UNPKG

@maccuaa/intellitrust-admin-sdk

Version:
1,538 lines 459 kB
import { AxiosRequestConfig } from 'axios'; import { BaseAPI } from './base'; /** * Information about an audit event returned when querying audit events. * @export * @interface AccountAuditEvent */ export interface AccountAuditEvent { /** * The UUID of the account containing this audit event. * @type {string} * @memberof AccountAuditEvent */ 'accountId'?: string; /** * * @type {AuditDetails} * @memberof AccountAuditEvent */ 'auditDetails'?: AuditDetails; /** * For a management event, the action that was performed. * @type {string} * @memberof AccountAuditEvent */ 'entityAction'?: string; /** * For a management event, the UUID of the entity that was acted upon. * @type {string} * @memberof AccountAuditEvent */ 'entityId'?: string; /** * For a management event, the name of the entity that was acted upon. * @type {string} * @memberof AccountAuditEvent */ 'entityName'?: string; /** * For a management event, the entity type that was acted upon. * @type {string} * @memberof AccountAuditEvent */ 'entityType'?: string; /** * The category of the event. Values are AUTHENTICATION or MANAGEMENT. * @type {string} * @memberof AccountAuditEvent */ 'eventCategory'?: AccountAuditEventEventCategoryEnum; /** * The outcome of the event. Values are success or fail. * @type {string} * @memberof AccountAuditEvent */ 'eventOutcome'?: AccountAuditEventEventOutcomeEnum; /** * The time of this event. * @type {string} * @memberof AccountAuditEvent */ 'eventTime': string; /** * The type of the event. * @type {string} * @memberof AccountAuditEvent */ 'eventType'?: string; /** * Version information for future use. * @type {string} * @memberof AccountAuditEvent */ 'eventVersion'?: string; /** * The UUID of this audit event. * @type {string} * @memberof AccountAuditEvent */ 'id'?: string; /** * A message key describing the event. * @type {string} * @memberof AccountAuditEvent */ 'message'?: string; /** * The permission used for a management event. * @type {string} * @memberof AccountAuditEvent */ 'requiredPermission'?: string; /** * The UUID of the resource associated with the event. For example the UUID of the application to which a user is authenticating. * @type {string} * @memberof AccountAuditEvent */ 'resourceId'?: string; /** * The name of the resource. * @type {string} * @memberof AccountAuditEvent */ 'resourceName'?: string; /** * A UUID of the service provider role used for a management event. * @type {string} * @memberof AccountAuditEvent */ 'serviceProviderAdminRoleId'?: string; /** * The name of the service provider role. * @type {string} * @memberof AccountAuditEvent */ 'serviceProviderAdminRoleName'?: string; /** * The IP address of the client performing this event. * @type {string} * @memberof AccountAuditEvent */ 'sourceIp'?: string; /** * The UUID of the subject that performed this event. For administration events the subject will be the administrator or administration API application that performed the event. For authentication events the subject will be the user that performed the authentication. * @type {string} * @memberof AccountAuditEvent */ 'subject'?: string; /** * The name of the subject that performed this event. For users the value will be the user\'s user Id. For administration API applications, the value will be the application\'s name. * @type {string} * @memberof AccountAuditEvent */ 'subjectName'?: string; /** * The type of the subject that performed this event. Values are USER or ADMIN_API. * @type {string} * @memberof AccountAuditEvent */ 'subjectType'?: AccountAuditEventSubjectTypeEnum; /** * The UUID of the subscriber/site management role used for a management event. * @type {string} * @memberof AccountAuditEvent */ 'subscriberAdminRoleId'?: string; /** * The name of the subscriber/site management role. * @type {string} * @memberof AccountAuditEvent */ 'subscriberAdminRoleName'?: string; /** * Information about what authenticator was used for an authentication event. * @type {string} * @memberof AccountAuditEvent */ 'token'?: string; } export declare const AccountAuditEventEventCategoryEnum: { readonly Authentication: "AUTHENTICATION"; readonly Management: "MANAGEMENT"; readonly Issuance: "ISSUANCE"; }; export type AccountAuditEventEventCategoryEnum = typeof AccountAuditEventEventCategoryEnum[keyof typeof AccountAuditEventEventCategoryEnum]; export declare const AccountAuditEventEventOutcomeEnum: { readonly Success: "SUCCESS"; readonly Fail: "FAIL"; }; export type AccountAuditEventEventOutcomeEnum = typeof AccountAuditEventEventOutcomeEnum[keyof typeof AccountAuditEventEventOutcomeEnum]; export declare const AccountAuditEventSubjectTypeEnum: { readonly User: "USER"; readonly AdminApi: "ADMIN_API"; readonly ServiceProvider: "SERVICE_PROVIDER"; readonly Agent: "AGENT"; }; export type AccountAuditEventSubjectTypeEnum = typeof AccountAuditEventSubjectTypeEnum[keyof typeof AccountAuditEventSubjectTypeEnum]; /** * The active entitlements applicable to the subscriber. * @export * @interface AccountEntitlement */ export interface AccountEntitlement { /** * * @type {SmsVoice} * @memberof AccountEntitlement */ 'smsVoice'?: SmsVoice; /** * * @type {UserEntitlement} * @memberof AccountEntitlement */ 'users'?: UserEntitlement; } /** * Account subscriber. * @export * @interface AccountInfo */ export interface AccountInfo { /** * The ISO-3166-1 code of the country the company is located in. * @type {string} * @memberof AccountInfo */ 'companyCountry'?: string; /** * The name of the company the account belongs to. * @type {string} * @memberof AccountInfo */ 'companyName': string; /** * The ISO-3166-2 code for the state/province the company is located in. * @type {string} * @memberof AccountInfo */ 'companyState'?: string; /** * Whether or not the legal agreement has been acknowledged for the account. * @type {boolean} * @memberof AccountInfo */ 'legalAcknowledged'?: boolean; } /** * New account information. * @export * @interface AccountInfoParms */ export interface AccountInfoParms { /** * The name of the company the account belongs to. The value must be between 1 and 100 characters. * @type {string} * @memberof AccountInfoParms */ 'companyName'?: string; /** * Whether or not the legal agreement has been acknowledged for the account. This value can only be changed from false to true. * @type {boolean} * @memberof AccountInfoParms */ 'legalAcknowledged'?: boolean; } /** * The acrs associated with this resource rule if acrFilter is set to SPECIFIC. The resource rule will only apply if a requested acr is one of the specified acrs. * @export * @interface Acr */ export interface Acr { /** * The unique UUID assigned to the acr when it is created. * @type {string} * @memberof Acr */ 'id': string; /** * The name of the acr. * @type {string} * @memberof Acr */ 'name'?: string; /** * A flag indicating if the authentication flow can be modified or deleted. * @type {boolean} * @memberof Acr */ 'readOnly'?: boolean; /** * List of resource rule names using the acr. * @type {Array<string>} * @memberof Acr */ 'resourceRules'?: Array<string>; } /** * Parameters defining the new acr. * @export * @interface AcrParms */ export interface AcrParms { /** * The name of the acr. * @type {string} * @memberof AcrParms */ 'name': string; } /** * Parameters for the activation completion including the registration code. * @export * @interface ActivateCompleteParms */ export interface ActivateCompleteParms { /** * The registration code displayed by the Mobile ST application needed to complete activation of the token. * @type {string} * @memberof ActivateCompleteParms */ 'registrationCode'?: string; } /** * Optional parameters specifying how the token is to be activated. If not specified, all activation types are used, the QR code is returned and the activation email is sent. * @export * @interface ActivateParms */ export interface ActivateParms { /** * A flag indicating if Identity as a Service should send an activation email including the activation information to the end user. If not specified, this attribute defaults to false. * @type {boolean} * @memberof ActivateParms */ 'deliverActivationEmail'?: boolean; /** * A flag indicating if the QR code for offline activation is returned. The link encoded in the QR code is always returned for clients that want to encode their own QR code. If not specified, this attribute defaults to false. * @type {boolean} * @memberof ActivateParms */ 'returnQRCode'?: boolean; /** * The Base32-encoded secret of the token. If provided, IDaaS will use this value as the token seed and activate the token. This value is only supported for Google Authenticator. Value must contain at least 10 bytes and must not exceed 64 bytes. * @type {string} * @memberof ActivateParms */ 'secret'?: string; /** * The list of activation types that will be performed. Allowed values are: CLASSIC (return activation values that must be manually entered into the mobile application), ONLINE (return a link that when clicked will launch the mobile application) and OFFLINE (return a QR code that can be scanned by the mobile application). If no values are specified in the list, then all activation types are performed. * @type {Array<string>} * @memberof ActivateParms */ 'type'?: Array<ActivateParmsTypeEnum>; } export declare const ActivateParmsTypeEnum: { readonly Classic: "CLASSIC"; readonly Online: "ONLINE"; readonly Offline: "OFFLINE"; }; export type ActivateParmsTypeEnum = typeof ActivateParmsTypeEnum[keyof typeof ActivateParmsTypeEnum]; /** * The result of a token activate operation. * @export * @interface ActivateResult */ export interface ActivateResult { /** * The activation address for the token. This value should be entered into the Mobile ST application if you want to perform manual activaiton. * @type {string} * @memberof ActivateResult */ 'activationAddress'?: string; /** * The activation code for the token. This value should be entered into the Mobile ST application if you want to perform manual activation * @type {string} * @memberof ActivateResult */ 'activationCode'?: string; /** * The HTTP activation URL. Clicking on this URL on your mobile device will redirect you to the Mobile ST application to perform activation. * @type {string} * @memberof ActivateResult */ 'activationOnlineHttpURL'?: string; /** * The application specific activation URL. Clicking on this URL on your mobile device will launch the Mobile ST application to perform activation. * @type {string} * @memberof ActivateResult */ 'activationOnlineURL'?: string; /** * If the Mobile ST prompts you to enter an activation password during activation, this attribute is the password you must enter. * @type {string} * @memberof ActivateResult */ 'activationPassword'?: string; /** * The base-64 encoded activation QR code. This QR code can be scanned by the Mobile ST application to perform activation. * @type {string} * @memberof ActivateResult */ 'activationQRCode'?: string; /** * The URL encoded in the activation QR code. * @type {string} * @memberof ActivateResult */ 'activationURL'?: string; /** * The serial number of the token. * @type {string} * @memberof ActivateResult */ 'serialNumber'?: string; } /** * Parameters for the smart credential activation. * @export * @interface ActivateSmartCredentialParms */ export interface ActivateSmartCredentialParms { /** * A map which consists of additional attributes and values to be used for smart credential encoding. Currently the only value that is supported is the value with name \"photo\" where the value is a Base-64 encoded JPEG or PNG image or a data URL of the form \"data:image/<type>;base64,&lt;data&gt;\" where <type> is jpeg or png and &lt;data&gt; is a Base-64 encoded JPEG or PNG image. * @type {{ [key: string]: string; }} * @memberof ActivateSmartCredentialParms */ 'additionalUserInfo'?: { [key: string]: string; }; /** * A flag indicating if the activation email should be delivered to the user. If not set, it defaults to false. * @type {boolean} * @memberof ActivateSmartCredentialParms */ 'deliverActivationEmail'?: boolean; /** * A flag indicating if the target is mobile smart credential. * @type {boolean} * @memberof ActivateSmartCredentialParms */ 'mobile'?: boolean; /** * A list of which activation types (LINK or QRCODE) should use a random password to encrypt the activation information. If the list is null or empty, QRCODE activation will require a password and LINK will not. * @type {Array<string>} * @memberof ActivateSmartCredentialParms */ 'requirePassword'?: Array<ActivateSmartCredentialParmsRequirePasswordEnum>; /** * A list of activation types (LINK or QRCODE) to perform. If the list is null or empty, all activation types are performed * @type {Array<string>} * @memberof ActivateSmartCredentialParms */ 'type'?: Array<ActivateSmartCredentialParmsTypeEnum>; } export declare const ActivateSmartCredentialParmsRequirePasswordEnum: { readonly Link: "LINK"; readonly Qrcode: "QRCODE"; }; export type ActivateSmartCredentialParmsRequirePasswordEnum = typeof ActivateSmartCredentialParmsRequirePasswordEnum[keyof typeof ActivateSmartCredentialParmsRequirePasswordEnum]; export declare const ActivateSmartCredentialParmsTypeEnum: { readonly Link: "LINK"; readonly Qrcode: "QRCODE"; }; export type ActivateSmartCredentialParmsTypeEnum = typeof ActivateSmartCredentialParmsTypeEnum[keyof typeof ActivateSmartCredentialParmsTypeEnum]; /** * Information returned from the activate smart credential operation. * @export * @interface ActivateSmartCredentialResult */ export interface ActivateSmartCredentialResult { /** * If either the QR Code URL or the Link URL were password protected, the password needed to unprotect them. * @type {string} * @memberof ActivateSmartCredentialResult */ 'activationPassword'?: string; /** * The HTTP version of the link activation URL * @type {string} * @memberof ActivateSmartCredentialResult */ 'linkHttpURL'?: string; /** * The link activation URL * @type {string} * @memberof ActivateSmartCredentialResult */ 'linkURL'?: string; /** * Base-64 encoded activation QR Code * @type {string} * @memberof ActivateSmartCredentialResult */ 'qrCode'?: string; /** * The activation URL encoded into the QR Code * @type {string} * @memberof ActivateSmartCredentialResult */ 'qrCodeURL'?: string; } /** * Additional feature * @export * @interface AdditionalFeature */ export interface AdditionalFeature { /** * Enhanced geo location additional feature. * @type {boolean} * @memberof AdditionalFeature */ 'enhancedGeoLocation'?: boolean; } /** * Information returned when an Admin API application is fetched from Identity as a Service. * @export * @interface AdminApiApplication */ export interface AdminApiApplication { /** * Determines if the application can use a long-lived token for authentication. * @type {boolean} * @memberof AdminApiApplication */ 'allowLongLivedToken'?: boolean; /** * The name of the application template specific to this application type. * @type {string} * @memberof AdminApiApplication */ 'applicationTemplate': string; /** * Application template id specific to this application type. * @type {string} * @memberof AdminApiApplication */ 'applicationTemplateId'?: string; /** * Short description of application. * @type {string} * @memberof AdminApiApplication */ 'description'?: string; /** * Application ID. * @type {string} * @memberof AdminApiApplication */ 'id'?: string; /** * The UUID of the IP Addresses list. * @type {string} * @memberof AdminApiApplication */ 'ipListId'?: string; /** * Last successful authentication time to use administration api * @type {string} * @memberof AdminApiApplication */ 'lastAuthnDate'?: string; /** * Base64 encoded logo image. * @type {string} * @memberof AdminApiApplication */ 'logo'?: string; /** * Name of application. * @type {string} * @memberof AdminApiApplication */ 'name': string; /** * The UUID of the Site role to be associated with the API application. Pass an empty string value to unset the site role. * @type {string} * @memberof AdminApiApplication */ 'roleId'?: string; /** * Shared secret for application. * @type {string} * @memberof AdminApiApplication */ 'sharedSecret'?: string; /** * The UUID of the service provider role to be associated with the API application. Pass an empty string to unset the service provider role. * @type {string} * @memberof AdminApiApplication */ 'spRoleId'?: string; } /** * Parameters for the new application. * @export * @interface AdminApiApplicationParms */ export interface AdminApiApplicationParms { /** * Determines if a long-lived token is allowed in this application. * @type {boolean} * @memberof AdminApiApplicationParms */ 'allowLongLivedToken'?: boolean; /** * The UUID of the application template. This value is only used when creating a new application. If not specified, the default admininstration API template is used. * @type {string} * @memberof AdminApiApplicationParms */ 'applicationTemplateId'?: string; /** * Short description of application. * @type {string} * @memberof AdminApiApplicationParms */ 'description'?: string; /** * The UUID of the IP Addresses list. * @type {string} * @memberof AdminApiApplicationParms */ 'ipListId'?: string; /** * Base64 encoded logo image. * @type {string} * @memberof AdminApiApplicationParms */ 'logo'?: string; /** * Name of application. * @type {string} * @memberof AdminApiApplicationParms */ 'name': string; /** * The UUID of the Site role to be associated with the API application. Pass an empty string value to unset the site role. Either this value or spRoleId is required when creating the application. * @type {string} * @memberof AdminApiApplicationParms */ 'roleId'?: string; /** * The UUID of the service provider role to be associated with the API application. Pass an empty string to unset the service provider role. Either this value or roleId is required when creating the application. * @type {string} * @memberof AdminApiApplicationParms */ 'spRoleId'?: string; } /** * Parameters passed to authenticate to an Admin API application. * @export * @interface AdminApiAuthentication */ export interface AdminApiAuthentication { /** * Administration API application id * @type {string} * @memberof AdminApiAuthentication */ 'applicationId': string; /** * If set to true, a session cookie named INTELLITRUST_SESSION_ID is returned with the authentication response. This cookie must be returned with all subsequent requests. * @type {boolean} * @memberof AdminApiAuthentication */ 'enableWebSession'?: boolean; /** * Shared Secret * @type {string} * @memberof AdminApiAuthentication */ 'sharedSecret': string; } /** * * @export * @interface AdminApiAuthenticationResult */ export interface AdminApiAuthenticationResult { /** * Authorization token returned after a successful authentication. * @type {string} * @memberof AdminApiAuthenticationResult */ 'authToken'?: string; /** * Creation time of the authentication token. * @type {string} * @memberof AdminApiAuthenticationResult */ 'creationTime'?: string; /** * Expiry time of the authentication token. * @type {string} * @memberof AdminApiAuthenticationResult */ 'expirationTime'?: string; } /** * * @export * @interface ApplicationInfo */ export interface ApplicationInfo { /** * The template the application was created from. * @type {string} * @memberof ApplicationInfo */ 'applicationTemplate'?: string; /** * The UUID of the template the application was created from. * @type {string} * @memberof ApplicationInfo */ 'applicationTemplateId'?: string; /** * The application authentication method. * @type {string} * @memberof ApplicationInfo */ 'authenticationMethod'?: string; /** * The UUID of the application. * @type {string} * @memberof ApplicationInfo */ 'id'?: string; /** * The name of the application. * @type {string} * @memberof ApplicationInfo */ 'name'?: string; } /** * An ApplicationResourceRule defines the resource rules used by an application. * @export * @interface ApplicationResourceRule */ export interface ApplicationResourceRule { /** * The UUID of the application. * @type {string} * @memberof ApplicationResourceRule */ 'id'?: string; /** * The name of the application. * @type {string} * @memberof ApplicationResourceRule */ 'name'?: string; /** * List of resource rules associated to this application. * @type {Array<ResourceRuleNameId>} * @memberof ApplicationResourceRule */ 'resourceRules': Array<ResourceRuleNameId>; } /** * Information returned about an Identity as a Service application template. * @export * @interface ApplicationTemplate */ export interface ApplicationTemplate { /** * The type the application template. Possible values are SAML20, RADIUS, AAAS, IDG, OIDC, AUTHAPI, ADMINAPI, SIEMAPI. * @type {string} * @memberof ApplicationTemplate */ 'authenticationMethod': string; /** * The description of application template. * @type {string} * @memberof ApplicationTemplate */ 'description'?: string; /** * The UUID of the application template. * @type {string} * @memberof ApplicationTemplate */ 'id': string; /** * The name of the application template. * @type {string} * @memberof ApplicationTemplate */ 'name': string; } /** * Token assignment parameters including the user id or user alias of the user to which the token is to be assigned. * @export * @interface AssignParms */ export interface AssignParms { /** * When the assign operation is not being performed by an administrator, a token response from the token being assigned must be provided. * @type {string} * @memberof AssignParms */ 'response'?: string; /** * When assigning a token to a known user, this argument specifies the serial number of the token being assigned. * @type {string} * @memberof AssignParms */ 'serialNumber'?: string; /** * When assigning a token to a user this attribute optionally specifies the type of token to be assigned. It can be a value of OATH_PHYSICAL_TOKEN or ENTRUST_LEGACY_TOKEN. This attribute is only required if the serial number is not unique. * @type {string} * @memberof AssignParms */ 'tokenType'?: string; /** * When assigning a known token to a user, this argument specifies the user Id or user alias of the user to which the token will be assigned. * @type {string} * @memberof AssignParms */ 'userId'?: string; } /** * Arguments specifying the changes to the token. * @export * @interface AssignedTokenParms */ export interface AssignedTokenParms { /** * Optional label to identify an assigned token: a String up to 100 characters. * @type {string} * @memberof AssignedTokenParms */ 'label'?: string; } /** * Additional audit details that may be included with an audit event. * @export * @interface AuditDetails */ export interface AuditDetails { /** * A list of attributes when an entity is added or removed. * @type {Array<EntityAttribute>} * @memberof AuditDetails */ 'entityAttributes'?: Array<EntityAttribute>; /** * List of tokens referencing event attributes that can be used in the audit message. * @type {Array<string>} * @memberof AuditDetails */ 'messageTokens'?: Array<string>; /** * A list of attributes when an entity is modified. * @type {Array<ModifiedEntityAttribute>} * @memberof AuditDetails */ 'modifiedEntityAttributes'?: Array<ModifiedEntityAttribute>; } /** * Contains paging information and audit events. * @export * @interface AuditEventPage */ export interface AuditEventPage { /** * * @type {Paging} * @memberof AuditEventPage */ 'paging'?: Paging; /** * A single page from the list of audit events found. * @type {Array<AccountAuditEvent>} * @memberof AuditEventPage */ 'results': Array<AccountAuditEvent>; } /** * Information returned when an Auth. API application is fetched from Identity as a Service. * @export * @interface AuthApiApplication */ export interface AuthApiApplication { /** * Defines whether ignore ip address for rba will be allowed or not. * @type {boolean} * @memberof AuthApiApplication */ 'allowIgnoreIpAddressForRba'?: boolean; /** * Application template specific to this application type. * @type {string} * @memberof AuthApiApplication */ 'applicationTemplate': string; /** * Application template id specific to this application type. * @type {string} * @memberof AuthApiApplication */ 'applicationTemplateId'?: string; /** * Indicates the source of client IP address for risk analysis * @type {string} * @memberof AuthApiApplication */ 'clientIpSource'?: AuthApiApplicationClientIpSourceEnum; /** * Short description of application. * @type {string} * @memberof AuthApiApplication */ 'description'?: string; /** * Application id. * @type {string} * @memberof AuthApiApplication */ 'id'?: string; /** * Base64 encoded logo image. * @type {string} * @memberof AuthApiApplication */ 'logo'?: string; /** * Name of application. * @type {string} * @memberof AuthApiApplication */ 'name': string; /** * Flag indicating if passkey authentication is allowed for this application. This flag has been deprecated and is no longer used. * @type {boolean} * @memberof AuthApiApplication * @deprecated */ 'passkeyEnabled'?: boolean; /** * * @type {ProtectedOfflineSettings} * @memberof AuthApiApplication */ 'protectedOfflineSettings'?: ProtectedOfflineSettings; /** * Defines whether user values function is enabled. * @type {boolean} * @memberof AuthApiApplication */ 'userValuesEnabled'?: boolean; /** * Defines whether verification for a user must be satisfied. * @type {boolean} * @memberof AuthApiApplication */ 'verificationRequired'?: boolean; } export declare const AuthApiApplicationClientIpSourceEnum: { readonly NotIncluded: "NOT_INCLUDED"; readonly Provided: "PROVIDED"; readonly FromConnection: "FROM_CONNECTION"; }; export type AuthApiApplicationClientIpSourceEnum = typeof AuthApiApplicationClientIpSourceEnum[keyof typeof AuthApiApplicationClientIpSourceEnum]; /** * Parameters for the new application. * @export * @interface AuthApiApplicationParms */ export interface AuthApiApplicationParms { /** * Flag indicates if ignore ip address for rba will be allowed or not. * @type {boolean} * @memberof AuthApiApplicationParms */ 'allowIgnoreIpAddressForRba'?: boolean; /** * Application template specific to this application type. * @type {string} * @memberof AuthApiApplicationParms */ 'applicationTemplate': string; /** * Application template id specific to this application type. * @type {string} * @memberof AuthApiApplicationParms */ 'applicationTemplateId'?: string; /** * Indicates the source of client IP address for risk analysis * @type {string} * @memberof AuthApiApplicationParms */ 'clientIpSource'?: AuthApiApplicationParmsClientIpSourceEnum; /** * Short description of application. * @type {string} * @memberof AuthApiApplicationParms */ 'description'?: string; /** * Unique UUID for the application used when creating a new application. If not specified, IDaaS will generate a random UUID. * @type {string} * @memberof AuthApiApplicationParms */ 'id'?: string; /** * Base64 encoded logo image. * @type {string} * @memberof AuthApiApplicationParms */ 'logo'?: string; /** * Name of the application. * @type {string} * @memberof AuthApiApplicationParms */ 'name': string; /** * Flag indicating if passkey authentication is allowed for this application. * @type {boolean} * @memberof AuthApiApplicationParms */ 'passkeyEnabled'?: boolean; /** * * @type {ProtectedOfflineSettings} * @memberof AuthApiApplicationParms */ 'protectedOfflineSettings'?: ProtectedOfflineSettings; /** * Flag indicating if user client values is allowed for this application. * @type {boolean} * @memberof AuthApiApplicationParms */ 'userValuesEnabled'?: boolean; /** * Defines whether verification for a user must be satisfied. * @type {boolean} * @memberof AuthApiApplicationParms */ 'verificationRequired'?: boolean; } export declare const AuthApiApplicationParmsClientIpSourceEnum: { readonly NotIncluded: "NOT_INCLUDED"; readonly Provided: "PROVIDED"; readonly FromConnection: "FROM_CONNECTION"; }; export type AuthApiApplicationParmsClientIpSourceEnum = typeof AuthApiApplicationParmsClientIpSourceEnum[keyof typeof AuthApiApplicationParmsClientIpSourceEnum]; /** * An AuthenticationFlow defines the authentication options available for a given risk level. * @export * @interface AuthenticationFlow */ export interface AuthenticationFlow { /** * List of applications using this authentication flow. * @type {Array<ApplicationResourceRule>} * @memberof AuthenticationFlow */ 'applications'?: Array<ApplicationResourceRule>; /** * The unique UUID assigned to the authentication flow when it is created. * @type {string} * @memberof AuthenticationFlow */ 'id': string; /** * The identity providers, both OIDC and SAML, supported when the IDP login flow is enabled--limited info is returned. This parameter should be used instead of oidcIdentityProviders. * @type {Array<IdentityProvider>} * @memberof AuthenticationFlow */ 'identityProviders'?: Array<IdentityProvider>; /** * A flag indicating if the authentication flow will be using domain-based IDPs. * @type {boolean} * @memberof AuthenticationFlow */ 'idpDomainBased'?: boolean; /** * The authenticator type to use during in the second step of a two-step authentication scenario when the identity provider Login flow is enabled and requires a second factor. PASSTHROUGH is not supported. * @type {Array<string>} * @memberof AuthenticationFlow */ 'idpLoginSecondStep'?: Array<AuthenticationFlowIdpLoginSecondStepEnum>; /** * List of login flows. * @type {Array<LoginFlow>} * @memberof AuthenticationFlow */ 'loginFlows': Array<LoginFlow>; /** * The name of the authentication flow. * @type {string} * @memberof AuthenticationFlow */ 'name': string; /** * The OIDC identity providers supported when the IDP login flow is enabled--limited info is returned. This parameter is deprecated, use identityProviders instead. * @type {Array<OidcIdentityProvider>} * @memberof AuthenticationFlow * @deprecated */ 'oidcIdentityProviders'?: Array<OidcIdentityProvider>; /** * The order preference to use for OTP delivery. * @type {Array<OTPPreferenceDetails>} * @memberof AuthenticationFlow */ 'otpDeliveryPreference'?: Array<OTPPreferenceDetails>; /** * A flag indicating if group based OTP policy can be overridden by the authentication flow OTP policy. * @type {boolean} * @memberof AuthenticationFlow */ 'overrideOtpContacts'?: boolean; /** * A flag indicating if the authentication flow can be modified or deleted. * @type {boolean} * @memberof AuthenticationFlow */ 'readOnly': boolean; /** * The authenticator type to use in the first step of a two-step authentication scenario when the User Login flow is enabled. * @type {string} * @memberof AuthenticationFlow */ 'userLoginFirstStep'?: AuthenticationFlowUserLoginFirstStepEnum; /** * The authenticator type to use during in the second step of a two-step authentication scenario when the User Login flow is enabled. * @type {Array<string>} * @memberof AuthenticationFlow */ 'userLoginSecondStep'?: Array<AuthenticationFlowUserLoginSecondStepEnum>; } export declare const AuthenticationFlowIdpLoginSecondStepEnum: { readonly None: "NONE"; readonly Kba: "KBA"; readonly TempAccessCode: "TEMP_ACCESS_CODE"; readonly Otp: "OTP"; readonly Grid: "GRID"; readonly Token: "TOKEN"; readonly Tokencr: "TOKENCR"; readonly Tokenpush: "TOKENPUSH"; readonly Fido: "FIDO"; readonly UserCertificate: "USER_CERTIFICATE"; readonly Smartcredentialpush: "SMARTCREDENTIALPUSH"; readonly Face: "FACE"; readonly Passthrough: "PASSTHROUGH"; readonly Magiclink: "MAGICLINK"; }; export type AuthenticationFlowIdpLoginSecondStepEnum = typeof AuthenticationFlowIdpLoginSecondStepEnum[keyof typeof AuthenticationFlowIdpLoginSecondStepEnum]; export declare const AuthenticationFlowUserLoginFirstStepEnum: { readonly None: "NONE"; readonly External: "EXTERNAL"; readonly Password: "PASSWORD"; readonly Kba: "KBA"; readonly Otp: "OTP"; readonly Token: "TOKEN"; readonly Tokenpush: "TOKENPUSH"; readonly Smartcredentialpush: "SMARTCREDENTIALPUSH"; readonly Idp: "IDP"; readonly Passkey: "PASSKEY"; readonly SmartLogin: "SMART_LOGIN"; readonly UserCertificate: "USER_CERTIFICATE"; readonly Face: "FACE"; readonly Deny: "DENY"; readonly Magiclink: "MAGICLINK"; }; export type AuthenticationFlowUserLoginFirstStepEnum = typeof AuthenticationFlowUserLoginFirstStepEnum[keyof typeof AuthenticationFlowUserLoginFirstStepEnum]; export declare const AuthenticationFlowUserLoginSecondStepEnum: { readonly None: "NONE"; readonly Kba: "KBA"; readonly TempAccessCode: "TEMP_ACCESS_CODE"; readonly Otp: "OTP"; readonly Grid: "GRID"; readonly Token: "TOKEN"; readonly Tokencr: "TOKENCR"; readonly Tokenpush: "TOKENPUSH"; readonly Fido: "FIDO"; readonly UserCertificate: "USER_CERTIFICATE"; readonly Smartcredentialpush: "SMARTCREDENTIALPUSH"; readonly Face: "FACE"; readonly Passthrough: "PASSTHROUGH"; readonly Magiclink: "MAGICLINK"; }; export type AuthenticationFlowUserLoginSecondStepEnum = typeof AuthenticationFlowUserLoginSecondStepEnum[keyof typeof AuthenticationFlowUserLoginSecondStepEnum]; /** * Parameters defining the new authentication flow. * @export * @interface AuthenticationFlowParms */ export interface AuthenticationFlowParms { /** * The UUIDs of the identity providers, both OIDC and SAML, supported when the IDP login flow is enabled--at least one is required. This parameter should be used instead of oidcIdentityProviderIds. * @type {Array<string>} * @memberof AuthenticationFlowParms */ 'identityProviderIds'?: Array<string>; /** * A flag indicating if the authentication flow will be using domain-based IDPs. * @type {boolean} * @memberof AuthenticationFlowParms */ 'idpDomainBased'?: boolean; /** * The authenticator type to use during in the second step of a two-step authentication scenario when the identity provider Login flow is enabled and requires a second factor. PASSTHROUGH is not supported. * @type {Array<string>} * @memberof AuthenticationFlowParms */ 'idpLoginSecondStep'?: Array<AuthenticationFlowParmsIdpLoginSecondStepEnum>; /** * List of enabled login flows--at least one must be enabled. If a login flow is not provided, then it\'s treated as disabled. Enabled login flows must be supported by the account entitlement. * @type {Array<LoginFlow>} * @memberof AuthenticationFlowParms */ 'loginFlows': Array<LoginFlow>; /** * The name of the authentication flow. * @type {string} * @memberof AuthenticationFlowParms */ 'name'?: string; /** * The UUIDs of the OIDC identity providers supported when the IDP login flow is enabled--at least one is required. This parameter is deprecated, use identityProviderIds instead. * @type {Array<string>} * @memberof AuthenticationFlowParms * @deprecated */ 'oidcIdentityProviderIds'?: Array<string>; /** * Indicates the otp delivery preference in order. * @type {Array<OTPPreferenceDetails>} * @memberof AuthenticationFlowParms */ 'otpDeliveryPreference'?: Array<OTPPreferenceDetails>; /** * A flag indicating if group based OTP policy can be overridden by the authentication flow. * @type {boolean} * @memberof AuthenticationFlowParms */ 'overrideOtpContacts'?: boolean; /** * The authenticator type to use in the first step of a two-step authentication scenario when the User Login flow is enabled. * @type {string} * @memberof AuthenticationFlowParms */ 'userLoginFirstStep'?: AuthenticationFlowParmsUserLoginFirstStepEnum; /** * The list of authenticator types to use in the second step of a two-step authentication scenario when the User Login flow is enabled. Use an empty array when none is required. * @type {Array<string>} * @memberof AuthenticationFlowParms */ 'userLoginSecondStep'?: Array<AuthenticationFlowParmsUserLoginSecondStepEnum>; } export declare const AuthenticationFlowParmsIdpLoginSecondStepEnum: { readonly None: "NONE"; readonly Kba: "KBA"; readonly TempAccessCode: "TEMP_ACCESS_CODE"; readonly Otp: "OTP"; readonly Grid: "GRID"; readonly Token: "TOKEN"; readonly Tokencr: "TOKENCR"; readonly Tokenpush: "TOKENPUSH"; readonly Fido: "FIDO"; readonly UserCertificate: "USER_CERTIFICATE"; readonly Smartcredentialpush: "SMARTCREDENTIALPUSH"; readonly Face: "FACE"; readonly Passthrough: "PASSTHROUGH"; readonly Magiclink: "MAGICLINK"; }; export type AuthenticationFlowParmsIdpLoginSecondStepEnum = typeof AuthenticationFlowParmsIdpLoginSecondStepEnum[keyof typeof AuthenticationFlowParmsIdpLoginSecondStepEnum]; export declare const AuthenticationFlowParmsUserLoginFirstStepEnum: { readonly None: "NONE"; readonly External: "EXTERNAL"; readonly Password: "PASSWORD"; readonly Kba: "KBA"; readonly Otp: "OTP"; readonly Token: "TOKEN"; readonly Tokenpush: "TOKENPUSH"; readonly Smartcredentialpush: "SMARTCREDENTIALPUSH"; readonly Idp: "IDP"; readonly Passkey: "PASSKEY"; readonly SmartLogin: "SMART_LOGIN"; readonly UserCertificate: "USER_CERTIFICATE"; readonly Face: "FACE"; readonly Deny: "DENY"; readonly Magiclink: "MAGICLINK"; }; export type AuthenticationFlowParmsUserLoginFirstStepEnum = typeof AuthenticationFlowParmsUserLoginFirstStepEnum[keyof typeof AuthenticationFlowParmsUserLoginFirstStepEnum]; export declare const AuthenticationFlowParmsUserLoginSecondStepEnum: { readonly None: "NONE"; readonly Kba: "KBA"; readonly TempAccessCode: "TEMP_ACCESS_CODE"; readonly Otp: "OTP"; readonly Grid: "GRID"; readonly Token: "TOKEN"; readonly Tokencr: "TOKENCR"; readonly Tokenpush: "TOKENPUSH"; readonly Fido: "FIDO"; readonly UserCertificate: "USER_CERTIFICATE"; readonly Smartcredentialpush: "SMARTCREDENTIALPUSH"; readonly Face: "FACE"; readonly Passthrough: "PASSTHROUGH"; readonly Magiclink: "MAGICLINK"; }; export type AuthenticationFlowParmsUserLoginSecondStepEnum = typeof AuthenticationFlowParmsUserLoginSecondStepEnum[keyof typeof AuthenticationFlowParmsUserLoginSecondStepEnum]; /** * Parameters specifying the new state of the token. * @export * @interface ChangeStateParms */ export interface ChangeStateParms { /** * The new state of the token. The state can be changed from ACTIVE to INACTIVE or INACTIVE to ACTIVE. * @type {string} * @memberof ChangeStateParms */ 'state': ChangeStateParmsStateEnum; } export declare const ChangeStateParmsStateEnum: { readonly New: "NEW"; readonly Activating: "ACTIVATING"; readonly Active: "ACTIVE"; readonly Inactive: "INACTIVE"; readonly Unassigned: "UNASSIGNED"; }; export type ChangeStateParmsStateEnum = typeof ChangeStateParmsStateEnum[keyof typeof ChangeStateParmsStateEnum]; /** * A list of origins that cross-origin requests are allowed from. * @export * @interface CorsOrigin */ export interface CorsOrigin { /** * CORS origin UUID. This value is generated when the origin is created. * @type {string} * @memberof CorsOrigin */ 'id'?: string; /** * Allowed CORS origin. This value can contain port. Wildcard can be used for ports but not for domains. * @type {string} * @memberof CorsOrigin */ 'origin'?: string; } /** * Information about the status of an asynchronous create tenant request. * @export * @interface CreateTenantAsyncStatus */ export interface CreateTenantAsyncStatus { /** * The error message describing the first error encountered processing the operation. * @type {string} * @memberof CreateTenantAsyncStatus */ 'errorMessage'?: string; /** * The unique UUID of the operation. Used to get status and results of operation * @type {string} * @memberof CreateTenantAsyncStatus */ 'id': string; /** * The time this operation was initialized. * @type {string} * @memberof CreateTenantAsyncStatus */ 'initTime'?: string; /** * The time at which the operation completed processing. * @type {string} * @memberof CreateTenantAsyncStatus */ 'processingEndTime'?: string; /** * The time at which the operation began processing. * @type {string} * @memberof CreateTenantAsyncStatus */ 'processingStartTime'?: string; /** * How long the operation took to complete processing in milliseconds. * @type {number} * @memberof CreateTenantAsyncStatus */ 'processingTime'?: number; /** * The state of the operation. * @type {string} * @memberof CreateTenantAsyncStatus */ 'state': CreateTenantAsyncStatusStateEnum; /** * The subject of this operation. * @type {string} * @memberof CreateTenantAsyncStatus */ 'subject'?: string; } export declare const CreateTenantAsyncStatusStateEnum: { readonly Failed: "FAILED"; readonly Cancelled: "CANCELLED"; readonly Completed: "COMPLETED"; readonly AwaitingData: "AWAITING_DATA"; readonly Processing: "PROCESSING"; readonly Scheduled: "SCHEDULED"; }; export type CreateTenantAsyncStatusStateEnum = typeof CreateTenantAsyncStatusStateEnum[keyof typeof CreateTenantAsyncStatusStateEnum]; /** * Parameters used to create the new tenant. * @export * @interface CreateTenantParms */ export interface CreateTenantParms { /** * * @type {AdminApiApplicationParms} * @memberof CreateTenantParms */ 'adminApiApplication'?: AdminApiApplicationParms; /** * * @type {UserParms} * @memberof CreateTenantParms */ 'adminUser': UserParms; /** * A flag indicating if a welcome email should be delivered. If not set, it defaults to false. * @type {boolean} * @memberof CreateTenantParms */ 'deliverWelcomeEmail'?: boolean; /** * * @type {EntitlementParms} * @memberof CreateTenantParms */ 'entitlements'?: EntitlementParms; /** * * @type {TenantParms} * @memberof CreateTenantParms */ 'tenant': TenantParms; } /** * Information returned from a create tenant request. * @export * @interface CreateTenantResult */ export interface CreateTenantResult { /** * * @type {AdminApiApplication} * @memberof CreateTenantResult */ 'adminApiApplication'?: AdminApiApplication; /** * * @type {User} * @memberof CreateTenantResult */ 'adminUser': User; /** * * @type {Tenant} * @memberof CreateTenantResult */ 'tenant': Tenant; } /** * When creating multiple users in a single request, the CreateUserResult value contains the result for a single user. It will either contain information about the user created or error information describing why the create operation failed. * @export * @interface CreateUserResult */ export interface CreateUserResult { /** * * @type {ErrorInfo} * @memberof CreateUserResult */ 'error'?: ErrorInfo; /** * Indicates if the user was successfully created (true) or not (false). * @type {boolean} * @memberof CreateUserResult */ 'success': boolean; /** * * @type {User} * @memberof CreateUserResult */ 'user'?: User; } /** * The list of users to be created. * @export * @interface CreateUsersParms */ export interface CreateUsersParms { /** * If set to true, the operation stops on the first operation that fails. Otherwise the operation continues for each specified user. If not specified, this defaults to false. * @type {boolean} * @memberof CreateUsersParms */ 'stopOnError'?: boolean; /** * The list of users to be created. * @type {Array<UserParms>} * @memberof CreateUsersParms */ 'users': Array<UserParms>; } /** * The DateTimeContext context specifies an allowed or disallowed date or time range. Only a date range or a time range can be specified. Risk is applied to the authentication if the current time is outside an allowed range or inside a disallowed range. A date range specifies a start and end date. For example 2019/01/01 to 2019/03/01. A time range species a start and end time and days of the week. For example Monday to Friday, 8am to 5pm. * @export * @interface DateTimeContext */ export interface DateTimeContext { /** * If true, the startDateTime and endDateTime define the allowed range. If false, the startDateTime and endDateTime define the denied range. * @type {boolean} * @memberof DateTimeContext */ 'allowedDateTime'?: boolean; /** * If true, the startTime and endTime define the allowed time range. If false, the startTime and endTime define the denied time range. * @type {boolean} * @memberof DateTimeContext */ 'allowedTime'?: boolean; /** * If true, the resource rule evaluating the context will return Access Denied. * @type {boolean} * @memberof DateTimeContext */ 'denyAccess': boolean; /** * If specifying a date range, the end date of the range. * @type {string} * @memberof DateTimeContext */ 'endDateTime'?: string; /** * If specifying a time range, the end time of the range. The value should be of the form hh:mm:ss * @type {string} * @memberof DateTimeContext */ 'endTime'?: string; /** * The number of risk points that apply if this context applies. * @type {number} * @memberof DateT