A web services API is exposed by Password Manager, allowing other
applications to access the workflow request queue and data about users
The API is accessed using SOAP over HTTPS with a WSDL
specification. It is accessible from a wide range of
platforms, including Windows and Unix,
.NET and J2EE, Perl, Python and PHP, etc.
The Password Manager API supports a wide range of operations, including:
- Submitting new workflow requests. This includes requests to:
- Create new user profiles.
- Add login accounts to new or existing profiles.
- Add users to or remove users from managed groups.
- Assign roles to users or remove roles from users.
- Get or set user identity attributes.
- Initiating certification rounds.
- Searching for users, groups or roles matching specified criteria.
- Creating, updating or deleting roles and SoD policies.
- Getting or changing the set of authorizers attached to a request.
- Approving or denying requests.
- Enumerating users per entitlement or entitlements per user.
- Running any report and consuming its output in a streamed format
(e.g., orphan/dormant accounts, stale workflow requests,
SoD violations, etc.).
- Performing a variety of Password Manager configuration tasks.