provision step references a provision policy for this step.

reassignedByErrorunion

optional

descriptionstringerrorCodestringerroredAtstringerrorUserIdstringnewPolicyStepIdstringreassignedAtstringReassignedByErrorAction | null

The ReassignedByErrorAction object describes the outcome of a policy step that has been reassigned because it had an error provisioning.

skippedunion

optional

newPolicyStepIdstringskippedAtstringuserIdstringSkippedAction | null

The SkippedAction object describes the outcome of a policy step that has been skipped.

stateunion

optional

"PROVISION_INSTANCE_STATE_UNSPECIFIED" | "PROVISION_INSTANCE_STATE_INIT" | "PROVISION_INSTANCE_STATE_CREATE_CONNECTOR_ACTIONS_FOR_TARGET" | 7 more

This property indicates the current state of this step.

Hide ParametersShow Parameters

"PROVISION_INSTANCE_STATE_UNSPECIFIED"

"PROVISION_INSTANCE_STATE_INIT"

"PROVISION_INSTANCE_STATE_CREATE_CONNECTOR_ACTIONS_FOR_TARGET"

"PROVISION_INSTANCE_STATE_SENDING_NOTIFICATIONS"

"PROVISION_INSTANCE_STATE_WAITING"

"PROVISION_INSTANCE_STATE_WEBHOOK"

"PROVISION_INSTANCE_STATE_WEBHOOK_WAITING"

"PROVISION_INSTANCE_STATE_EXTERNAL_TICKET"

"PROVISION_INSTANCE_STATE_EXTERNAL_TICKET_WAITING"

"PROVISION_INSTANCE_STATE_DONE"

webhookIdstring

optional

This indicates the webhook id for this step.

webhookInstanceIdstring

optional

This indicates the webhook instance id for this step.

rejectunion

optional

rejectMessagestringReject | null

This policy step indicates that a ticket should have a denied outcome. This is a terminal approval state and is used to explicitly define the end of approval steps. The instance is just a marker for it being copied into an active policy.

Hide ParametersShow Parameters

rejectMessagestring

optional

An optional message to include in the comments when a task is automatically rejected.

stateunion

optional

"POLICY_STEP_STATE_UNSPECIFIED" | "POLICY_STEP_STATE_ACTIVE" | "POLICY_STEP_STATE_DONE"

The state of the step, which is either active or done.

Hide ParametersShow Parameters

"POLICY_STEP_STATE_UNSPECIFIED"

"POLICY_STEP_STATE_ACTIVE"

"POLICY_STEP_STATE_DONE"

waitunion

optional

commentOnFirstWaitstringcommentOnTimeoutstringconditionunionnamestringskippedunionstartedWaitingAtstringstateunionsucceededuniontimedOutuniontimeoutstringtimeoutDurationstringWait | null

Used by the policy engine to describe an instantiated wait step.

This message contains a oneof named until. Only a single field of the following list may be set at a time:

• condition

This message contains a oneof named outcome. Only a single field of the following list may be set at a time:

• succeeded
• timedOut
• skipped

Hide ParametersShow Parameters

commentOnFirstWaitstring

optional

The comment to post on first failed check.

commentOnTimeoutstring

optional

The comment to post if we timeout.

conditionunion

optional

conditionstringCondition | null

Used by the policy engine to describe an instantiated condition to wait on.

Hide ParametersShow Parameters

conditionstring

optional

The condition that has to be true for this wait condition instance to continue.

namestring

optional

The name field.

skippedunion

optional

newPolicyStepIdstringskippedAtstringuserIdstringSkippedAction | null

The SkippedAction object describes the outcome of a policy step that has been skipped.

startedWaitingAtstring

optional

formatdate-time

stateunion

optional

"WAIT_INSTANCE_STATE_UNSPECIFIED" | "WAIT_INSTANCE_STATE_WAITING" | "WAIT_INSTANCE_STATE_COMPLETED" | "WAIT_INSTANCE_STATE_TIMED_OUT"

The state field.

Hide ParametersShow Parameters

"WAIT_INSTANCE_STATE_UNSPECIFIED"

"WAIT_INSTANCE_STATE_WAITING"

"WAIT_INSTANCE_STATE_COMPLETED"

"WAIT_INSTANCE_STATE_TIMED_OUT"

succeededunion

optional

succeededAtstringSucceeded | null

The ConditionSucceeded message.

Hide ParametersShow Parameters

succeededAtstring

optional

formatdate-time

timedOutunion

optional

timedOutAtstringTimedOut | null

The ConditionTimedOut message.

Hide ParametersShow Parameters

timedOutAtstring

optional

formatdate-time

timeoutstring

optional

formatdate-time

timeoutDurationstring

optional

formatduration

Provision

Provision

The provision step references a provision policy for this step.

ShowShow

assignedboolean

optional

A field indicating whether this step is assigned.

provisionPolicyconnectoruniondelegatedunionexternalTicketunionmanualunionunconfiguredunknownwebhookunionC1APIPolicyV1ProvisionPolicy

optional

ProvisionPolicy is a oneOf that indicates how a provision step should be processed.

This message contains a oneof named typ. Only a single field of the following list may be set at a time:

• connector
• manual
• delegated
• webhook
• multiStep
• externalTicket
• unconfigured

provisionTargetappEntitlementIdstringappIdstringappUserIdstringgrantDurationstringProvisionTarget

optional

ProvisionTarget indicates the specific app, app entitlement, and if known, the app user and grant duration of this provision step

Hide ParametersShow Parameters

appEntitlementIdstring

optional

The app entitlement that should be provisioned.

appIdstring

optional

The app in which the entitlement should be provisioned

appUserIdstring

optional

The app user that should be provisioned. May be unset if the app user is unknown

grantDurationstring

optional

formatduration

Reassigned By Error Action

ReassignedByErrorAction

The ReassignedByErrorAction object describes the outcome of a policy step that has been reassigned because it had an error provisioning.

ShowShow

descriptionstring

optional

The description of the error with more details on why this was reassigned.

errorCodestring

optional

Additional information about the error, like http status codes or error messages from SDKs.

erroredAtstring

optional

formatdate-time

errorUserIdstring

optional

The UserID of the user who reassigned this due to an error. This will exclusively be the System's UserID.

newPolicyStepIdstring

optional

The ID of the policy step that was created by this reassignment.

reassignedAtstring

optional

formatdate-time

Skipped Action

SkippedAction

The SkippedAction object describes the outcome of a policy step that has been skipped.

ShowShow

newPolicyStepIdstring

optional

The ID of the policy step that was created as a result of this skipping.

skippedAtstring

optional

formatdate-time

userIdstring

optional

The UserID of the user who skipped this step.

Task Grant Source

TaskGrantSource

The TaskGrantSource message tracks which external URL was the source of the specificed grant ticket.

ShowShow

externalUrlstring

optional

The external url source of the grant ticket.

integrationIdstring

optional

The integration id for the source of tickets.

requestIdstring

optional

the request id for the grant ticket if the source is external

Task View

TaskView

Contains a task and JSONPATH expressions that describe where in the expanded array related objects are located. This view can be used to display a fully-detailed dashboard of task information.

ShowShow

accessReviewPathstring

optional

JSONPATH expression indicating the location of the AccessReview object in the expanded array

appPathstring

optional

JSONPATH expression indicating the location of the App object in the expanded array

appUserPathstring

optional

JSONPATH expression indicating the location of the AppUser object in the expanded array

createdByUserPathstring

optional

JSONPATH expression indicating the location of the object of the User that created the ticket in the expanded array

entitlementsPathstring

optional

JSONPATH expression indicating the location of the Entitlements objects in the expanded array

identityUserPathstring

optional

JSONPATH expression indicating the location of the User object of the User that this task is targeting in the expanded array. This is the user that is the identity when the target of a task is an app user.

insightsPathstring

optional

JSONPATH expression indicating the location of the Insights objects in the expanded array

stepApproversPathstring

optional

JSONPATH expression indicating the location of the StepApproverUsers objects in the expanded array

taskidstringactionsunionanalysisIdstringannotationsunioncommentCountnumbercreatedAtstringcreatedByUserIdstringdeletedAtstringdescriptionstringdisplayNamestringemergencyAccessbooleanexternalRefsunioninsightIdsunionnumericIdstringoriginunionpolicyPolicypolicyGenerationIdstringprocessingunionrecommendationunionstateunionstepApproverIdsuniontypeTaskTypeupdatedAtstringuserIdstringTask

optional

A fully-fleged task object. Includes its policy, references to external apps, its type, its processing history, and more.

Hide ParametersShow Parameters

idstring

optional

The ID of the task.

actionsunion

optional

Array<"TASK_ACTION_TYPE_UNSPECIFIED" | "TASK_ACTION_TYPE_CLOSE" | "TASK_ACTION_TYPE_APPROVE" | 21 more> | null

The actions that can be performed on the task by the current user.

Hide ParametersShow Parameters

"TASK_ACTION_TYPE_UNSPECIFIED"

"TASK_ACTION_TYPE_CLOSE"

"TASK_ACTION_TYPE_APPROVE"

"TASK_ACTION_TYPE_DENY"

"TASK_ACTION_TYPE_COMMENT"

"TASK_ACTION_TYPE_DELETE"

"TASK_ACTION_TYPE_REASSIGN"

"TASK_ACTION_TYPE_RESTART"

"TASK_ACTION_TYPE_SEND_REMINDER"

"TASK_ACTION_TYPE_PROVISION_COMPLETE"

"TASK_ACTION_TYPE_PROVISION_CANCELLED"

"TASK_ACTION_TYPE_PROVISION_ERRORED"

"TASK_ACTION_TYPE_ROLLBACK_SKIPPED"

"TASK_ACTION_TYPE_PROVISION_APP_USER_TARGET_CREATED"

"TASK_ACTION_TYPE_HARD_RESET"

"TASK_ACTION_TYPE_ESCALATE_TO_EMERGENCY_ACCESS"

"TASK_ACTION_TYPE_CHANGE_POLICY"

"TASK_ACTION_TYPE_RECALCULATE_DENIAL_FROM_BASE_POLICY_DECISIONS"

"TASK_ACTION_TYPE_SET_INSIGHTS_AND_RECOMMENDATION"

"TASK_ACTION_TYPE_SET_ANALYSIS_ID"

"TASK_ACTION_TYPE_RECALCULATE_APPROVERS_LIST"

"TASK_ACTION_TYPE_PROCESS_NOW"

"TASK_ACTION_TYPE_APPROVE_WITH_STEP_UP"

"TASK_ACTION_TYPE_SKIP_STEP"

analysisIdstring

optional

The ID of the analysis object associated with this task created by an analysis workflow if the analysis feature is enabled for your tenant.

annotationsunion

optional

Array<Annotation> | null

An array of google.protobuf.Any annotations with various base64-encoded data.

Hide ParametersShow Parameters

@typestring

optional

The type of the serialized message.

commentCountnumber

optional

The count of comments.

formatint32

createdAtstring

optional

formatdate-time

createdByUserIdstring

optional

The ID of the user that is the creator of this task. This may not always match the userId field.

deletedAtstring

optional

formatdate-time

descriptionstring

optional

The description of the task. This is also known as justification.

displayNamestring

optional

The display name of the task.

emergencyAccessboolean

optional

A field indicating whether this task was created using an emergency access flow, or escalated to emergency access. On task creation, it will also use the app entitlement's emergency policy when possible.

externalRefsunion

optional

Array<ExternalRef> | null

An array of external references to the task. Historically that has been items like Jira task IDs. This is currently unused, but may come back in the future for integrations.

Hide ParametersShow Parameters

externalRefSourceunion

optional

"UNSPECIFIED" | "JIRA"

The source of the external reference.

Hide ParametersShow Parameters

"UNSPECIFIED"

"JIRA"

namestring

optional

The name of the external reference.

urlstring

optional

The URL to the external reference.

insightIdsunion

optional

Array<string> | null

The insightIds field.

numericIdstring

optional

A human-usable numeric ID of a task which can be included in place of the fully qualified task id in path parmeters (but not search queries).

formatint64

originunion

optional

"TASK_ORIGIN_UNSPECIFIED" | "TASK_ORIGIN_PROFILE_MEMBERSHIP_AUTOMATION" | "TASK_ORIGIN_SLACK" | 6 more

The origin field.

Hide ParametersShow Parameters

"TASK_ORIGIN_UNSPECIFIED"

"TASK_ORIGIN_PROFILE_MEMBERSHIP_AUTOMATION"

"TASK_ORIGIN_SLACK"

"TASK_ORIGIN_API"

"TASK_ORIGIN_JIRA"

"TASK_ORIGIN_COPILOT"

"TASK_ORIGIN_WEBAPP"

"TASK_ORIGIN_TIME_REVOKE"

"TASK_ORIGIN_NON_USAGE_REVOKE"

policycurrentPolicyStepInstancehistoryunionnextunionpolicyPolicyPolicy

optional

A policy instance is an object that contains a reference to the policy it was created from, the currently executing step, the next steps, and the history of previously completed steps.

Hide ParametersShow Parameters

currentidstringacceptunionapprovalunionpolicyGenerationIdstringprovisionunionrejectunionstateunionwaitunionPolicyStepInstance

optional

The policy step instance includes a reference to an instance of a policy step that tracks state and has a unique ID.

This message contains a oneof named instance. Only a single field of the following list may be set at a time:

• approval
• provision
• accept
• reject
• wait

historyunion

optional

Array<idstringacceptunionapprovalunionpolicyGenerationIdstringprovisionunionrejectunionstateunionwaitunionPolicyStepInstance> | null

An array of steps that were previously processed by the ticket with their outcomes set, in order.

Hide ParametersShow Parameters

idstring

optional

The ID of the PolicyStepInstance. This is required by many action submission endpoints to indicate what step you're approving.

acceptunion

optional

acceptMessagestringAccept | null

This policy step indicates that a ticket should have an approved outcome. This is a terminal approval state and is used to explicitly define the end of approval steps. The instance is just a marker for it being copied into an active policy.

Hide ParametersShow Parameters

acceptMessagestring

optional

An optional message to include in the comments when a task is automatically accepted.

approvalunion

optional

approvalunionapproveduniondeniedunionescalationInstanceEscalationInstancereassignedunionreassignedByErrorunionrestartedunionskippedunionstateunionApprovalInstance | null

The approval instance object describes the way a policy step should be approved as well as its outcomes and state.

This message contains a oneof named outcome. Only a single field of the following list may be set at a time:

• approved
• denied
• reassigned
• restarted
• reassignedByError
• skipped

policyGenerationIdstring

optional

The policy generation id refers to the version of the policy that this step was created from.

provisionunion

optional

cancelledunioncompletedunionerroredunionexternalTicketIdstringexternalTicketProvisionerConfigIdstringnotificationIdstringprovisionunionreassignedByErrorunionskippedunionstateunionwebhookIdstringwebhookInstanceIdstringProvision | null

A provision instance describes the specific configuration of an executing provision policy step including actions taken and notification id.

This message contains a oneof named outcome. Only a single field of the following list may be set at a time:

• completed
• cancelled
• errored
• reassignedByError
• skipped

Hide ParametersShow Parameters

cancelledunion

optional

cancelledAtstringcancelledByUserIdstringCancelled | null

The outcome of a provision instance that is cancelled.

Hide ParametersShow Parameters

cancelledAtstring

optional

formatdate-time

cancelledByUserIdstring

optional

The userID, usually the system, that cancells a provision instance.

completedunion

optional

completedAtstringentitlementsunionuserIdstringCompleted | null

The outcome of a provision instance that has been completed succesfully.

Hide ParametersShow Parameters

completedAtstring

optional

formatdate-time

entitlementsunion

optional

Array<appEntitlementIdstringappIdstringAppEntitlementReference> | null

The list of entitlements that were provisioned. This is leftover from an older design, and is only ever going to be a single entitlement.

Hide ParametersShow Parameters

appEntitlementIdstring

optional

The ID of the Entitlement.

appIdstring

optional

The ID of the App this entitlement belongs to.

userIdstring

optional

The UserID of who completed provisioning. For connector provisioning this is the system user id, for manual provisioning this is who clicked "provision complete"

erroredunion

optional

descriptionstringerrorCodestringerroredAtstringErrored | null

The outcome of a provision instance that has errored.

Hide ParametersShow Parameters

descriptionstring

optional

The description of a provision instance that has errored.

errorCodestring

optional

The error code of a provision instance that has errored. This is only PEC-1 for now, but more will be added in the future.

erroredAtstring

optional

formatdate-time

externalTicketIdstring

optional

This indicates the external ticket id for this step.

externalTicketProvisionerConfigIdstring

optional

This indicates the external ticket provisioner config id for this step.

notificationIdstring

optional

This indicates the notification id for this step.

provisionunion

optional

assignedbooleanprovisionPolicyC1APIPolicyV1ProvisionPolicyprovisionTargetProvisionTargetProvision | null

The provision step references a provision policy for this step.

reassignedByErrorunion

optional

descriptionstringerrorCodestringerroredAtstringerrorUserIdstringnewPolicyStepIdstringreassignedAtstringReassignedByErrorAction | null

The ReassignedByErrorAction object describes the outcome of a policy step that has been reassigned because it had an error provisioning.

skippedunion

optional

newPolicyStepIdstringskippedAtstringuserIdstringSkippedAction | null

The SkippedAction object describes the outcome of a policy step that has been skipped.

stateunion

optional

"PROVISION_INSTANCE_STATE_UNSPECIFIED" | "PROVISION_INSTANCE_STATE_INIT" | "PROVISION_INSTANCE_STATE_CREATE_CONNECTOR_ACTIONS_FOR_TARGET" | 7 more

This property indicates the current state of this step.

Hide ParametersShow Parameters

"PROVISION_INSTANCE_STATE_UNSPECIFIED"

"PROVISION_INSTANCE_STATE_INIT"

"PROVISION_INSTANCE_STATE_CREATE_CONNECTOR_ACTIONS_FOR_TARGET"

"PROVISION_INSTANCE_STATE_SENDING_NOTIFICATIONS"

"PROVISION_INSTANCE_STATE_WAITING"

"PROVISION_INSTANCE_STATE_WEBHOOK"

"PROVISION_INSTANCE_STATE_WEBHOOK_WAITING"

"PROVISION_INSTANCE_STATE_EXTERNAL_TICKET"

"PROVISION_INSTANCE_STATE_EXTERNAL_TICKET_WAITING"

"PROVISION_INSTANCE_STATE_DONE"

webhookIdstring

optional

This indicates the webhook id for this step.

webhookInstanceIdstring

optional

This indicates the webhook instance id for this step.

rejectunion

optional

rejectMessagestringReject | null

This policy step indicates that a ticket should have a denied outcome. This is a terminal approval state and is used to explicitly define the end of approval steps. The instance is just a marker for it being copied into an active policy.

Hide ParametersShow Parameters

rejectMessagestring

optional

An optional message to include in the comments when a task is automatically rejected.

stateunion

optional

"POLICY_STEP_STATE_UNSPECIFIED" | "POLICY_STEP_STATE_ACTIVE" | "POLICY_STEP_STATE_DONE"

The state of the step, which is either active or done.

Hide ParametersShow Parameters

"POLICY_STEP_STATE_UNSPECIFIED"

"POLICY_STEP_STATE_ACTIVE"

"POLICY_STEP_STATE_DONE"

waitunion

optional

commentOnFirstWaitstringcommentOnTimeoutstringconditionunionnamestringskippedunionstartedWaitingAtstringstateunionsucceededuniontimedOutuniontimeoutstringtimeoutDurationstringWait | null

Used by the policy engine to describe an instantiated wait step.

This message contains a oneof named until. Only a single field of the following list may be set at a time:

• condition

This message contains a oneof named outcome. Only a single field of the following list may be set at a time:

• succeeded
• timedOut
• skipped

Hide ParametersShow Parameters

commentOnFirstWaitstring

optional

The comment to post on first failed check.

commentOnTimeoutstring

optional

The comment to post if we timeout.

conditionunion

optional

conditionstringCondition | null

Used by the policy engine to describe an instantiated condition to wait on.

Hide ParametersShow Parameters

conditionstring

optional

The condition that has to be true for this wait condition instance to continue.

namestring

optional

The name field.

skippedunion

optional

newPolicyStepIdstringskippedAtstringuserIdstringSkippedAction | null

The SkippedAction object describes the outcome of a policy step that has been skipped.

startedWaitingAtstring

optional

formatdate-time

stateunion

optional

"WAIT_INSTANCE_STATE_UNSPECIFIED" | "WAIT_INSTANCE_STATE_WAITING" | "WAIT_INSTANCE_STATE_COMPLETED" | "WAIT_INSTANCE_STATE_TIMED_OUT"

The state field.

Hide ParametersShow Parameters

"WAIT_INSTANCE_STATE_UNSPECIFIED"

"WAIT_INSTANCE_STATE_WAITING"

"WAIT_INSTANCE_STATE_COMPLETED"

"WAIT_INSTANCE_STATE_TIMED_OUT"

succeededunion

optional

succeededAtstringSucceeded | null

The ConditionSucceeded message.

Hide ParametersShow Parameters

succeededAtstring

optional

formatdate-time

timedOutunion

optional

timedOutAtstringTimedOut | null

The ConditionTimedOut message.

Hide ParametersShow Parameters

timedOutAtstring

optional

formatdate-time

timeoutstring

optional

formatdate-time

timeoutDurationstring

optional

formatduration

nextunion

optional

Array<acceptunionapprovalunionprovisionunionrejectunionwaitunionC1APIPolicyV1PolicyStep> | null

An array of steps that will be processed by the ticket, in order.

Hide ParametersShow Parameters

acceptunion

optional

acceptMessagestringC1APIPolicyV1Accept | null

This policy step indicates that a ticket should have an approved outcome. This is a terminal approval state and is used to explicitly define the end of approval steps.

approvalunion

optional

agentunionallowedReassigneesunionallowReassignmentbooleanappOwnersunionassignedbooleanentitlementOwnersunionescalationEscalationescalationEnabledbooleanexpressionuniongroupunionmanagerunionrequireApprovalReasonbooleanrequireDenialReasonbooleanrequireReassignmentReasonbooleanrequiresStepUpProviderIdstringresourceOwnersunionselfunionusersunionwebhookunionApproval | null

The Approval message.

This message contains a oneof named typ. Only a single field of the following list may be set at a time:

• users
• manager
• appOwners
• group
• self
• entitlementOwners
• expression
• webhook
• resourceOwners
• agent

provisionunion

optional

assignedbooleanprovisionPolicyC1APIPolicyV1ProvisionPolicyprovisionTargetProvisionTargetProvision | null

The provision step references a provision policy for this step.

rejectunion

optional

rejectMessagestringC1APIPolicyV1Reject | null

This policy step indicates that a ticket should have a denied outcome. This is a terminal approval state and is used to explicitly define the end of approval steps.

waitunion

optional

commentOnFirstWaitstringcommentOnTimeoutstringconditionunionnamestringtimeoutDurationstringC1APIPolicyV1Wait | null

Define a Wait step for a policy to wait on a condition to be met.

This message contains a oneof named until. Only a single field of the following list may be set at a time:

• condition

policyidstringcreatedAtstringdeletedAtstringdescriptionstringdisplayNamestringpolicyStepsRecord<string, PolicySteps>policyTypeunionpostActionsunionreassignTasksToDelegatesbooleanrulesunionsystemBuiltinbooleanupdatedAtstringPolicy

optional

A policy describes the behavior of the ConductorOne system when processing a task. You can describe the type, approvers, fallback behavior, and escalation processes.

policyGenerationIdstring

optional

The policy generation id refers to the current policy's generation ID. This is changed when the policy is changed on a task.

processingunion

optional

"TASK_PROCESSING_TYPE_UNSPECIFIED" | "TASK_PROCESSING_TYPE_PROCESSING" | "TASK_PROCESSING_TYPE_WAITING" | "TASK_PROCESSING_TYPE_DONE"

The processing state of a task as defined by the processing_enum

Hide ParametersShow Parameters

"TASK_PROCESSING_TYPE_UNSPECIFIED"

"TASK_PROCESSING_TYPE_PROCESSING"

"TASK_PROCESSING_TYPE_WAITING"

"TASK_PROCESSING_TYPE_DONE"

recommendationunion

optional

"INSIGHT_RECOMMENDATION_UNSPECIFIED" | "INSIGHT_RECOMMENDATION_APPROVE" | "INSIGHT_RECOMMENDATION_DENY" | "INSIGHT_RECOMMENDATION_REVIEW"

The recommendation field.

Hide ParametersShow Parameters

"INSIGHT_RECOMMENDATION_UNSPECIFIED"

"INSIGHT_RECOMMENDATION_APPROVE"

"INSIGHT_RECOMMENDATION_DENY"

"INSIGHT_RECOMMENDATION_REVIEW"

stateunion

optional

"TASK_STATE_UNSPECIFIED" | "TASK_STATE_OPEN" | "TASK_STATE_CLOSED"

The current state of the task as defined by the state_enum

Hide ParametersShow Parameters

"TASK_STATE_UNSPECIFIED"

"TASK_STATE_OPEN"

"TASK_STATE_CLOSED"

stepApproverIdsunion

optional

Array<string> | null

An array of IDs belonging to Identity Users that are allowed to review this step in a task.

typecertifyuniongrantunionoffboardingunionrevokeunionTaskType

optional

Task Type provides configuration for the type of task: certify, grant, or revoke

This message contains a oneof named task_type. Only a single field of the following list may be set at a time:

• grant
• revoke
• certify
• offboarding

updatedAtstring

optional

formatdate-time

userIdstring

optional

The ID of the user that is the target of this task. This may be empty if we're targeting a specific app user that has no known identity user.

userPathstring

optional

JSONPATH expression indicating the location of the User object in the expanded array. This is the user that is a direct target of the ticket without a specific relationship to a potentially non-existent app user.

TasksAction

Approve

client.tasks.action.approve(stringtaskID, ActionApproveParamsbody, RequestOptionsoptions?): expandeduniontaskViewTaskViewticketActionIdstringActionApproveResponse

post/api/v1/tasks/{task_id}/action/approve

Approve With Step Up

client.tasks.action.approveWithStepUp(stringtaskID, ActionApproveWithStepUpParamsbody, RequestOptionsoptions?): expandedunionredirectUrlstringtaskViewTaskViewticketActionIdstringActionApproveWithStepUpResponse

post/api/v1/tasks/{task_id}/action/approve-with-step-up

Close

client.tasks.action.close(stringtaskID, ActionCloseParamsbody?, RequestOptionsoptions?): expandeduniontaskActionIdstringtaskViewTaskViewActionCloseResponse

post/api/v1/tasks/{task_id}/action/close

Comment

client.tasks.action.comment(stringtaskID, ActionCommentParamsbody?, RequestOptionsoptions?): expandeduniontaskViewTaskViewActionCommentResponse

post/api/v1/tasks/{task_id}/action/comment

Deny

client.tasks.action.deny(stringtaskID, ActionDenyParamsbody?, RequestOptionsoptions?): expandeduniontaskViewTaskViewticketActionIdstringActionDenyResponse

post/api/v1/tasks/{task_id}/action/deny

Escalate To Emergency Access

client.tasks.action.escalate(stringtaskID, ActionEscalateParamsbody?, RequestOptionsoptions?): expandeduniontaskViewTaskViewticketActionIdstringTaskServiceActionResponse

post/api/v1/tasks/{task_id}/action/escalate

Hard Reset

client.tasks.action.hardReset(stringtaskID, ActionHardResetParamsbody?, RequestOptionsoptions?): expandeduniontaskViewTaskViewticketActionIdstringActionHardResetResponse

post/api/v1/tasks/{task_id}/action/reset

Process Now

client.tasks.action.processNow(stringtaskID, ActionProcessNowParamsbody?, RequestOptionsoptions?): expandeduniontaskViewTaskViewActionProcessNowResponse

post/api/v1/tasks/{task_id}/action/process

Reassign

client.tasks.action.reassign(stringtaskID, ActionReassignParamsbody?, RequestOptionsoptions?): expandeduniontaskViewTaskViewticketActionIdstringActionReassignResponse

post/api/v1/tasks/{task_id}/action/reassign

Restart

client.tasks.action.restart(stringtaskID, ActionRestartParamsbody?, RequestOptionsoptions?): expandeduniontaskViewTaskViewticketActionIdstringActionRestartResponse

post/api/v1/tasks/{task_id}/action/restart

Skip Step

client.tasks.action.skipStep(stringtaskID, ActionSkipStepParamsbody, RequestOptionsoptions?): expandeduniontaskViewTaskViewticketActionIdstringTaskServiceActionResponse

post/api/v1/tasks/{task_id}/action/skip-step

Task Service Action Response

TaskServiceActionResponse

The TaskServiceActionResponse message.

ShowShow

expandedunion

optional

Array<Expanded> | null

The expanded field.

Hide ParametersShow Parameters

@typestring

optional

The type of the serialized message.

taskViewaccessReviewPathstringappPathstringappUserPathstringcreatedByUserPathstringentitlementsPathstringidentityUserPathstringinsightsPathstringstepApproversPathstringtaskTaskuserPathstringTaskView

optional

Contains a task and JSONPATH expressions that describe where in the expanded array related objects are located. This view can be used to display a fully-detailed dashboard of task information.

ticketActionIdstring

optional

The ticketActionId field.