Account Information

Introduction

Memority Synchronization Service provides a REST API enabling to obtain information about accounts provisioned on remote applications.

2 queries are exposed:

Identity-centric: for a given Identity, Memority Synchronization Service returns the list of the Identity's provisioned accounts on the remote application(s)
Application-centric: for a given remote application, Memority Synchronization Service returns the whole list of the application's accounts for all Identities

Retrieving provisioned account information can be performed according to 2 strategies:

offline information (the default), where Memority Synchronization Service retrieves information from its internal repository (no request is sent to remote applications). This is fast, but potentially inaccurate since local administrators may have modified accounts on remote applications behind Memority Synchronization Service’s back since the last time Memority Synchronization Service performed a provisioning operation
live information, where Memority Synchronization Service fetches fresh information directly on remote applications. This is slower, but accurate. This strategy is only possible for the above "Identity-centric" case

The desired strategy is provided as request parameter. As stated, the live strategy is only possible for an "Identity-centric" request.

Account Information REST API

The REST API to retrieve account information is described below:

Action

Resource

Parameters

Return value

Retrieve account information for the given IDM object and the given applications.

If no application is provided then all the IDM object's provisioned applications are considered.

GET /{tenant}/api/sync/account/identity/{identityId}?applicationId=app1&applicationId=app2&fetchLiveStatus=true

Path param: identityId (mandatory)

Query param: applicationId (optional, multi-valued)

Query param: fetchLiveStatus (optional, false by default)

List<AccountInformation>

Retrieve all offline account information for a given application (no live request is possible for performance reason).

GET /{tenant}/api/sync/account/application/{applicationId}?page=5&size=20

Path param: applicationId (mandatory)

Query params: usual pageable parameters

Page<AccountInformation>

The content of an AccountInformation returned in the REST response is detailed in the next section.

Account Information

When requesting information about provisioned applications, Memority Synchronization service returns a list of AccountInformations. One AccountInformation corresponds to a given object and a given remote application.

Properties

Property Name	Description	Non null
idmObjectId	The id of the object provisioned on the remote application	YES
citadelApplicationId	The Memority Portal id of the provisioned application. It may be different from the Memority Synchronization application id. If different, the mapping between the Memority Portal application id and the Memority Synchronization application id is configured in the `Application#citadelApplicationId` field need to be unique for all Applications	YES
dominoApplicationId	Technical: the id of the provisioned Memority Synchronization application corresponding to the above `citadelApplicationId`. They can be the same.	YES
accountStatus	the status of the account on the target application, see status table below	YES
statusAuthoritative	Whether the account status is reliable or not: `true` if a live request was performed to obtain the status, `false` if the status was retrieved from the local Memority Synchronization repository	YES
createdAt	The account creation date. Null if never provisioned	NO
lastSyncedAt	The last account synchronization date. Null if never provisioned	NO
accountId	The account unique identifier on the remote application. Null if never provisioned	NO
accountName	The human readable account name on the remote application	NO
shadowId	The internal UUID of the account's shadow in the local Memority Synchronization repository	NO
account	The whole account retrieved from the remote application, as a flat attribute Map. This property is only set when: live information has been requested the account status is either `AccountStatus#SYNCED` , `AccountStatus#OUT_OF_SYNC` , `AccountStatus#ORPHANED` .	NO
accountPatch	The patch that should be applied on the account when it is not in sync with its target state. This property is only set when: live information has been requested the account status is`AccountStatus#OUT_OF_SYNC` .	NO

accountStatus

The possible provisioning status of an account are listed below:

Status	Description
`SYNCED`	The account exists on the target application as expected, and is in the state it should be
`OUT_OF_SYNC`	The account exists on the target application as expected, but is not in the state it should be
`MISSING`	The account should exist on the target application, but was not found
`ORPHANED`	The account should not exist on the target application, but it exists anyway
`NOT_PROVISIONED`	No account is present in the target application, as expected because it should not (does not match the `ApplicationProfile`)

AccountInformation properties availability matrix

When fetchLiveStatus is TRUE

Property	SYNCED	OUT_OF_SYNC	MISSING	ORPHANED	NOT_PROVISIONED
idmObjectId
citadelApplicationId
accountStatus
statusAuthoritative
accountId
accountName
createdAt
lastSyncedAt
account
accountPatch

When fetchLiveStatus is FALSE

Property	SYNCED	MISSING	ORPHANED	NOT_PROVISIONED
idmObjectId
citadelApplicationId
accountStatus
statusAuthoritative
accountId
accountName
createdAt
lastSyncedAt
account
accountPatch

Account Information REST API

Account Information

Properties

accountStatus

AccountInformation properties availability matrix

When fetchLiveStatus is TRUE

When fetchLiveStatus is FALSE

Read Next