A web services API is exposed by Password Manager, allowing other
applications to access the workflow request queue and data about users
The API is accessed using SOAP and includes a WSDL specification.
This makes it accessible across a wide range of platforms and
programming languages, including Windows and Unix, .NET and J2EE,
Perl, Python and PHP, etc.
The Password Manager API supports a wide range of operations, including:
- Submitting new workflow requests. This includes requests to:
- Create new user profiles.
- Add login accounts to new or existing profiles.
- Add users to or remove users from managed groups.
- Assign roles to users or remove roles from users.
- Get or set user identity attributes.
- Initiating previously configured certification rounds.
- Searching for users, groups or roles matching specified criteria.
- Creating, updating or deleting roles.
- Getting or changing the set of authorizers attached to a request.
- Approving or rejecting open requests.
- Enumerating users per entitlement or entitlements per user.
- Running any report and consuming its output in a streamed format
(e.g., orphan/dormant accounts, stale workflow requests,
SoD violations, etc.).
- Some Password Manager configuration.
- Running reports on Password Manager servers and streaming back their
results. This is useful for programmatic monitoring.
The API allows organizations to develop their own request forms
without having to code custom validation or authorization logic
and without having to develop integrations with target systems and
applications where users will be provisioned. This is helpful
for specialized onboarding applications or to connect Password Manager
to an IT service catalog, for example.