Skip to main content
Skip table of contents

Reporting Object Configurations

Definition

Reporting Objects define how one may interact with an underlying (built-in or custom) Document Collection:

  • Is it writeable or not ?

  • Is it append-only ?

  • What are the available search criteria ?

Configuration

You can access the Report configuration :

  • by clicking on "Reporting" → “Report Configuration

  • by clicking on "System" → "Configurations" → "Reporting service" and perform an import/export.

Mandatory properties

The properties of this object are as follow:

Property

Type

Mandatory

Description

id

String

YES

The Reporting Object Configuration unique identifier

name

String

YES

The name of the Reporting Object Configuration

description

String

NO

A description of the Reporting Object Configuration purpose

collectionWriteConfiguration

CollectionWriteConfiguration

YES

A configuration object allowing to specify options for writing in the targeted Collection.

built-inCollection

built-inReportingCollection (enum)

YES - mutually exclusive with customCollection

A collection name from an enumeration of built-in collections.

A built-in Collection comes with pre-declared Criteria and can be used instead of defining a custom collection manually.

built-inCollectionAdditionalCriteria

List<CriteriaDefinition>

NO - only meaningful if built-inCollection is set

Additional, custom criteria when using a built-in Collection. See Criteria.

customCollection

CustomReportingCollection

YES - mutually exclusive with built-inCollection

Allow to configure a custom collection or to override the presets of a built-in collection by targeting the same collection name.

legacy

Boolean

YES

Is the Reporting Object Configuration legacy.

collectionWriteConfiguration

Property

Type

Values (default in bold)

Description

writable

Boolean

true, false

Allow to write in the collection

appendOnly

Boolean

true, false

If true, documents with an _id property will be ignored, i.e only new documents can be inserted (no update of existing documents).

Built-in Collection available

ACCOUNT_INFORMATION

Targets the "account" collection (paginated search). Used to display the properties and attributes of provisioned accounts.

Document Example
JSON 
{
    "_id" : {
        "applicationId" : "report-identity-application",
        "accountId" : "BUS-DH08567",
        "accountClass" : "identity"
    },
    "_createdAt" : ISODate("2023-06-08T15:23:52.575+0000"),
    "_updatedAt" : ISODate("2024-04-18T13:07:35.026+0000"),
    "account" : {
        "lastName" : "POEYRE",
        "roles" : [
            "Active Directory - User",
            "Office 365 - User",
            "SelfService Common",
            "WebPos - User"
        ],
        "enabledFrom" : "2023-06-07T22:00:00Z",
        "login" : "jpoeyre",
        "type" : "internal",
        "orgId" : "ZH7440",
        "rights" : [
            "adm.billingB2E-reporting",
            "adm.selfservice-features",
            "app.access.BZ65598096",
            "app.prov.identity-activeDirectory",
            "app.prov.identity-report",
            "app.prov.identity-o365",
            "app.prov.webpos",
            "auth.password",
            "auth.webauthn"
        ],
        "_updatedAt" : "2024-04-18T13:07:34.516Z",
        "email" : "john.poeyre-mybusiness@demo-office365.memority.fr",
        "apps" : [
            "Fitnet",
            "Active Directory",
            "Memority User Portal",
            "WebPos",
            "Office 365"
        ],
        "org" : "BU R&D",
        "roleDimensions" : "RDYR44872:[fonction:Vendeur Générique]",
        "rolesId" : [
            "RJNC12141",
            "RSKO97974",
            "RDYR44872"
        ],
        "managerId" : "SM36942",
        "bpeManager" : "Alex BLAISE",
        "firstName" : "John",
        "secondary_password_activation" : "DISABLED",
        "_id" : "BUS-DH08567",
        "status" : "true"
    },
    "accountId" : "BUS-DH08567",
    "accountName" : "BUS-DH08567",
    "accountPatch" : null,
    "accountStatus" : "SYNCED",
    "accountStatusRefreshedAt" : ISODate("2024-04-18T13:07:35.022+0000"),
    "citadelApplicationId" : null,
    "createdAt" : ISODate("2024-04-18T13:07:35.020+0000"),
    "dominoApplicationId" : "report-identity-application",
    "error" : null,
    "idmObjectId" : "BUS-DH08567",
    "idmObjectKind" : "IDENTITY",
    "idmObjectType" : "internal",
    "lastSyncedAt" : ISODate("2024-04-18T13:07:35.018+0000"),
    "provisioningRateCurrentlyLimited" : false,
    "shadowId" : "6f194483-f941-42f4-9ebd-fde6a3feff97",
    "statusAuthoritative" : true,
    "accountClass" : "identity",
    "ignored" : false,
    "ignoredAt" : null,
    "lastChangeRequestedAt" : null,
    "syncSituation" : "LINKED"
}

AUTHENTICATION_COUNT

Targets the "authentication_hour" collection (aggregation). Used for displaying authentication data typically with a XY chart.

Document Example
JSON 
{
    "_id" : "511a395bc1d450757485d4c38905944b",
    "co" : "FR",
    "ct" : "EU",
    "date" : ISODate("2024-01-09T10:00:00.000+0000"),
    "dt" : NumberInt(20240109),
    "hr" : NumberInt(2024010910),
    "md" : "MemorityLDAP",
    "me" : "AUTHENTICATION-241",
    "nb" : NumberInt(2),
    "org" : "AA0000",
    "orgc" : [

    ],
    "st" : "Ko",
    "tp" : "internal",
    "ua" : "Chrome"
}

AUTHENTICATION_DETAIL

Targets the "authentication_agg" collection (paginated search). Used for displaying the details of authentication typically with a reporting list widget.

Document Example
JSON 
{
    "_id" : ObjectId("65bb5f7d61442109e7d4a83a"),
    "filename" : "amAuthentication",
    "LoginID" : "uid=abagail.douglas,ou=people,ou=mytest,dc=memority,dc=fr",
    "ContextID" : "c4f9824ec6c783d801",
    "IPAddr" : "89.144.233.233",
    "MessageID" : "AUTHENTICATION-303",
    "ModuleName" : "MemorityLDAP",
    "NameID" : "Not Available",
    "user-agent" : {
        "ua_string" : "Not Available",
        "os" : {
            "family" : "Other",
            "version_string" : ""
        },
        "browser" : {
            "family" : "Other",
            "version_string" : ""
        },
        "device" : {
            "family" : "Other",
            "brand" : null,
            "model" : null
        },
        "type" : "unknown",
        "is_touch_capable" : false
    },
    "realm" : "mytest",
    "date" : ISODate("2024-02-01T09:08:12.000+0000"),
    "date_fr" : "01/02/2024",
    "date_en" : "2024/02/01",
    "date_int" : NumberInt(20240201),
    "user" : "abagail.douglas",
    "location_data" : {
        "continent" : "EU",
        "country" : "FR",
        "stateprov" : "Île-de-France",
        "district" : "Paris",
        "city" : "Paris",
        "zipcode" : NumberInt(75000),
        "latitude" : 48.8566,
        "longitude" : 2.35222,
        "geoname_id" : NumberInt(2988507),
        "timezone_offset" : NumberInt(1),
        "timezone_name" : "Europe/Paris",
        "isp_name" : "France Telecom",
        "organization_name" : ""
    },
    "identity" : {
        "_id" : "abagail.douglas",
        "lastName" : "DOUGLAS",
        "org" : "AA0000",
        "login" : "abagail.douglas@mail.com",
        "type" : "internal",
        "firstName" : "Abagail",
        "orgLabel" : "MyQualifefe",
        "email" : "abagail.douglas@mail.com",
        "status" : "true",
        "id" : "abagail.douglas",
        "orgChain" : [

        ]
    },
    "status" : "Unspecified"
}

ACCESS_COUNT

Targets the "access_hour" collection (aggregation). Used for displaying access data typically with a XY chart.

Document Example
JSON 
{
    "_id" : "f0fd79e8b240b2efc6a9930f5d736dad",
    "ap" : "urn:citadel:usr:mytest|/mytest/idp-citadel-usr-int-demo",
    "co" : "FR",
    "ct" : "EU",
    "date" : ISODate("2024-01-26T14:00:00.000+0000"),
    "dt" : NumberInt(20240126),
    "hr" : NumberInt(2024012614),
    "md" : "MemorityLDAP",
    "me" : "SAML2-37",
    "nb" : NumberInt(6),
    "org" : "AA0000",
    "orgc" : [

    ],
    "st" : "Ok",
    "tp" : "internal",
    "ua" : "Chrome"
}

ACCESS_DETAIL

Targets the "access_agg" collection (paginated search). Used for displaying the details of access typically with a reporting list widget.

Document Example
JSON 
{
    "_id" : ObjectId("659d4cd26d3e926de37053c6"),
    "filename" : "SAML2",
    "LoginID" : "uid=russel.doyle,ou=people,ou=mytest,dc=memority,dc=fr",
    "ContextID" : "aaaee8cd9467373c01",
    "IPAddr" : "86.105.3.52",
    "MessageID" : "SAML2-37",
    "ModuleName" : "MemorityLDAP",
    "NameID" : "russel.doyle",
    "user-agent" : {
        "ua_string" : "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
        "os" : {
            "family" : "Windows",
            "version_string" : NumberInt(10)
        },
        "browser" : {
            "family" : "Chrome",
            "version_string" : "120.0.0"
        },
        "device" : {
            "family" : "Other",
            "brand" : null,
            "model" : null
        },
        "type" : "pc",
        "is_touch_capable" : false
    },
    "realm" : "mytest",
    "status" : "Ok",
    "RawApplication" : "urn:citadel:usr:mytest|/mytest/idp-citadel-usr-int-demo",
    "FederationMode" : "idp-citadel-usr-int-demo",
    "date" : ISODate("2024-01-09T13:40:27.000+0000"),
    "date_fr" : "09/01/2024",
    "date_en" : "2024/01/09",
    "date_int" : NumberInt(20240109),
    "user" : "russel.doyle",
    "identity" : {
        "_id" : "russel.doyle",
        "lastName" : "DOYLE",
        "firstName" : "Russel",
        "org" : "AA0000",
        "orgLabel" : "MyQualifefe",
        "login" : "russel.doyle@mail.com",
        "type" : "internal",
        "email" : "russel.doyle@mail.com",
        "status" : "true",
        "id" : "russel.doyle",
        "orgChain" : [

        ]
    },
    "location_data" : {
        "continent" : "EU",
        "country" : "FR",
        "stateprov" : "Île-de-France",
        "district" : "Paris",
        "city" : "Paris",
        "zipcode" : NumberInt(75000),
        "latitude" : 48.8566,
        "longitude" : 2.35222,
        "geoname_id" : NumberInt(2988507),
        "timezone_offset" : NumberInt(1),
        "timezone_name" : "Europe/Paris",
        "isp_name" : "France Telecom",
        "organization_name" : ""
    },
    "Application" : {
        "_id" : "urn:citadel:usr:mytest|/mytest/idp-citadel-usr-int-demo",
        "id" : "urn:citadel:usr:mytest|/mytest/idp-citadel-usr-int-demo"
    }
}

FEDERATION

Targets the "federation" collection (paginated search). Used for displaying the details of a federation typically with a reporting list widget.

Document Example
JSON 
{
  "_id": "61888080-b97d-47a4-b9af-00600b6f1897",
  "_createdAt": "2024-02-02T15:28:32.943Z",
  "_updatedAt": "2024-02-02T15:29:14.456Z",
  "application": null,
  "createdAt": "2024-02-02T15:28:24.607Z",
  "nextVersion": {
    "description": null,
    "authenticationLevel": "10",
    "_usedAmAttributes": [],
    "deployedAt": null,
    "mappingKey": {
      "@type": "identity-attr",
      "attributeId": "id"
    },
    "attributes": [],
    "configuration": {
      "@type": "wsfed",
      "entityId": "https://app.wsfed.test/fedtest/",
      "nameIdFormat": "EMAIL",
      "assertionConsumerUrls": [
        "https://app.wsfed.test/fedtest/acs"
      ],
      "assertionSignatureCertificateId": "testcert",
      "displayName": null
    }
  },
  "status": "DEPLOYED",
  "version": 42,
  "currentVersion": {
    "description": "test",
    "authenticationLevel": "10",
    "_usedAmAttributes": [],
    "deployedAt": "2024-02-02T15:29:12.709Z",
    "mappingKey": {
      "@type": "identity-attr",
      "attributeId": "id"
    },
    "attributes": [],
    "configuration": {
      "@type": "wsfed",
      "entityId": "https://app.wsfed.test/fedtest/",
      "nameIdFormat": "EMAIL",
      "assertionConsumerUrls": [
        "https://app.wsfed.test/fedtest/"
      ],
      "assertionSignatureCertificateId": "testcert",
      "displayName": null
    }
  },
  "updatedAt": "2024-02-02T15:29:12.703Z"
}

SYNC_TASK_OPERATION

Targets the "domino_sync_task_operation" collection (paginated search). Used to display the sync operations with the sync operation widget.

Document Example
JSON 
{
    "_id" : ObjectId("6130f26a3893663133022a4d"),
    "type" : "domino_sync_task_operation",
    "tenant" : "mytest",
    "taskDefinition" : "import-internal-syncTask",
    "taskInstance" : "469398c0-e8b6-4e90-830a-ca4922962e2d",
    "startDate" : ISODate("2021-08-23T07:28:17.115+0000"),
    "objectKind" : "IDENTITY",
    "objectId" : "ZD8821",
    "objectType" : "internal",
    "operation" : "PATCH",
    "outcome" : "SUCCESS",
    "attributeChanges" : [
        {
            "attrId" : "enabledUntil",
            "oldValues" : [
                "2021-07-07T09:30:00Z"
            ]
        },
        {
            "attrId" : "reservedFlags"
        },
        {
            "attrId" : "_updatedAt",
            "oldValues" : [
                "2021-08-22T22:10:02.836Z"
            ],
            "newValues" : [
                "2021-08-23T07:28:25.755Z"
            ]
        }
    ],
    "shadowId" : "4e6b4acf-451d-4e44-ae0c-c06b5a4e8fd4",
    "shadowObjectId" : "interne-role-auth-quatre.recette",
    "applicationId" : "import-internal-application",
    "error" : null
}

SYNC_TASK_REPORT

Targets the "domino_sync_task_report" collection (paginated search). Used to display the sync report, typically with a list widget.

Document Example
JSON 
{
    "_id" : ObjectId("65bba77b8db2f11e6f924bff"),
    "type" : "domino_sync_task_report",
    "tenant" : "mytest",
    "taskDefinition" : "importTask-partner",
    "taskInstance" : "8ccd63d6-351d-4177-8c47-06f83309814f",
    "objectKind" : "IDENTITY",
    "startDate" : ISODate("2024-02-01T14:15:18.248+0000"),
    "durationMs" : NumberInt(5278),
    "status" : "SUCCESS",
    "triggerType" : "MANUAL",
    "visibility" : "PRIVATE",
    "actor" : "AA0000",
    "simulate" : false,
    "importedFileName" : "importPartner.csv",
    "numberOfEntriesToProcess" : NumberInt(1),
    "numberOfProcessedEntries" : NumberInt(1),
    "numberOfIgnoredEntries" : NumberInt(0),
    "numberOfCreatedIdmObjects" : NumberInt(1),
    "numberOfUpdatedIdmObjects" : NumberInt(0),
    "numberOfDeletedIdmObjects" : NumberInt(0),
    "numberOfSoftDeletedIdmObjects" : NumberInt(0),
    "numberOfDeactivatedIdmObjects" : NumberInt(0),
    "numberOfErrors" : NumberInt(0),
    "fatalError" : null,
    "errors" : [

    ],
    "_createdAt" : ISODate("2024-02-01T14:15:23.532+0000"),
    "_updatedAt" : ISODate("2024-02-01T14:15:23.532+0000")
}

PROV_TASK_OPERATION

Targets the "domino_prov_task_operation" collection. Used to display provisioning operations.

Document Example
JSON 
{
    "_id" : ObjectId("659bd048c5207f00ffb251aa"),
    "type" : "domino_prov_task_operation",
    "tenant" : "mytest",
    "taskDefinition" : null,
    "taskInstance" : null,
    "eventDate" : ISODate("2024-01-08T10:36:56.276+0000"),
    "objectKind" : "IDENTITY",
    "objectId" : "emilie.andrews",
    "objectType" : "internal",
    "changeType" : null,
    "outcome" : "FAILURE",
    "attributeChanges" : [

    ],
    "shadowId" : null,
    "accountId" : null,
    "applicationId" : "prov-memorityAuthentication-common-application",
    "error" : {
        "@type" : "validation",
        "properties" : {
            "attribute_ids" : "[mail]"
        },
        "errorId" : "DMN-E2000009",
        "label" : "MANDATORY_ATTRIBUTE_MISSING",
        "description" : "Mandatory attribute(s) missing: [mail].",
        "appId" : "demo-domino-sync-v1",
        "timestamp" : "2024-01-08T10:36:56.271Z",
        "logTrackingId" : "59c10833-0d4d-4f69-9987-8522669beec8"
    },
    "_createdAt" : ISODate("2024-01-08T10:36:56.287+0000"),
    "_updatedAt" : ISODate("2024-01-08T10:36:56.287+0000")
}

PROV_TASK_REPORT

Targets the "domino_prov_task_report"" collection. Used to display the provisioning reports.

Document Example
JSON 
{
    "_id" : ObjectId("65bba89086ac2504d8bd069a"),
    "type" : "domino_prov_task_report",
    "tenant" : "mytest",
    "taskDefinition" : "prov-partners",
    "taskInstance" : "710959d2-b425-43fa-8ecf-49ff5a67e0d8",
    "objectKind" : null,
    "startDate" : ISODate("2024-02-01T14:20:00.098+0000"),
    "durationMs" : NumberInt(184),
    "status" : "SUCCESS",
    "triggerType" : null,
    "visibility" : null,
    "actor" : "system@@sync",
    "numberOfEntriesToProcess" : NumberInt(1),
    "numberOfProcessedEntries" : NumberInt(1),
    "numberOfIgnoredEntries" : NumberInt(1),
    "numberOfCreatedAccounts" : NumberInt(0),
    "numberOfUpdatedAccounts" : NumberInt(0),
    "numberOfDeletedAccounts" : NumberInt(0),
    "numberOfErrors" : NumberInt(0),
    "fatalError" : null,
    "errors" : [

    ],
    "_createdAt" : ISODate("2024-02-01T14:20:00.291+0000"),
    "_updatedAt" : ISODate("2024-02-01T14:20:00.291+0000")
}

ACCOUNT_DISCOVERY_TASK_OPERATION

Targets the "domino_account_discovery_task_operation" collection. Used to display account discovery operations.

To activate the publication of event in this collection, fill to True the SYNC settings accountDiscovery.task.execution.event.publish and fill reportingObjectDefinition Id into accountDiscovery.task.taskReport.reporting.id

Document Example
JSON 
{
    "_id" : ObjectId("659bd048c5207f00ffb251aa"),
   "taskDefinition":"test_ldapAccountDiscovery",
   "taskInstance":"d11c9c1d-65a2-460f-b7de-5f44da1126f4",
   "date":"2024-04-24T12:57:30.056Z",
   "idmObjectId":"john.doe",
   "idmObjectKind":"IDENTITY",
   "idmObjectType":"employee",
   "citadelApplicationId":null,
   "dominoApplicationId":"test_application",
   "accountStatus":"ORPHANED",
   "statusAuthoritative":false,
   "accountStatusRefreshedAt":"2024-04-24T12:57:30.055Z",
   "syncSituation":"UNMATCHED",
   "createdAt":ISODate("2024-01-08T10:36:56.287+0000"),
   "lastSyncedAt":ISODate("2024-01-08T10:36:56.287+0000"),
   "lastChangeRequestedAt":null,
   "ignoredAt":null,
   "ignored":false,
   "accountId":"john-doe",
   "accountClass":"inetOrgPerson",
   "accountName":"uid=john.doe,ou=users,dc=acme,dc=com",
   "shadowId":"d11c9c1d-65a2-460f-b7de-5f44da1126f4",
   "account":{
      "attribute1":"value1",
      "attribute2": ["value2", "value3"]
   },
   "accountPatch":null,
   "error":null,
   "provisioningRateCurrentlyLimited":false,
    "_createdAt" : ISODate("2024-01-08T10:36:56.287+0000"),
    "_updatedAt" : ISODate("2024-01-08T10:36:56.287+0000")
}

ACCOUNT_DISCOVERY_TASK_REPORT

Targets the "domino_account_discovery_task_report" collection. Used to display the reports of account discovery task executions.

Document Example
JSON 
{
    "_id" : ObjectId("6605acc0324b2a3fc1714cf4"),
    "type" : "domino_discovery_task_report",
    "tenant" : "mybusiness",
    "taskDefinition" : "O365-discovery",
    "taskInstance" : "db79fa9f-014b-497c-81d1-6f935da49c7f",
    "shadowKind" : "ACCOUNT",
    "startDate" : ISODate("2024-03-28T17:45:35.886+0000"),
    "durationMs" : NumberInt(504),
    "status" : "SUCCESS",
    "triggerType" : "MANUAL",
    "visibility" : null,
    "actor" : "system@@sync",
    "simulate" : false,
    "numberOfEntriesToProcess" : NumberInt(100),
    "numberOfProcessedEntries" : NumberInt(100),
    "numberOfIgnoredEntries" : NumberInt(15),
    "numberOfLinkedAccounts" : NumberInt(26),
    "numberOfUnlinkedAccounts" : NumberInt(12),
    "numberOfOrphanedAccounts" : NumberInt(47),
    "fatalError" : null,
    "_createdAt" : ISODate("2024-03-28T17:45:36.395+0000"),
    "_updatedAt" : ISODate("2024-03-28T17:45:36.395+0000")
}

ROLE_ASSIGNMENT

Targets the "role_assignment" collection. Used to display information about role assignments.

This collection is provisioned using a Synchronization Reporting Application Connector. In the Application that reference this connector, in order to sync automatically the Role Assignment(s) to the collection, one need to use a built-in rule in the "postActions".

XML 
<!-- Example of Application configuration -->
<postActions>
      <action class="identityRoleAssignmentsMongoSynchronization">
         <config xsi:type="dmn:IdentityRoleAssignmentsMongoSynchronizationConfigurationType">
            <collectionName>role_assignment</collectionName>
         </config>
      </action>
</postActions>

The collection name can be changed if needed, if not provided the default role_assignment value will apply. Note that if you change the collection name you must define a custom configuration and not use the ROLE_ASSIGNMENT built-in configuration.

Hard/Soft delete of identities

The post action should also be executed when there is a delete in order to remove the Role Assignment(s) of the identity. In order to execute post actions on activation event, one need to toggle the "executePostActions" flag in the options

XML 
<applicationObjectActivationDefinition>
      <executePostActions>true</executePostActions>
      <onApplicationUnassignedEvent>NO_OP</onApplicationUnassignedEvent>
      <onIdmObjectDeleteEvent>NO_OP</onIdmObjectDeleteEvent>
      <onIdmObjectDisableEvent>NO_OP</onIdmObjectDisableEvent>
</applicationObjectActivationDefinition>

Since all post actions will be executed sequentially, one must take care to verify that this is the wanted behaviour.

Document Example
JSON 
{
    "_id" : "fff79968-141b-44dd-bc2e-6811f24344e1",
    "role" : {
        "kind" : "ROLE",
        "id" : "SC5493",
        "type" : "administration",
        "roleApplication" : {
            "kind" : "RESOURCE",
            "id" : "APP_AAA00001",
            "type" : "application",
            "rsrcApplicationCode" : "memority-test",
            "rsrcUrl" : "https://my.demorul.memority.cloud/portal/mytest/",
            "entityId" : "fe362ede-0c3c-4252-a5cf-e3291d35fe9a",
            "rsrcEnvironment" : "test",
            "enabled" : true,
            "rsrcName" : "Memority",
            "activationFrom" : "2022-01-01T00:00:00Z",
            "category" : "APPLICATION",
            "status" : "NORMAL"
        },
        "roleName" : "Self Service Internal",
        "activationFrom" : "2023-12-17T23:00:00Z",
        "entityId" : "91f6235e-ac7c-48f7-8aec-ba05bf4152ce",
        "enabled" : true,
        "status" : "NORMAL"
    },
    "roleVersion" : NumberLong(3),
    "status" : "ASSIGNED",
    "manualProvisioningStatus" : "NOT_APPLICABLE",
    "certificationStatus" : "NOT_APPLICABLE",
    "source" : "POLICY",
    "parentAssignment" : null,
    "roleBinding" : null,
    "policy" : "a8d6aa30-7162-a61a-fd4a-ba544cdae110",
    "policyMode" : "STRICT",
    "policySynchronized" : true,
    "policyVersion" : NumberLong(1),
    "enabledFrom" : null,
    "enabledUntil" : null,
    "dimensions" : {

    },
    "comment" : null,
    "metadata" : {
        "requester" : null,
        "copiedFrom" : null,
        "approvers" : [

        ],
        "recertifications" : [

        ]
    },
    "createdAt" : ISODate("2024-01-26T13:51:23.458+0000"),
    "assignedAt" : ISODate("2024-01-26T13:51:23.458+0000"),
    "deletedAt" : null,
    "recertifiedAt" : null,
    "frozenUntil" : null,
    "identity" : {
        "kind" : "IDENTITY",
        "id" : "roderick.schulist",
        "type" : "internal",
        "commonName" : "Roderick SCHULIST",
        "lastName" : "SCHULIST",
        "entityId" : "897e4efa-c98f-4bfa-85c4-fa472b6fc598",
        "login" : "roderick.schulist@mail.com",
        "enabled" : true,
        "authMethodOathStatus" : "DISABLED",
        "authMethodWebauthnStatus" : "DISABLED",
        "firstName" : "Roderick",
        "authMethodOtpStatus" : "DISABLED",
        "securityOrganization" : {
            "kind" : "ORGANIZATION",
            "id" : "AA0000",
            "type" : "root",
            "organizationName" : "Marketing",
            "organizationCode" : "market",
            "activationFrom" : "2022-01-01T00:00:00Z",
            "entityId" : "05e952c2-7f88-4df0-a47c-ddf4a2602abf",
            "enabled" : true,
            "status" : "NORMAL"
        },
        "authMethodMyMfaStatus" : "DISABLED",
        "authMethodPasswordStatus" : "ACTIVE",
        "email" : "roderick.schulist@mail.com",
        "status" : "NORMAL",
        "authMethodInweboStatus" : "DISABLED"
    },
    "_resource" : {
        "kind" : "RESOURCE",
        "id" : "APP_AAA00001",
        "type" : "application",
        "rsrcApplicationCode" : "memority-test",
        "rsrcUrl" : "https://my.demorul.memority.cloud/portal/mytest/",
        "entityId" : "fe362ede-0c3c-4252-a5cf-e3291d35fe9a",
        "rsrcEnvironment" : "test",
        "enabled" : true,
        "rsrcName" : "Memority",
        "activationFrom" : "2022-01-01T00:00:00Z",
        "category" : "APPLICATION",
        "status" : "NORMAL"
    }
}

SMS_NOTIFICATION

Targets the “sms_notification“ collection. Used to store the SMS notification reports

The report contains the following information:

Info

Details

date

Date of the SMS Notification

notificationDefinitionId

The SMS Notification Definition Id

sender

The sender used for sending the SMS

recipients

SmsMessageRecipient[]

uid

name

language

email

phone

transmitted

true if the SMS has been sent

status

One of ‘SUCCESS', ‘PARTIAL’, 'ERROR’

cost

MY_MFA_ACCOUNT_ERROR

Target the “my_mfa_account_error“ collection.

This collection is provisionned when errors occured during the MyMFA cleanup job:

  • Orphan accounts are encountered (a MyMFA account exists without any identity associated to it)

  • Multiple identities share the same MyMFA account (although not forbidden this might be suspicious)

Document Example
JSON 
{
    "_id" : "demo-mytest-3f26a4d4-1b37-4eb0-9e1e-ee00dd155a61",
    "_createdAt" : ISODate("2023-05-31T01:00:00.975+0000"),
    "_updatedAt" : ISODate("2023-05-31T01:00:00.975+0000"),
    "errorType" : "ORPHAN_ACCOUNT",
    "identities" : [

    ]
}

IDENTITY_RECERTIFICATION_CAMPAIGN

Store the campaigns information launched for policies targetting IDENTITY object kind.

Document Example
JSON 
{
    "_id" : "c6060e61-8028-4ee5-81f9-3c3fb02457de",
    "_createdAt" : ISODate("2023-02-17T09:48:50.584Z"),
    "_updatedAt" : ISODate("2023-02-17T09:48:50.584Z"),
    "createdAt" : ISODate("2023-02-17T09:48:50.536Z"),
    "description" : "",
    "mode" : "CAMPAIGN",
    "name" : "object recert policy",
    "recertificationPolicy" : "test_object-recertification-policy",
    "requester" : "system@@bum"
}

ORGANIZATION_RECERTIFICATION_CAMPAIGN

Store the campaigns information launched for policies targetting ORGANIZATION object kind

Exemple of document: similar to the example for IDENTITY_RECERTIFICATION_CAMPAIGN

RESOURCE_RECERTIFICATION_CAMPAIGN

Store the campaigns information launched for policies targetting RESOURCE object kind

Exemple of document: similar to the example for IDENTITY_RECERTIFICATION_CAMPAIGN

ROLE_RECERTIFICATION_CAMPAIGN

Store the campaigns information launched for policies targetting ROLE object kind

Exemple of document: similar to the example for IDENTITY_RECERTIFICATION_CAMPAIGN

ROLE_PUBLICATION_RECERTIFICATION_CAMPAIGN

Store the campaigns information launched for policies targetting ROLE_PUBLICATION object kind

Exemple of document: similar to the example for IDENTITY_RECERTIFICATION_CAMPAIGN

IDENTITY_RECERTIFICATION_METADATA

Store the recertifcation metadata for IDENTITY object kind.

Document Example
JSON 
{
    "_id" : "6056634a-3e0f-4246-b2fa-553722df9e0d",
    "policyId" : "test_object-recertification-policy",
    "status" : "PENDING",
    "recertifiedAt" : ISODate("2023-02-27T14:53:07.421Z"),
    "recertifications" : [ 
        {
            "requester" : "system@@bum",
            "mode" : "ON_THE_FLY",
            "recertificationPolicyId" : "test_object-recertification-policy",
            "campaignExecutionId" : null,
            "outcome" : "CERTIFIED",
            "comments" : [ 
                {
                    "approver" : "john.doe",
                    "date" : ISODate("2023-02-24T13:56:55.584Z"),
                    "approved" : true,
                    "comment" : "Ok"
                }
            ],
            "startedAt" : ISODate("2023-02-23T17:17:25.933Z"),
            "finishedAt" : ISODate("2023-02-24T13:56:55.684Z")
        }, 
        {
            "requester" : "system@@bum",
            "mode" : "ON_THE_FLY",
            "recertificationPolicyId" : "test_object-recertification-policy",
            "campaignExecutionId" : null,
            "outcome" : "CERTIFIED",
            "comments" : [ 
                {
                    "approver" : "john.doe",
                    "date" : ISODate("2023-02-24T14:10:22.543Z"),
                    "approved" : true,
                    "comment" : "Ok it's good"
                }
            ],
            "startedAt" : ISODate("2023-02-24T14:10:00.096Z"),
            "finishedAt" : ISODate("2023-02-24T14:10:22.581Z")
        }
    ],
    "object" : {
        "kind" : "IDENTITY",
        "id" : "egbert.faro.14",
        "type" : "test_identityType_employee",
        "commonName" : "toto",
        "lastName" : "FARO",
        "entityId" : "88f8beb5-311b-4851-b474-35ca75c9370b",
        "login" : "efaro14",
        "title" : "MR",
        "enabled" : true,
        "authMethodOathStatus" : "DISABLED",
        "authMethodWebauthnStatus" : "DISABLED",
        "firstName" : "Egbert",
        "authMethodOtpStatus" : "DISABLED",
        "authMethodPasswordStatus" : "ACTIVATING",
        "email" : "egbert.faro@example.com",
        "status" : "NORMAL",
        "authMethodInweboStatus" : "DISABLED"
    }
}

ORGANIZATION_RECERTIFICATION_METADATA

Store the recertifcation metadata for ORGANIZATION object kind

Exemple of document: similar to the example for IDENTITY_RECERTIFICATION_METADATA

RESOURCE_RECERTIFICATION_METADATA

Store the recertifcation metadata for RESOURCE object kind

Exemple of document: similar to the example for IDENTITY_RECERTIFICATION_METADATA

ROLE_RECERTIFICATION_METADATA

Store the recertifcation metadata for ROLE object kind

Exemple of document: similar to the example for IDENTITY_RECERTIFICATION_METADATA

ROLE_PUBLICATION_RECERTIFICATION_METADATA

Store the recertifcation metadata for ROLE_PUBLICATION object kind

Exemple of document: similar to the example for IDENTITY_RECERTIFICATION_METADATA

IDENTITY

Target the “identity” collection.

Document Example
JSON 
{
    "_id" : "RB36563",
    "lastName" : "LUTO",
    "activationUntil" : ISODate("2024-09-19T22:00:00.000+0000"),
    "org" : "AA0000",
    "roles" : [
        "Manager Direct"
    ],
    "rolesId" : [
        "HG1943"
    ],
    "appsId" : [
        "APP_AAA00001"
    ],
    "login" : "john.luto-external-mynewbusiness@demo-office365.memority.fr",
    "type" : "provider",
    "siteLabel" : "Paris - La défense",
    "firstName" : "John",
    "site" : "ORG_JGK40665",
    "rights" : [
        "adm.manager-direct-features",
        "auth.inwebo",
        "auth.my-mfa",
        "sys.bum-user-tasks"
    ],
    "orgLabel" : "SubwayBox",
    "activationFrom" : ISODate("2024-09-15T22:00:00.000+0000"),
    "email" : "john.luto-external-mynewbusiness@demo-office365.memority.fr",
    "apps" : [
        "Memority"
    ],
    "status" : "false",
    "_updatedAt" : ISODate("2024-10-13T22:10:04.823+0000"),
    "jobTitle" : "CHEF DE PROJET CRM",
    "orgHierarchical" : "ORG_JOR12167",
    "siteHierarchical" : "ORG_QOC26465/ORG_JGK40665"
}

RESOURCE

Target the “resource” collection.

Document Example
JSON 
{
    "_id" : "APP_FMA55717",
    "name" : "Salesforce",
    "activationFrom" : ISODate("2024-06-20T22:00:00.000+0000"),
    "enabled" : "true",
    "status" : "true",
    "_updatedAt" : ISODate("2025-03-19T20:22:05.123+0000")
}

ORGANIZATION

Target the “organization” collection.

Document Example
JSON 
{
    "_id" : "AA0000",
    "name" : "SubwayBox",
    "activationFrom" : ISODate("2022-01-01T00:00:00.000+0000"),
    "type" : "root",
    "status" : "true",
    "_updatedAt" : ISODate("2024-12-06T17:03:37.804+0000")
}

ROLE

Target the “role” collection.

Document Example
JSON 
{
    "_id" : "GZ7689",
    "roleApplication" : "APP_FMA55717",
    "name" : "User - Salesforce",
    "activationFrom" : ISODate("2024-06-23T22:00:00.000+0000"),
    "enabled" : "true",
    "status" : "NORMAL",
    "_updatedAt" : ISODate("2025-05-06T09:26:46.499+0000")
}

ROLE_PUBLICATION

Target the “role_publication” collection.

Document Example
JSON 
{
    "_id" : "DS2787",
    "activationFrom" : ISODate("2024-05-23T16:50:20.204+0000"),
    "enabled" : "true",
    "status" : "NORMAL"
}

IDENTITY_DAILY

Target the “identity_daily” collection.

Document Example
JSON 
{
    "_id" : {
        "id" : "AA0000",
        "date" : ISODate("2025-04-26T00:00:00.000+0000")
    },
    "lastName" : "PETITPREZ",
    "roles" : [
        "Memority Support"
    ],
    "rolesId" : [
        "AA0005"
    ],
    "appsId" : [
        "APP_AAA00001"
    ],
    "type" : "memoritySupport",
    "firstName" : "Benjamin",
    "rights" : [
        "adm.administrator-features",
        "adm.mySupport-features",
        "auth.password",
        "sys.adm-access",
        "sys.adm-access",
        "sys.amcp-conf-admin",
        "sys.api-zone-access",
        "sys.api-zone-access",
        "sys.aud-read",
        "sys.aud-read",
        "sys.bum-motd-admin",
        "sys.bum-motd-admin",
        "sys.bum-user-tasks",
        "sys.ctd-super-admin",
        "sys.ctd-super-admin",
        "sys.i18n-read",
        "sys.sync-export-task-private",
        "sys.sync-export-task-private",
        "sys.sync-export-task-public",
        "sys.sync-export-task-public",
        "sys.sync-import-task-private",
        "sys.sync-import-task-private",
        "sys.usr-access",
        "sys.usr-access"
    ],
    "activationFrom" : ISODate("2024-05-23T13:55:36.524+0000"),
    "authModes" : [
        "my_password"
    ],
    "_updatedAt" : ISODate("2024-05-23T17:03:44.438+0000"),
    "email" : "benjamin.petitprez@memority.com",
    "apps" : [
        "Memority"
    ],
    "status" : "true",
    "lastAuthent" : ISODate("2025-04-25T12:24:45.000+0000"),
    "lastMdAuthent" : [
        {
            "md" : "OATH|MemorityLDAP-Admin",
            "date" : ISODate("2025-04-25T12:24:45.000+0000")
        }
    ],
    "lastAppAccess" : [
        {
            "ap" : "urn:citadel:adm:mynewbusiness|/mynewbusiness/idp-citadel-adm-int-demo",
            "date" : ISODate("2025-04-25T12:24:45.000+0000")
        },
        {
            "ap" : "urn:citadel:usr:mynewbusiness|/mynewbusiness/idp-citadel-usr-int-demo",
            "date" : ISODate("2025-04-24T07:30:08.000+0000")
        },
        {
            "ap" : "APP_AAA00003",
            "date" : ISODate("2025-04-24T07:56:17.000+0000")
        },
        {
            "ap" : "maia-api",
            "date" : ISODate("2024-06-21T14:14:34.000+0000")
        },
        {
            "ap" : "maia-api-admin",
            "date" : ISODate("2025-04-22T12:09:03.000+0000")
        },
        {
            "ap" : "https://ven06997.service-now.com|/mynewbusiness/idp-snow-int",
            "date" : ISODate("2024-07-04T13:37:15.000+0000")
        },
        {
            "ap" : "snowplugin-new",
            "date" : ISODate("2024-09-20T21:05:22.000+0000")
        },
        {
            "ap" : "https://d1r000001mezweam-dev-ed.my.salesforce.com|/mynewbusiness/idp-bc52df46-ea2e-4f62-ac9d-e2c18b9eb551",
            "date" : ISODate("2025-03-07T17:02:25.000+0000")
        }
    ]
}

RESOURCE_DAILY

Target the “resource_daily” collection.

ORGANIZATION_DAILY

Target the “organization_daily” collection.

ROLE_DAILY

Target the “role_daily” collection.

ROLE_PUBLICATION_DAILY

Target the “role_publication_daily” collection.

ROLE_HISTORY

Target the “__builtin__role_history” collection.

Document Example
JSON 
{
    "_id" : ObjectId("67c70511975c1279ba2967ce"),
    "_createdAt" : ISODate("2025-03-04T13:50:07.591Z"),
    "_dimensionsMetadata" : [ 
        {
            "dimension" : "dim1",
            "type" : "STRING",
            "choices" : {
                "i18nPrefix" : "some_i18n_prefix",
                "choices" : [ 
                    "FR", 
                    "EN", 
                    "US", 
                    "SP"
                ],
                "i18nKey" : null,
                "choicesWithParams" : {}
            }
        }, 
        {
            "dimension" : "dimManualProv",
            "type" : "STRING",
            "choices" : null
        }, 
        {
            "dimension" : "dim2",
            "type" : "IDENTITY_REF",
            "choices" : null
        }, 
        {
            "dimension" : "dim3",
            "type" : "STRING",
            "choices" : null
        }
    ],
    "_effectiveFrom" : ISODate("2025-03-04T13:50:07.591Z"),
    "_effectiveUntil" : ISODate("2025-04-11T09:33:07.855Z"),
    "_endCause" : "UPDATED",
    "_resource" : {
        "kind" : "RESOURCE",
        "id" : "test_memority",
        "type" : "test_resourceType_app",
        "entityId" : "1fee2868-de54-4e06-989e-8df5b403a8ad",
        "category" : "APPLICATION",
        "enabled" : true,
        "status" : "DRAFT"
    },
    "_updatedAt" : ISODate("2025-04-11T09:33:07.855Z"),
    "assignedAt" : ISODate("2025-03-03T08:21:07.469Z"),
    "certificationStatus" : "NOT_APPLICABLE",
    "comment" : null,
    "createdAt" : ISODate("2025-03-03T08:21:07.469Z"),
    "deletedAt" : null,
    "dimensions" : {
        "dim3" : "toto",
        "dim2" : [ 
            "aaron.donnell.1"
        ],
        "dim1" : [ 
            "toto"
        ]
    },
    "enabledFrom" : null,
    "enabledUntil" : null,
    "frozenUntil" : null,
    "id" : "0d967d93-cb99-4e35-8c4f-e03e23667436",
    "identity" : {
        "kind" : "IDENTITY",
        "id" : "john.doe",
        "type" : "test_identityType_employee",
        "commonName" : "toto",
        "lastName" : "DOE",
        "entityId" : "25dcda9c-d0b6-4178-9176-052c4e4a3234",
        "title" : "MR",
        "login" : "jdoe_2c508225-806e-4949-b2fe-89614a803a85",
        "enabled" : true,
        "authMethodOathStatus" : "DISABLED",
        "authMethodWebauthnStatus" : "ACTIVE",
        "firstName" : "John",
        "authMethodOtpStatus" : "DISABLED",
        "authMethodMyMfaStatus" : "DISABLED",
        "securityOrganization" : {
            "kind" : "ORGANIZATION",
            "id" : "test_accenture",
            "type" : "test_organization_root",
            "entityId" : "c4f17238-2e3f-4a9f-a1e8-65cc8709770b",
            "enabled" : true,
            "status" : "NORMAL"
        },
        "authMethodPasswordStatus" : "ACTIVE",
        "email" : "john.doe@example.com",
        "status" : "NORMAL",
        "authMethodInweboStatus" : "DISABLED"
    },
    "manualProvisioningStatus" : "FAILED",
    "metadata" : {
        "requester" : null,
        "copiedFrom" : null,
        "approvers" : [],
        "recertifications" : []
    },
    "parentAssignment" : null,
    "policy" : "4f415b61-423c-2272-83de-1981621bbf97",
    "policyMode" : "STRICT",
    "policySynchronized" : true,
    "policyVersion" : NumberLong(1),
    "recertifiedAt" : null,
    "role" : {
        "kind" : "ROLE",
        "id" : "test_memorityAppUser",
        "type" : "test_roleType_application",
        "entityId" : "1b5691cd-a041-4dc7-80eb-6451f220a48e",
        "test_appName" : "Memority",
        "enabled" : true,
        "test_owner" : {
            "kind" : "IDENTITY",
            "id" : "john.doe",
            "type" : "test_identityType_employee",
            "commonName" : "toto",
            "lastName" : "DOE",
            "entityId" : "25dcda9c-d0b6-4178-9176-052c4e4a3234",
            "title" : "MR",
            "login" : "jdoe_2c508225-806e-4949-b2fe-89614a803a85",
            "enabled" : true,
            "authMethodOathStatus" : "DISABLED",
            "authMethodWebauthnStatus" : "ACTIVE",
            "firstName" : "John",
            "authMethodOtpStatus" : "DISABLED",
            "authMethodMyMfaStatus" : "DISABLED",
            "securityOrganization" : "test_accenture",
            "authMethodPasswordStatus" : "ACTIVE",
            "email" : "john.doe@example.com",
            "status" : "NORMAL",
            "authMethodInweboStatus" : "DISABLED"
        },
        "test_roleName" : "Memority standard role",
        "test_app" : {
            "kind" : "RESOURCE",
            "id" : "test_memority",
            "type" : "test_resourceType_app",
            "entityId" : "1fee2868-de54-4e06-989e-8df5b403a8ad",
            "category" : "APPLICATION",
            "enabled" : true,
            "status" : "DRAFT"
        },
        "status" : "NORMAL"
    },
    "roleBinding" : null,
    "roleVersion" : NumberLong(2),
    "source" : "POLICY",
    "status" : "ASSIGNED"
}

PLATFORM_AVAILABILITY

Target the “platform_availability” collection.

Document Example
JSON 
{
 "_id" : ObjectId("681b5c31bca25151c7961b3e"),
 "date" : ISODate("2025-05-07T13:12:14.041+0000"),
 "probeId" : "INTERNAL",
 "stepResults" : [
    {
    "date" : ISODate("2025-05-07T13:12:17.503+0000"),
    "step" : "AUTHENTICATION_LOGIN_PASSWORD",
    "result" : NumberInt(1),
    "error" : "Memority Authentication Service: Invalid authentication (Bad Credential, Bad authentication scheme, ...)"
    }
 ],
 "result" : NumberInt(1),
 "outcome" : "KO",
 "koSeconds" : NumberLong(60),
 "error" : "Memority Authentication Service: Invalid authentication (Bad Credential, Bad authentication scheme, ...)",
 "_createdAt" : ISODate("2025-05-07T13:12:17.615+0000"),
 "_updatedAt" : ISODate("2025-05-07T13:12:17.615+0000")
}

FEDERATION_MAPPING

Target the “federation_mapping” collection.

Document Example
JSON 
$body

Example

XML 
<?xml version="1.0" encoding="UTF-8"?>
<kit:DataSet xmlns:ctd="http://www.memority.com/citadel/1_0" 
    xmlns:ctdcore="http://www.memority.com/citadel/core/1_0" 
    xmlns:ctdidm="http://www.memority.com/citadel/idm/1_0" 
    xmlns:ctdrep="http://www.memority.com/citadel/rep/1_0" 
    xmlns:ctdtnt="http://www.memority.com/citadel/tnt/1_0" 
    xmlns:kit="http://www.memority.com/toolkit/1_0" 
    xmlns:rule="http://www.memority.com/toolkit/rule/1_0" 
    xmlns:search="http://www.memority.com/toolkit/search-expression/1_0" 
    xmlns:settings="http://www.memority.com/toolkit/addons/settings/1_0" 
    xmlns:xs="http://www.w3.org/2001/XMLSchema" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <ctdrep:ReportingObjectConfiguration id="test_conf_1">
      <name>Test conf 1</name>
      <description>Configuration for authentication hours</description>
      <collectionWriteConfiguration>
		<writable>false</writable>
		<appendOnly>false</appendOnly>
	  </collectionWriteConfiguration>
      <built-inCollection>AUTHENTICATION_COUNT</built-inCollection>
      <built-inCollectionAdditionalCriteria>
        <criterion>
           <name>identity.enabledFrom</name>
           <valueType>DATETIME</valueType>
        </criterion>
        <criterion>
           <name>identity.enabledUntil</name>
           <valueType>DATETIME</valueType>
        </criterion>        
      </built-inCollectionAdditionalCriteria>
   </ctdrep:ReportingObjectConfiguration>
</kit:DataSet>

Built-in collections summary

Builtin collection name

Description

Long lived

Builtin searchable criteria

ACCOUNT_INFORMATION

Targets the "account" collection (paginated search). Used to display the properties and attributes of provisioned accounts.

NO

{ "name": "_id", "valueType": "OBJECT", "searchable": true }
{ "name": "_id.applicationId", "valueType": "STRING", "searchable": false }
{ "name": "_id.accountId", "valueType": "STRING", "searchable": false }
{ "name": "_id.accountClass", "valueType": "STRING", "searchable": false }
{ "name": "_createdAt", "valueType": "DATETIME", "searchable": true }
{ "name": "_updatedAt", "valueType": "DATETIME", "searchable": true }
{ "name": "account", "valueType": "ANY", "searchable": false }
{ "name": "accountId", "valueType": "STRING", "searchable": false }
{ "name": "accountName", "valueType": "STRING", "searchable": false }
{ "name": "accountPatch.attributes", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "accountPatch.attributes.id", "valueType": "STRING", "searchable": false }
{ "name": "accountPatch.attributes.multivalued", "valueType": "STRING", "searchable": false }
{ "name": "accountPatch.attributes.values", "valueType": "ANY", "searchable": false }
{ "name": "accountPatch.attributes.operation", "valueType": "STRING", "searchable": false }
{ "name": "accountStatus", "valueType": "STRING", "searchable": true }
{ "name": "statusAuthoritative", "valueType": "BOOLEAN", "searchable": false }
{ "name": "accountStatusRefreshedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "lastSyncedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "lastChangeRequestedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "ignoredAt", "valueType": "DATETIME", "searchable": false }
{ "name": "ignored", "valueType": "BOOLEAN", "searchable": true }
{ "name": "syncSituation", "valueType": "STRING", "searchable": true }
{ "name": "citadelApplicationId", "valueType": "STRING", "searchable": false }
{ "name": "createdAt", "valueType": "DATETIME", "searchable": true }
{ "name": "dominoApplicationId", "valueType": "STRING", "searchable": true }
{ "name": "error.errorId", "valueType": "STRING", "searchable": false }
{ "name": "error.appId", "valueType": "STRING", "searchable": false }
{ "name": "idmObjectId", "valueType": "STRING", "searchable": true }
{ "name": "idmObjectKind", "valueType": "STRING", "searchable": false }
{ "name": "idmObjectType", "valueType": "STRING", "searchable": false }
{ "name": "shadowId", "valueType": "STRING", "searchable": true }

AUTHENTICATION_COUNT

Targets the "authentication_hour" collection (aggregation). Used for displaying authentication data typically with a XY chart.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "co", "valueType": "STRING", "searchable": false }
{ "name": "ct", "valueType": "STRING", "searchable": false }
{ "name": "date", "valueType": "DATETIME", "searchable": true }
{ "name": "dt", "valueType": "INTEGER", "searchable": false }
{ "name": "hr", "valueType": "INTEGER", "searchable": false }
{ "name": "md", "valueType": "STRING", "searchable": true }
{ "name": "me", "valueType": "STRING", "searchable": false }
{ "name": "nb", "valueType": "INTEGER", "searchable": false }
{ "name": "org", "valueType": "STRING", "searchable": false }
{ "name": "orgc", "valueType": "STRING_ARRAY", "searchable": false }
{ "name": "st", "valueType": "STRING", "searchable": true }
{ "name": "tp", "valueType": "STRING", "searchable": true }
{ "name": "ua", "valueType": "STRING", "searchable": false }

AUTHENTICATION_DETAIL

Targets the "authentication_agg" collection (paginated search). Used for displaying the details of authentication typically with a reporting list widget.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "filename", "valueType": "STRING", "searchable": false }
{ "name": "LoginID", "valueType": "STRING", "searchable": false }
{ "name": "ContextID", "valueType": "STRING", "searchable": true }
{ "name": "IPAddr", "valueType": "STRING", "searchable": false }
{ "name": "RequestIPAddr", "valueType": "STRING", "searchable": false }
{ "name": "MessageID", "valueType": "STRING", "searchable": true }
{ "name": "ModuleName", "valueType": "STRING", "searchable": true }
{ "name": "NameID", "valueType": "STRING", "searchable": false }
{ "name": "TransactionID", "valueType": "STRING", "searchable": false }
{ "name": "RiskScore", "valueType": "INTEGER", "searchable": false }
{ "name": "user", "valueType": "STRING", "searchable": true }
{ "name": "user-agent.ua_string", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.os.family", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.os.version_string", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.browser.family", "valueType": "STRING", "searchable": true }
{ "name": "user-agent.browser.version_string", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.device.family", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.device.brand", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.device.model", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.type", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.is_touch_capable", "valueType": "BOOLEAN", "searchable": false }
{ "name": "realm", "valueType": "STRING", "searchable": false }
{ "name": "status", "valueType": "STRING", "searchable": true }
{ "name": "RawApplication", "valueType": "STRING", "searchable": true }
{ "name": "FederationMode", "valueType": "STRING", "searchable": false }
{ "name": "date", "valueType": "DATETIME", "searchable": true }
{ "name": "date_fr", "valueType": "STRING", "searchable": false }
{ "name": "date_en", "valueType": "STRING", "searchable": false }
{ "name": "date_int", "valueType": "INTEGER", "searchable": false }
{ "name": "identity._id", "valueType": "STRING", "searchable": true }
{ "name": "identity.type", "valueType": "STRING", "searchable": true }
{ "name": "http://identity.org ", "valueType": "STRING", "searchable": true }
{ "name": "location_data.continent", "valueType": "STRING", "searchable": true }
{ "name": "location_data.country", "valueType": "STRING", "searchable": true }
{ "name": "location_data.stateprov", "valueType": "STRING", "searchable": false }
{ "name": "location_data.district", "valueType": "STRING", "searchable": false }
{ "name": "location_data.city", "valueType": "STRING", "searchable": false }
{ "name": "location_data.zipcode", "valueType": "INTEGER", "searchable": false }
{ "name": "location_data.latitude", "valueType": "FLOAT", "searchable": false }
{ "name": "location_data.longitude", "valueType": "FLOAT", "searchable": false }
{ "name": "location_data.timezone_offset", "valueType": "INTEGER", "searchable": false }
{ "name": "location_data.timezone_name", "valueType": "STRING", "searchable": false }
{ "name": "location_data.isp_name", "valueType": "STRING", "searchable": false }
{ "name": "location_data.organization_name", "valueType": "STRING", "searchable": false }
{ "name": "Application._id", "valueType": "STRING", "searchable": false }

ACCESS_COUNT

Targets the "access_hour" collection (aggregation). Used for displaying access data typically with a XY chart.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "ap", "valueType": "STRING", "searchable": false }
{ "name": "date", "valueType": "DATETIME", "searchable": true }
{ "name": "co", "valueType": "STRING", "searchable": true }
{ "name": "ct", "valueType": "STRING", "searchable": false }
{ "name": "dt", "valueType": "INTEGER", "searchable": false }
{ "name": "hr", "valueType": "INTEGER", "searchable": false }
{ "name": "md", "valueType": "STRING", "searchable": true }
{ "name": "me", "valueType": "STRING", "searchable": false }
{ "name": "nb", "valueType": "INTEGER", "searchable": false }
{ "name": "org", "valueType": "STRING", "searchable": false }
{ "name": "orgc", "valueType": "STRING_ARRAY", "searchable": false }
{ "name": "st", "valueType": "STRING", "searchable": true }
{ "name": "tp", "valueType": "STRING", "searchable": true }
{ "name": "ua", "valueType": "STRING", "searchable": true }

ACCESS_DETAIL

Targets the "access_agg" collection (paginated search). Used for displaying the details of access typically with a reporting list widget.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "FederationMode", "valueType": "STRING", "searchable": false }
{ "name": "MessageID", "valueType": "STRING", "searchable": true }
{ "name": "ModuleName", "valueType": "STRING", "searchable": true }
{ "name": "device_data.id", "valueType": "STRING", "searchable": true }
{ "name": "user", "valueType": "STRING", "searchable": true }
{ "name": "user-agent.browser.family", "valueType": "STRING", "searchable": true }
{ "name": "identity.type", "valueType": "STRING", "searchable": true }
{ "name": "http://identity.org ", "valueType": "STRING", "searchable": true }
{ "name": "identity.id", "valueType": "STRING", "searchable": true }
{ "name": "identity._id", "valueType": "STRING", "searchable": false }
{ "name": "filename", "valueType": "STRING", "searchable": false }
{ "name": "LoginID", "valueType": "STRING", "searchable": false }
{ "name": "ContextID", "valueType": "STRING", "searchable": true }
{ "name": "IPAddr", "valueType": "STRING", "searchable": false }
{ "name": "RequestIPAddr", "valueType": "STRING", "searchable": false }
{ "name": "NameID", "valueType": "STRING", "searchable": false }
{ "name": "TransactionID", "valueType": "STRING", "searchable": false }
{ "name": "RiskScore", "valueType": "INTEGER", "searchable": false }
{ "name": "user-agent.ua_string", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.os.family", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.os.version_string", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.browser.version_string", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.device.family", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.device.brand", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.device.model", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.type", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.is_touch_capable", "valueType": "BOOLEAN", "searchable": false }
{ "name": "realm", "valueType": "STRING", "searchable": false }
{ "name": "status", "valueType": "STRING", "searchable": true }
{ "name": "RawApplication", "valueType": "STRING", "searchable": true }
{ "name": "date", "valueType": "DATETIME", "searchable": true }
{ "name": "date_fr", "valueType": "STRING", "searchable": false }
{ "name": "date_en", "valueType": "STRING", "searchable": false }
{ "name": "date_int", "valueType": "INTEGER", "searchable": false }
{ "name": "location_data.continent", "valueType": "STRING", "searchable": true }
{ "name": "location_data.country", "valueType": "STRING", "searchable": true }
{ "name": "location_data.stateprov", "valueType": "STRING", "searchable": false }
{ "name": "location_data.district", "valueType": "STRING", "searchable": false }
{ "name": "location_data.city", "valueType": "STRING", "searchable": true }
{ "name": "location_data.zipcode", "valueType": "INTEGER", "searchable": false }
{ "name": "location_data.latitude", "valueType": "FLOAT", "searchable": true }
{ "name": "location_data.longitude", "valueType": "FLOAT", "searchable": true }
{ "name": "location_data.timezone_offset", "valueType": "INTEGER", "searchable": false }
{ "name": "location_data.timezone_name", "valueType": "STRING", "searchable": false }
{ "name": "location_data.isp_name", "valueType": "STRING", "searchable": false }
{ "name": "location_data.organization_name", "valueType": "STRING", "searchable": false }
{ "name": "Application", "valueType": "STRING", "searchable": false }
{ "name": "Application._id", "valueType": "STRING", "searchable": false }
{ "name": "http://Application.id ", "valueType": "STRING", "searchable": true }

FEDERATION

Targets the "federation" collection (paginated search). Used for displaying the details of a federation typically with a reporting list widget.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "filename", "valueType": "STRING", "searchable": false }
{ "name": "LoginID", "valueType": "STRING", "searchable": false }
{ "name": "ContextID", "valueType": "STRING", "searchable": true }
{ "name": "IPAddr", "valueType": "STRING", "searchable": false }
{ "name": "RequestIPAddr", "valueType": "STRING", "searchable": false }
{ "name": "MessageID", "valueType": "STRING", "searchable": true }
{ "name": "ModuleName", "valueType": "STRING", "searchable": true }
{ "name": "NameID", "valueType": "STRING", "searchable": false }
{ "name": "TransactionID", "valueType": "STRING", "searchable": false }
{ "name": "RiskScore", "valueType": "INTEGER", "searchable": false }
{ "name": "user", "valueType": "STRING", "searchable": true }
{ "name": "user-agent.ua_string", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.os.family", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.os.version_string", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.browser.family", "valueType": "STRING", "searchable": true }
{ "name": "user-agent.browser.version_string", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.device.family", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.device.brand", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.device.model", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.type", "valueType": "STRING", "searchable": false }
{ "name": "user-agent.is_touch_capable", "valueType": "BOOLEAN", "searchable": false }
{ "name": "realm", "valueType": "STRING", "searchable": false }
{ "name": "status", "valueType": "STRING", "searchable": true }
{ "name": "RawApplication", "valueType": "STRING", "searchable": true }
{ "name": "FederationMode", "valueType": "STRING", "searchable": false }
{ "name": "date", "valueType": "DATETIME", "searchable": true }
{ "name": "date_fr", "valueType": "STRING", "searchable": false }
{ "name": "date_en", "valueType": "STRING", "searchable": false }
{ "name": "date_int", "valueType": "INTEGER", "searchable": false }
{ "name": "identity._id", "valueType": "STRING", "searchable": true }
{ "name": "identity.type", "valueType": "STRING", "searchable": true }
{ "name": "http://identity.org ", "valueType": "STRING", "searchable": true }
{ "name": "location_data.continent", "valueType": "STRING", "searchable": true }
{ "name": "location_data.country", "valueType": "STRING", "searchable": true }
{ "name": "location_data.stateprov", "valueType": "STRING", "searchable": false }
{ "name": "location_data.district", "valueType": "STRING", "searchable": false }
{ "name": "location_data.city", "valueType": "STRING", "searchable": false }
{ "name": "location_data.zipcode", "valueType": "INTEGER", "searchable": false }
{ "name": "location_data.latitude", "valueType": "FLOAT", "searchable": false }
{ "name": "location_data.longitude", "valueType": "FLOAT", "searchable": false }
{ "name": "location_data.timezone_offset", "valueType": "INTEGER", "searchable": false }
{ "name": "location_data.timezone_name", "valueType": "STRING", "searchable": false }
{ "name": "location_data.isp_name", "valueType": "STRING", "searchable": false }
{ "name": "location_data.organization_name", "valueType": "STRING", "searchable": false }
{ "name": "Application._id", "valueType": "STRING", "searchable": false }
{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "_createdAt", "valueType": "DATETIME", "searchable": true }
{ "name": "_updatedAt", "valueType": "DATETIME", "searchable": true }
{ "name": "http://application.id ", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion", "valueType": "OBJECT", "searchable": false }
{ "name": "status", "valueType": "STRING", "searchable": true }
{ "name": "nextVersion.description", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.authenticationLevel", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion._usedAmAttributes", "valueType": "STRING_ARRAY", "searchable": false }
{ "name": "nextVersion.deployedAt", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.mappingKey", "valueType": "OBJECT", "searchable": false }
{ "name": "nextVersion.mappingKey.@type", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.mappingKey.attributeId", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.mappingKey.value", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.mappingKey.function", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.mappingKey.arguments", "valueType": "OBJECT_ARRAY", "searchable": false }
{ "name": "nextVersion.mappingKey.arguments.@type", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.mappingKey.arguments.attributeId", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.mappingKey.arguments.value", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.attributes", "valueType": "OBJECT_ARRAY", "searchable": false }
{ "name": "nextVersion.attributes.attribute", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.attributes.value", "valueType": "OBJECT", "searchable": false }
{ "name": "nextVersion.attributes.value.@type", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.attributes.value.attributeId", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.attributes.value.value", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.attributes.value.function", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.attributes.value.arguments", "valueType": "OBJECT_ARRAY", "searchable": false }
{ "name": "nextVersion.attributes.value.arguments.@type", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.attributes.value.arguments.attributeId", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.attributes.value.arguments.value", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.configuration", "valueType": "OBJECT", "searchable": false }
{ "name": "nextVersion.configuration.@type", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.configuration.entityId", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.configuration.nameIdFormat", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.configuration.assertionConsumerUrls", "valueType": "STRING_ARRAY", "searchable": false }
{ "name": "nextVersion.configuration.authnRequestSigningRequired", "valueType": "BOOLEAN", "searchable": false }
{ "name": "nextVersion.configuration.signWholePOSTResponse", "valueType": "BOOLEAN", "searchable": false }
{ "name": "nextVersion.configuration.logoutUrl", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.configuration.assertionSignatureCertificateId", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.configuration.displayName", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.configuration.clientType", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.configuration.clientId", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.configuration.clientSecret", "valueType": "STRING", "searchable": false }
{ "name": "nextVersion.configuration.redirectUris", "valueType": "STRING_ARRAY", "searchable": false }
{ "name": "nextVersion.configuration.defaultScopes", "valueType": "STRING_ARRAY", "searchable": false }
{ "name": "nextVersion.configuration.includeClaimsInToken", "valueType": "BOOLEAN", "searchable": false }
{ "name": "nextVersion.configuration.includeOpenidScope", "valueType": "BOOLEAN", "searchable": false }
{ "name": "nextVersion.configuration.description", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion", "valueType": "OBJECT", "searchable": false }
{ "name": "currentVersion.description", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.authenticationLevel", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion._usedAmAttributes", "valueType": "STRING_ARRAY", "searchable": false }
{ "name": "currentVersion.deployedAt", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.mappingKey", "valueType": "OBJECT", "searchable": false }
{ "name": "currentVersion.mappingKey.@type", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.mappingKey.attributeId", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.mappingKey.value", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.mappingKey.function", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.mappingKey.arguments", "valueType": "OBJECT_ARRAY", "searchable": false }
{ "name": "currentVersion.mappingKey.arguments.@type", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.mappingKey.arguments.attributeId", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.mappingKey.arguments.value", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.attributes", "valueType": "OBJECT_ARRAY", "searchable": false }
{ "name": "currentVersion.attributes.attribute", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.attributes.value", "valueType": "OBJECT", "searchable": false }
{ "name": "currentVersion.attributes.value.@type", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.attributes.value.attributeId", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.attributes.value.value", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.attributes.value.function", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.attributes.value.arguments", "valueType": "OBJECT_ARRAY", "searchable": false }
{ "name": "currentVersion.attributes.value.arguments.@type", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.attributes.value.arguments.attributeId", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.attributes.value.arguments.value", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.configuration", "valueType": "OBJECT", "searchable": false }
{ "name": "currentVersion.configuration.@type", "valueType": "STRING", "searchable": true }
{ "name": "currentVersion.configuration.entityId", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.configuration.nameIdFormat", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.configuration.assertionConsumerUrls", "valueType": "STRING_ARRAY", "searchable": false }
{ "name": "currentVersion.configuration.authnRequestSigningRequired", "valueType": "BOOLEAN", "searchable": false }
{ "name": "currentVersion.configuration.signWholePOSTResponse", "valueType": "BOOLEAN", "searchable": false }
{ "name": "currentVersion.configuration.logoutUrl", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.configuration.assertionSignatureCertificateId", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.configuration.displayName", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.configuration.clientType", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.configuration.clientId", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.configuration.clientSecret", "valueType": "STRING", "searchable": false }
{ "name": "currentVersion.configuration.redirectUris", "valueType": "STRING_ARRAY", "searchable": false }
{ "name": "currentVersion.configuration.defaultScopes", "valueType": "STRING_ARRAY", "searchable": false }
{ "name": "currentVersion.configuration.includeClaimsInToken", "valueType": "BOOLEAN", "searchable": false }
{ "name": "currentVersion.configuration.includeOpenidScope", "valueType": "BOOLEAN", "searchable": false }
{ "name": "currentVersion.configuration.description", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions", "valueType": "OBJECT_ARRAY", "searchable": false }
{ "name": "previousVersions.description", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.authenticationLevel", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions._usedAmAttributes", "valueType": "STRING_ARRAY", "searchable": false }
{ "name": "previousVersions.deployedAt", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.mappingKey", "valueType": "OBJECT", "searchable": false }
{ "name": "previousVersions.mappingKey.@type", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.mappingKey.attributeId", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.mappingKey.value", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.mappingKey.function", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.mappingKey.arguments", "valueType": "OBJECT_ARRAY", "searchable": false }
{ "name": "previousVersions.mappingKey.arguments.@type", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.mappingKey.arguments.attributeId", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.mappingKey.arguments.value", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.attributes", "valueType": "OBJECT_ARRAY", "searchable": false }
{ "name": "previousVersions.attributes.attribute", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.attributes.value", "valueType": "OBJECT", "searchable": false }
{ "name": "previousVersions.attributes.value.@type", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.attributes.value.attributeId", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.attributes.value.value", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.attributes.value.function", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.attributes.value.arguments", "valueType": "OBJECT_ARRAY", "searchable": false }
{ "name": "previousVersions.attributes.value.arguments.@type", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.attributes.value.arguments.attributeId", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.attributes.value.arguments.value", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.configuration", "valueType": "OBJECT", "searchable": false }
{ "name": "previousVersions.configuration.@type", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.configuration.entityId", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.configuration.nameIdFormat", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.configuration.assertionConsumerUrls", "valueType": "STRING_ARRAY", "searchable": false }
{ "name": "previousVersions.configuration.authnRequestSigningRequired", "valueType": "BOOLEAN", "searchable": false }
{ "name": "previousVersions.configuration.signWholePOSTResponse", "valueType": "BOOLEAN", "searchable": false }
{ "name": "previousVersions.configuration.logoutUrl", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.configuration.assertionSignatureCertificateId", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.configuration.displayName", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.configuration.clientType", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.configuration.clientId", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.configuration.clientSecret", "valueType": "STRING", "searchable": false }
{ "name": "previousVersions.configuration.redirectUris", "valueType": "STRING_ARRAY", "searchable": false }
{ "name": "previousVersions.configuration.defaultScopes", "valueType": "STRING_ARRAY", "searchable": false }
{ "name": "previousVersions.configuration.includeClaimsInToken", "valueType": "BOOLEAN", "searchable": false }
{ "name": "previousVersions.configuration.includeOpenidScope", "valueType": "BOOLEAN", "searchable": false }
{ "name": "previousVersions.configuration.description", "valueType": "STRING", "searchable": false }

SYNC_TASK_OPERATION

Targets the "domino_sync_task_operation" collection (paginated search). Used to display the sync operations with the sync operation widget.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "type", "valueType": "STRING", "searchable": false }
{ "name": "tenant", "valueType": "STRING", "searchable": false }
{ "name": "taskDefinition", "valueType": "STRING", "searchable": true }
{ "name": "taskInstance", "valueType": "STRING", "searchable": true }
{ "name": "startDate", "valueType": "DATETIME", "searchable": true }
{ "name": "objectKind", "valueType": "STRING", "searchable": false }
{ "name": "objectId", "valueType": "STRING", "searchable": true }
{ "name": "objectType", "valueType": "STRING", "searchable": false }
{ "name": "operation", "valueType": "STRING", "searchable": true }
{ "name": "outcome", "valueType": "STRING", "searchable": true }
{ "name": "attributeChanges", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "attributeChanges.attrId", "valueType": "STRING", "searchable": true }
{ "name": "shadowId", "valueType": "STRING", "searchable": false }
{ "name": "shadowObjectId", "valueType": "STRING", "searchable": false }
{ "name": "applicationId", "valueType": "STRING", "searchable": true }
{ "name": "error.errorId", "valueType": "STRING", "searchable": false }
{ "name": "error.appId", "valueType": "STRING", "searchable": false }

SYNC_TASK_REPORT

Targets the "domino_sync_task_report" collection (paginated search). Used to display the sync report, typically with a list widget.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "type", "valueType": "STRING", "searchable": false }
{ "name": "tenant", "valueType": "STRING", "searchable": false }
{ "name": "taskDefinition", "valueType": "STRING", "searchable": true }
{ "name": "taskInstance", "valueType": "STRING", "searchable": true }
{ "name": "objectKind", "valueType": "STRING", "searchable": false }
{ "name": "startDate", "valueType": "DATETIME", "searchable": true }
{ "name": "durationMs", "valueType": "INTEGER", "searchable": false }
{ "name": "status", "valueType": "STRING", "searchable": true }
{ "name": "triggerType", "valueType": "STRING", "searchable": false }
{ "name": "visibility", "valueType": "STRING", "searchable": false }
{ "name": "actor", "valueType": "STRING", "searchable": false }
{ "name": "simulate", "valueType": "BOOLEAN", "searchable": false }
{ "name": "importedFileName", "valueType": "STRING", "searchable": false }
{ "name": "numberOfEntriesToProcess", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfProcessedEntries", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfIgnoredEntries", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfCreatedIdmObjects", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfUpdatedIdmObjects", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfDeletedIdmObjects", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfSoftDeletedIdmObjects", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfDeactivatedIdmObjects", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfErrors", "valueType": "INTEGER", "searchable": false }
{ "name": "fatalError.errorId", "valueType": "STRING", "searchable": false }
{ "name": "fatalError.appId", "valueType": "STRING", "searchable": false }
{ "name": "errors", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "errors.errorId", "valueType": "STRING", "searchable": false }
{ "name": "errors.appId", "valueType": "STRING", "searchable": false }

PROV_TASK_OPERATION

Targets the "domino_prov_task_operation" collection. Used to display provisioning operations.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "type", "valueType": "STRING", "searchable": false }
{ "name": "tenant", "valueType": "STRING", "searchable": false }
{ "name": "taskDefinition", "valueType": "STRING", "searchable": false }
{ "name": "taskInstance", "valueType": "STRING", "searchable": true }
{ "name": "eventDate", "valueType": "DATETIME", "searchable": true }
{ "name": "objectKind", "valueType": "STRING", "searchable": false }
{ "name": "objectId", "valueType": "STRING", "searchable": false }
{ "name": "objectType", "valueType": "STRING", "searchable": false }
{ "name": "changeType", "valueType": "STRING", "searchable": false }
{ "name": "outcome", "valueType": "STRING", "searchable": false }
{ "name": "attributeChanges", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "attributeChanges.attrId", "valueType": "STRING", "searchable": false }
{ "name": "shadowId", "valueType": "STRING", "searchable": false }
{ "name": "accountId", "valueType": "STRING", "searchable": false }
{ "name": "applicationId", "valueType": "STRING", "searchable": true }
{ "name": "error.errorId", "valueType": "STRING", "searchable": false }
{ "name": "error.appId", "valueType": "STRING", "searchable": false }

PROV_TASK_REPORT

Targets the "domino_prov_task_report"" collection. Used to display the provisioning reports.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "type", "valueType": "STRING", "searchable": false }
{ "name": "tenant", "valueType": "STRING", "searchable": false }
{ "name": "taskDefinition", "valueType": "STRING", "searchable": true }
{ "name": "taskInstance", "valueType": "STRING", "searchable": true }
{ "name": "objectKind", "valueType": "STRING", "searchable": false }
{ "name": "startDate", "valueType": "DATETIME", "searchable": true }
{ "name": "durationMs", "valueType": "INTEGER", "searchable": false }
{ "name": "status", "valueType": "STRING", "searchable": true }
{ "name": "triggerType", "valueType": "STRING", "searchable": false }
{ "name": "visibility", "valueType": "STRING", "searchable": false }
{ "name": "actor", "valueType": "STRING", "searchable": false }
{ "name": "numberOfEntriesToProcess", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfProcessedEntries", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfIgnoredEntries", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfCreatedAccounts", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfUpdatedAccounts", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfDeletedAccounts", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfErrors", "valueType": "INTEGER", "searchable": false }
{ "name": "fatalError.errorId", "valueType": "STRING", "searchable": false }
{ "name": "fatalError.appId", "valueType": "STRING", "searchable": false }
{ "name": "errors", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "errors.errorId", "valueType": "STRING", "searchable": false }
{ "name": "errors.appId", "valueType": "STRING", "searchable": false }

ACCOUNT_DISCOVERY_TASK_OPERATION

Targets the "domino_account_discovery_task_operation" collection. Used to display account discovery operations.

To activate the publication of event in this collection, fill to True the SYNC settings accountDiscovery.task.execution.event.publish and fill reportingObjectDefinition Id into accountDiscovery.task.taskReport.reporting.id

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "taskDefinition", "valueType": "STRING", "searchable": false }
{ "name": "taskInstance", "valueType": "STRING", "searchable": true }
{ "name": "_createdAt", "valueType": "DATETIME", "searchable": true }
{ "name": "_updatedAt", "valueType": "DATETIME", "searchable": true }
{ "name": "account", "valueType": "ANY", "searchable": false }
{ "name": "accountId", "valueType": "STRING", "searchable": false }
{ "name": "accountName", "valueType": "STRING", "searchable": false }
{ "name": "accountPatch.attributes", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "accountPatch.attributes.id", "valueType": "STRING", "searchable": false }
{ "name": "accountPatch.attributes.multivalued", "valueType": "STRING", "searchable": false }
{ "name": "accountPatch.attributes.values", "valueType": "ANY", "searchable": false }
{ "name": "accountPatch.attributes.operation", "valueType": "STRING", "searchable": false }
{ "name": "accountStatus", "valueType": "STRING", "searchable": true }
{ "name": "statusAuthoritative", "valueType": "BOOLEAN", "searchable": false }
{ "name": "accountStatusRefreshedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "lastSyncedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "lastChangeRequestedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "ignoredAt", "valueType": "DATETIME", "searchable": false }
{ "name": "ignored", "valueType": "BOOLEAN", "searchable": false }
{ "name": "syncSituation", "valueType": "STRING", "searchable": true }
{ "name": "citadelApplicationId", "valueType": "STRING", "searchable": false }
{ "name": "createdAt", "valueType": "DATETIME", "searchable": true }
{ "name": "dominoApplicationId", "valueType": "STRING", "searchable": true }
{ "name": "error.errorId", "valueType": "STRING", "searchable": false }
{ "name": "error.appId", "valueType": "STRING", "searchable": false }
{ "name": "idmObjectId", "valueType": "STRING", "searchable": false }
{ "name": "idmObjectKind", "valueType": "STRING", "searchable": false }
{ "name": "idmObjectType", "valueType": "STRING", "searchable": false }
{ "name": "shadowId", "valueType": "STRING", "searchable": false }

ACCOUNT_DISCOVERY_TASK_REPORT

Targets the "domino_account_discovery_task_report" collection. Used to display the reports of account discovery task executions.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "type", "valueType": "STRING", "searchable": false }
{ "name": "tenant", "valueType": "STRING", "searchable": false }
{ "name": "taskDefinition", "valueType": "STRING", "searchable": true }
{ "name": "taskInstance", "valueType": "STRING", "searchable": true }
{ "name": "objectKind", "valueType": "STRING", "searchable": false }
{ "name": "startDate", "valueType": "DATETIME", "searchable": true }
{ "name": "durationMs", "valueType": "INTEGER", "searchable": false }
{ "name": "status", "valueType": "STRING", "searchable": true }
{ "name": "triggerType", "valueType": "STRING", "searchable": false }
{ "name": "visibility", "valueType": "STRING", "searchable": false }
{ "name": "actor", "valueType": "STRING", "searchable": false }
{ "name": "numberOfEntriesToProcess", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfProcessedEntries", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfIgnoredEntries", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfLinkedAccounts", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfUnlinkedAccounts", "valueType": "INTEGER", "searchable": false }
{ "name": "numberOfOrphanedAccounts", "valueType": "INTEGER", "searchable": false }
{ "name": "fatalError.errorId", "valueType": "STRING", "searchable": false }
{ "name": "fatalError.appId", "valueType": "STRING", "searchable": false }

ROLE_ASSIGNMENT

Targets the "role_assignment" collection. Used to display information about role assignments.

YES

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "role.id", "valueType": "STRING", "searchable": true }
{ "name": "role.type", "valueType": "STRING", "searchable": false }
{ "name": "role.roleApplication.id", "valueType": "STRING", "searchable": true }
{ "name": "status", "valueType": "STRING", "searchable": true }
{ "name": "manualProvisioningStatus", "valueType": "STRING", "searchable": true }
{ "name": "certificationStatus", "valueType": "STRING", "searchable": true }
{ "name": "source", "valueType": "STRING", "searchable": true }
{ "name": "parentAssignment", "valueType": "STRING", "searchable": false }
{ "name": "roleBinding", "valueType": "STRING", "searchable": false }
{ "name": "policy", "valueType": "STRING", "searchable": false }
{ "name": "policyMode", "valueType": "STRING", "searchable": false }
{ "name": "policySynchronized", "valueType": "STRING", "searchable": false }
{ "name": "policyVersion", "valueType": "STRING", "searchable": false }
{ "name": "enabledFrom", "valueType": "DATETIME", "searchable": false }
{ "name": "enabledUntil", "valueType": "DATETIME", "searchable": false }
{ "name": "dimensions", "valueType": "ANY", "searchable": false }
{ "name": "comment", "valueType": "STRING", "searchable": false }
{ "name": "metadata", "valueType": "OBJECT", "searchable": false }
{ "name": "createdAt", "valueType": "DATETIME", "searchable": true }
{ "name": "assignedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "deletedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifiedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "frozenUntil", "valueType": "DATETIME", "searchable": false }
{ "name": "identity.id", "valueType": "STRING", "searchable": true }
{ "name": "_resource.id", "valueType": "STRING", "searchable": false }

SMS_NOTIFICATION

Targets the “sms_notification“ collection. Used to store the SMS notification reports.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "_createdAt", "valueType": "DATETIME", "searchable": true }
{ "name": "_updatedAt", "valueType": "DATETIME", "searchable": true }
{ "name": "date", "valueType": "DATETIME", "searchable": true }
{ "name": "notificationDefinitionId", "valueType": "STRING", "searchable": false }
{ "name": "status", "valueType": "STRING", "searchable": true }
{ "name": "recipients.uid", "valueType": "STRING", "searchable": true }
{ "name": "provider", "valueType": "STRING", "searchable": false }
{ "name": "sender", "valueType": "STRING", "searchable": false }
{ "name": "uid", "valueType": "STRING", "searchable": false }
{ "name": "name", "valueType": "STRING", "searchable": false }
{ "name": "locale", "valueType": "STRING", "searchable": false }
{ "name": "phone", "valueType": "STRING", "searchable": false }
{ "name": "country", "valueType": "STRING", "searchable": false }
{ "name": "messages", "valueType": "INTEGER", "searchable": false }

MY_MFA_ACCOUNT_ERROR

Target the “my_mfa_account_error“ collection.

This collection is provisionned when errors occured during the MyMFA cleanup job:

  • Orphan accounts are encountered (a MyMFA account exists without any identity associated to it)

  • Multiple identities share the same MyMFA account (although not forbidden this might be suspicious)

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "_createdAt", "valueType": "DATETIME", "searchable": true }
{ "name": "_updatedAt", "valueType": "DATETIME", "searchable": true }
{ "name": "errorType", "valueType": "STRING", "searchable": false }
{ "name": "identities", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "http://identities.id ", "valueType": "STRING", "searchable": false }

IDENTITY_RECERTIFICATION_CAMPAIGN

Store the campaigns information launched for policies targetting IDENTITY object kind.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "mode", "valueType": "STRING", "searchable": false }
{ "name": "recertificationPolicy", "valueType": "STRING", "searchable": false }
{ "name": "requester", "valueType": "STRING", "searchable": false }
{ "name": "name", "valueType": "STRING", "searchable": false }
{ "name": "description", "valueType": "STRING", "searchable": false }
{ "name": "createdAt", "valueType": "DATETIME", "searchable": true }

ORGANIZATION_RECERTIFICATION_CAMPAIGN

Store the campaigns information launched for policies targetting ORGANIZATION object kind.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "mode", "valueType": "STRING", "searchable": false }
{ "name": "recertificationPolicy", "valueType": "STRING", "searchable": false }
{ "name": "requester", "valueType": "STRING", "searchable": false }
{ "name": "name", "valueType": "STRING", "searchable": false }
{ "name": "description", "valueType": "STRING", "searchable": false }
{ "name": "createdAt", "valueType": "DATETIME", "searchable": true }

RESOURCE_RECERTIFICATION_CAMPAIGN

Store the campaigns information launched for policies targetting RESOURCE object kind.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "mode", "valueType": "STRING", "searchable": false }
{ "name": "recertificationPolicy", "valueType": "STRING", "searchable": false }
{ "name": "requester", "valueType": "STRING", "searchable": false }
{ "name": "name", "valueType": "STRING", "searchable": false }
{ "name": "description", "valueType": "STRING", "searchable": false }
{ "name": "createdAt", "valueType": "DATETIME", "searchable": true }

ROLE_RECERTIFICATION_CAMPAIGN

Store the campaigns information launched for policies targetting ROLE object kind.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "mode", "valueType": "STRING", "searchable": false }
{ "name": "recertificationPolicy", "valueType": "STRING", "searchable": false }
{ "name": "requester", "valueType": "STRING", "searchable": false }
{ "name": "name", "valueType": "STRING", "searchable": false }
{ "name": "description", "valueType": "STRING", "searchable": false }
{ "name": "createdAt", "valueType": "DATETIME", "searchable": true }

ROLE_PUBLICATION_RECERTIFICATION_CAMPAIGN

Store the campaigns information launched for policies targetting ROLE_PUBLICATION object kind.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "mode", "valueType": "STRING", "searchable": false }
{ "name": "recertificationPolicy", "valueType": "STRING", "searchable": false }
{ "name": "requester", "valueType": "STRING", "searchable": false }
{ "name": "name", "valueType": "STRING", "searchable": false }
{ "name": "description", "valueType": "STRING", "searchable": false }
{ "name": "createdAt", "valueType": "DATETIME", "searchable": true }

IDENTITY_RECERTIFICATION_METADATA

Store the recertifcation metadata for IDENTITY object kind.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "policyId", "valueType": "STRING", "searchable": false }
{ "name": "recertifiedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "status", "valueType": "STRING", "searchable": true }
{ "name": "object.id", "valueType": "STRING", "searchable": true }
{ "name": "recertifications", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "recertifications.requester", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.mode", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.campaignExecutionId", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.outcome", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.startedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifications.finishedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifications.comments", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "recertifications.comments.approver", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.comments.date", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifications.comments.approved", "valueType": "BOOLEAN", "searchable": false }
{ "name": "recertifications.comments.comment", "valueType": "STRING", "searchable": false }

ORGANIZATION_RECERTIFICATION_METADATA

Store the recertifcation metadata for ORGANIZATION object kind.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "policyId", "valueType": "STRING", "searchable": false }
{ "name": "recertifiedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "status", "valueType": "STRING", "searchable": true }
{ "name": "object.id", "valueType": "STRING", "searchable": true }
{ "name": "recertifications", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "recertifications.requester", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.mode", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.campaignExecutionId", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.outcome", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.startedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifications.finishedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifications.comments", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "recertifications.comments.approver", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.comments.date", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifications.comments.approved", "valueType": "BOOLEAN", "searchable": false }
{ "name": "recertifications.comments.comment", "valueType": "STRING", "searchable": false }

RESOURCE_RECERTIFICATION_METADATA

Store the recertifcation metadata for RESOURCE object kind.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "policyId", "valueType": "STRING", "searchable": false }
{ "name": "recertifiedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "status", "valueType": "STRING", "searchable": true }
{ "name": "object.id", "valueType": "STRING", "searchable": true }
{ "name": "recertifications", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "recertifications.requester", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.mode", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.campaignExecutionId", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.outcome", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.startedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifications.finishedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifications.comments", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "recertifications.comments.approver", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.comments.date", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifications.comments.approved", "valueType": "BOOLEAN", "searchable": false }
{ "name": "recertifications.comments.comment", "valueType": "STRING", "searchable": false }

ROLE_RECERTIFICATION_METADATA

Store the recertifcation metadata for ROLE object kind

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "policyId", "valueType": "STRING", "searchable": false }
{ "name": "recertifiedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "status", "valueType": "STRING", "searchable": true }
{ "name": "object.id", "valueType": "STRING", "searchable": true }
{ "name": "recertifications", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "recertifications.requester", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.mode", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.campaignExecutionId", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.outcome", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.startedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifications.finishedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifications.comments", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "recertifications.comments.approver", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.comments.date", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifications.comments.approved", "valueType": "BOOLEAN", "searchable": false }
{ "name": "recertifications.comments.comment", "valueType": "STRING", "searchable": false }

ROLE_PUBLICATION_RECERTIFICATION_METADATA

Store the recertifcation metadata for ROLE_PUBLICATION object kind

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "policyId", "valueType": "STRING", "searchable": false }
{ "name": "recertifiedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "status", "valueType": "STRING", "searchable": true }
{ "name": "object.id", "valueType": "STRING", "searchable": true }
{ "name": "recertifications", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "recertifications.requester", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.mode", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.campaignExecutionId", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.outcome", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.startedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifications.finishedAt", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifications.comments", "valueType": "ANY_ARRAY", "searchable": false }
{ "name": "recertifications.comments.approver", "valueType": "STRING", "searchable": false }
{ "name": "recertifications.comments.date", "valueType": "DATETIME", "searchable": false }
{ "name": "recertifications.comments.approved", "valueType": "BOOLEAN", "searchable": false }
{ "name": "recertifications.comments.comment", "valueType": "STRING", "searchable": false }

IDENTITY

Target the “identity” collection.

YES

RESOURCE

Target the “resource” collection.

YES

ORGANIZATION

Target the “organization” collection.

YES

ROLE

Target the “role” collection.

YES

ROLE_PUBLICATION

Target the “role_publication” collection.

YES

IDENTITY_DAILY

Target the “identity_daily” collection.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "_id.originalId", "valueType": "STRING", "searchable": true }
{ "name": "_id.date", "valueType": "DATETIME", "searchable": true }

RESOURCE_DAILY

Target the “resource_daily” collection.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "_id.originalId", "valueType": "STRING", "searchable": true }
{ "name": "_id.date", "valueType": "DATETIME", "searchable": true }

ORGANIZATION_DAILY

Target the “organization_daily” collection.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "_id.originalId", "valueType": "STRING", "searchable": true }
{ "name": "_id.date", "valueType": "DATETIME", "searchable": true }

ROLE_DAILY

Target the “role_daily” collection.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "_id.originalId", "valueType": "STRING", "searchable": true }
{ "name": "_id.date", "valueType": "DATETIME", "searchable": true }

ROLE_PUBLICATION_DAILY

Target the “role_publication_daily” collection.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "_id.originalId", "valueType": "STRING", "searchable": true }
{ "name": "_id.date", "valueType": "DATETIME", "searchable": true }

ROLE_HISTORY

Target the “__builtin__role_history” collection.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "id", "valueType": "STRING", "searchable": true }
{ "name": "role.id", "valueType": "STRING", "searchable": true }
{ "name": "role.type", "valueType": "STRING", "searchable": false }
{ "name": "status", "valueType": "STRING", "searchable": true }
{ "name": "manualProvisioningStatus", "valueType": "STRING", "searchable": true }
{ "name": "certificationStatus", "valueType": "STRING", "searchable": true }
{ "name": "source", "valueType": "STRING", "searchable": true }
{ "name": "parentAssignment", "valueType": "STRING", "searchable": true }
{ "name": "roleBinding", "valueType": "STRING", "searchable": false }
{ "name": "policy", "valueType": "STRING", "searchable": true }
{ "name": "policyMode", "valueType": "STRING", "searchable": true }
{ "name": "policySynchronized", "valueType": "BOOLEAN", "searchable": true }
{ "name": "policyVersion", "valueType": "INTEGER", "searchable": true }
{ "name": "enabledFrom", "valueType": "DATETIME", "searchable": true }
{ "name": "enabledUntil", "valueType": "DATETIME", "searchable": true }
{ "name": "comment", "valueType": "STRING", "searchable": true }
{ "name": "createdAt", "valueType": "DATETIME", "searchable": true }
{ "name": "assignedAt", "valueType": "DATETIME", "searchable": true }
{ "name": "deletedAt", "valueType": "DATETIME", "searchable": true }
{ "name": "recertifiedAt", "valueType": "DATETIME", "searchable": true }
{ "name": "frozenUntil", "valueType": "DATETIME", "searchable": true }
{ "name": "identity.id", "valueType": "STRING", "searchable": true }
{ "name": "_resource.id", "valueType": "STRING", "searchable": true }
{ "name": "_resource.type", "valueType": "STRING", "searchable": false }
{ "name": "_resource.category", "valueType": "STRING", "searchable": false }
{ "name": "_resource.status", "valueType": "STRING", "searchable": false }
{ "name": "_effectiveFrom", "valueType": "DATETIME", "searchable": true }
{ "name": "_effectiveUntil", "valueType": "DATETIME", "searchable": true }
{ "name": "_endCause", "valueType": "STRING", "searchable": true }
{ "name": "_createdAt", "valueType": "DATETIME", "searchable": true }
{ "name": "_updatedAt", "valueType": "DATETIME", "searchable": true }

PLATFORM_AVAILABILITY

Target the “platform_availability” collection.

NO

{ "name": "_id", "valueType": "STRING", "searchable": true }
{ "name": "_createdAt", "valueType": "DATETIME", "searchable": true }
{ "name": "_updatedAt", "valueType": "DATETIME", "searchable": true }
{ "name": "date", "valueType": "DATETIME", "searchable": true }
{ "name": "probeId", "valueType": "STRING", "searchable": false }
{ "name": "result", "valueType": "INTEGER", "searchable": false }
{ "name": "outcome", "valueType": "STRING", "searchable": false }
{ "name": "error", "valueType": "STRING", "searchable": false }
{ "name": "stepResults", "valueType": "OBJECT_ARRAY", "searchable": false }
{ "name": "stepResults.date", "valueType": "DATETIME", "searchable": false }
{ "name": "stepResults.step", "valueType": "STRING", "searchable": false }
{ "name": "stepResults.result", "valueType": "INTEGER", "searchable": false }
{ "name": "stepResults.error", "valueType": "STRING", "searchable": false }

FEDERATION_MAPPING

Target the “federation_mapping” collection.

YES

{ "name": "_id", "valueType": "OBJECT", "searchable": true }
{ "name": "_id.applicationId", "valueType": "STRING", "searchable": false }
{ "name": "_id.federationAmId", "valueType": "STRING", "searchable": false }
{ "name": "_updatedAt", "valueType": "DATETIME", "searchable": true }
{ "name": "active", "valueType": "BOOLEAN", "searchable": true }

Synchronizing recertifications with the Reporting connector

When syncing Applications using the Reporting connector it is also possible to synchronize the recertification metadata using the builtin rule objectRecertificationMetadataMongoSynchronization in a post action.

Rule configuration

The rule will use a preset configuration for the collection name as follow:

Object kind

Target collection name

IDENTITY

identity_recertification_metadata

ORGANIZATION

organization_recertification_metadata

RESOURCE

resource_recertification_metadata

ROLE

role_recertification_metadata

ROLE_PUBLICATION

role_publication_recertification_metadata

If one needs to change the collection name, it can be overriden in the rule configuration:

XML 
<postActions>
  <action class="objectRecertificationMetadataMongoSynchronization">
    <config xsi:type="dmn:ObjectRecertificationMetadataMongoSynchronizationConfigurationType>
      <collectionName>my_custom_collection_name</collectionName>
    </config>
  </action>
</postActions>

Example

Click here to expand...
XML 
<?xml version="1.0" encoding="UTF-8"?>
<kit:DataSet xmlns:ctd="http://www.memority.com/citadel/1_0" xmlns:ctdcore="http://www.memority.com/citadel/core/1_0" xmlns:ctdidm="http://www.memority.com/citadel/idm/1_0" xmlns:ctdrep="http://www.memority.com/citadel/rep/1_0" xmlns:ctdrule="http://www.memority.com/citadel/rule/1_0" xmlns:ctdtnt="http://www.memority.com/citadel/tnt/1_0" xmlns:dmn="http://www.memority.com/domino_sync/1_0" xmlns:kit="http://www.memority.com/toolkit/1_0" xmlns:notify="http://www.memority.com/toolkit/addons/notify/1_0" xmlns:rule="http://www.memority.com/toolkit/rule/1_0" xmlns:ruleaddon="http://www.memority.com/toolkit/addons/rule/1_0" xmlns:search="http://www.memority.com/toolkit/search-expression/1_0" xmlns:settings="http://www.memority.com/toolkit/addons/settings/1_0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" tenant="default" env="memority" stack="memority">
   <dmn:Application id="report-application-demo">
      <updatedAt>2023-02-23T10:32:24.094Z</updatedAt>
      <name>report-application-demo</name>
      <description></description>
      <citadelApplicationId>12345</citadelApplicationId>
      <connectorId>report-connector-demo</connectorId>
      <schemaMappingDefinition>
         <objectSchemaMappingDefinitions>
            <objectSchemaMappingDefinition>
               <associationDefinitions/>
               <applicationObjectActivationDefinition>
                  <executePostActions>true</executePostActions>
                  <onApplicationUnassignedEvent>NO_OP</onApplicationUnassignedEvent>
                  <onIdmObjectDeleteEvent>NO_OP</onIdmObjectDeleteEvent>
                  <onIdmObjectDisableEvent>NO_OP</onIdmObjectDisableEvent>
               </applicationObjectActivationDefinition>
               <applicationObjectLookupDefinition>
                  <simpleLookupStrategyDefinition>
                     <attributeLookupDefinitions>
                        <attributeLookupDefinition>
                           <inputAttributeId>id</inputAttributeId>
                           <targetAttributeId>_id</targetAttributeId>
                        </attributeLookupDefinition>
                     </attributeLookupDefinitions>
                  </simpleLookupStrategyDefinition>
               </applicationObjectLookupDefinition>
               <enabled>true</enabled>
               <objectClassId>
                  <value>identity</value>
               </objectClassId>
               <outboundAttributesMappingDefinitions>
                  <attributeMappingDefinitions>
                     <attributeMappingDefinition>
                        <targetAttributeId>_id</targetAttributeId>
                        <targetAttributeType>STRING</targetAttributeType>
                        <mandatory>true</mandatory>
                        <secret>false</secret>
                        <simpleAttributeMappingStrategyDefinition>
                           <inputAttributeId>id</inputAttributeId>
                        </simpleAttributeMappingStrategyDefinition>
                        <multiValued>false</multiValued>
                     </attributeMappingDefinition>
                     <attributeMappingDefinition>
                        <targetAttributeId>recertificationMetadata</targetAttributeId>
                        <targetAttributeType>STRING</targetAttributeType>
                        <mandatory>false</mandatory>
                        <secret>false</secret>
                        <customAttributeMappingStrategyDefinition>
                           <computeRule>
                              <script><![CDATA[
                                            
                                 //@ruleFlavor: toolkit, citadel
                                
                                 return IDM_OBJECT.recertificationMetadata.collect { it.recertifiedAt } as List<String>
                                 
                                        ]]></script>
                           </computeRule>
                           <computeRuleAttributeDependencies>
                              <dependency>recertificationMetadata</dependency>
                           </computeRuleAttributeDependencies>
                        </customAttributeMappingStrategyDefinition>
                        <multiValued>true</multiValued>
                     </attributeMappingDefinition>
                  </attributeMappingDefinitions>
               </outboundAttributesMappingDefinitions>
               <postActions>
                  <action class="objectRecertificationMetadataMongoSynchronization"/>
               </postActions>
               <shadowKind>ACCOUNT</shadowKind>
            </objectSchemaMappingDefinition>
         </objectSchemaMappingDefinitions>
      </schemaMappingDefinition>
   </dmn:Application>
</kit:DataSet>

Custom Collection properties

Property

Type

Mandatory

Description

collectionName

String

YES

The name of the targeted collection.

It cannot start by the reserved prefix “__builtin__”.

criteria

List<CriteriaDefinition>

YES

A list of allowed search criteria for this collection.

This also serves as a light schema for defining the fields value type. For instance a date field will have to be indicated with a value type DATETIME in order for comparison and sorting to be accurate when targeting this field.

If a request contains other criteria than the one mentioned, the request will be rejected. (Note that built-in collections declare all the criteria of their target collection, if one need to restrict a criteria they will need to create a custom collection and re-declare the allowed criteria).

A CriteriaDefinition is an object that serves to indicate the allowed criteria name and the value type of the criteria.

Criteria

Properties

Property

Type

Mandatory

Values (default in bold)

Description

name

String

YES

The name of the criteria in the Reporting collection. This can be a nested path to a final criteria or a root criteria (Example identity.securityOrg.name).

valueType

Enum

YES

ANY, STRING, INTEGER, FLOAT, BOOLEAN, DATETIME, OBJECT, ANY_ARRAY, STRING_ARRAY ,INTEGER_ARRAY, FLOAT_ARRAY, BOOLEAN_ARRAY, DATETIME_ARRAY, OBJECT_ARRAY

The value type of the criteria.

See Criteria Type System.

searchable

Boolean

NO

false

If true, an index will be created on the corresponding field in the collection and it will be possible to use this criteria in search expressions. _id field is always searchable and cannot be unindexed.

Example
XML 
<!-- All criteria under "identity" are interpreted as STRING except for "identity.enabledUntil" -->
<criteria>
    <criterion>
       <name>identity.enabledFrom</name>
       <valueType>DATETIME</valueType>
       <searchable>true</searchable>
    </criterion>
    <criterion>
       <name>identity.enabledUntil</name>
       <valueType>DATETIME</valueType>
       <searchable>false</searchable>
    </criterion>
</criteria>

Custom Report Example

XML 
<?xml version="1.0" encoding="UTF-8"?>
<kit:DataSet xmlns:ctd="http://www.memority.com/citadel/1_0" xmlns:ctdcore="http://www.memority.com/citadel/core/1_0" xmlns:ctdidm="http://www.memority.com/citadel/idm/1_0" xmlns:ctdrep="http://www.memority.com/citadel/rep/1_0" xmlns:ctdtnt="http://www.memority.com/citadel/tnt/1_0" xmlns:kit="http://www.memority.com/toolkit/1_0" xmlns:rule="http://www.memority.com/toolkit/rule/1_0" xmlns:search="http://www.memority.com/toolkit/search-expression/1_0" xmlns:settings="http://www.memority.com/toolkit/addons/settings/1_0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <ctdrep:ReportingObjectConfiguration id="test_conf_2">
      <name>Test Conf 2</name>
      <description>Test get filters with custom collection</description>
      <collectionWriteConfiguration>
		<writable>false</writable>
		<appendOnly>false</appendOnly>
	  </collectionWriteConfiguration>
      <customCollection>
         <criteria>
            <criterion>
				<name>countries</name>
       			<valueType>STRING</valueType>
            </criterion>
            <criterion>
				<name>continents</name>
       			<valueType>STRING</valueType>
			</criterion>
         </criteria>
         <collectionName>authentication_agg</collectionName>
      </customCollection>
   </ctdrep:ReportingObjectConfiguration>
</kit:DataSet>

REST API

The Configuration is managed on the following endpoint :

URL

Method

Description

{tenant}/api/rep/conf/reporting-objects

GET, POST

Retrieve the lists of defined ReportingObjectConfiguration for the tenant

{tenant}/api/rep/conf/reporting-objects/{reportingObjectConfigurationId}

GET, PUT, DELETE

Manage the specific ReportingObjectConfiguration

Access rights

The access rights mirrors those already existing on other resources: 

Rights

sys.rep-conf-read: Can read the configuration(s)

sys.rep-conf-crud: Can read/write the configuration(s)

sys.rep-conf-import: Can import new configuration(s)

sys.rep-conf-export: Can export configuration(s)

sys.rep-conf-admin: Can do anything with the configuration(s)

Criteria Type System

Declared criteria affect both Document search and persistence:

  • One may search only on declared criteria that are not of type ANY or ANY_ARRAY

  • The type of declared criteria is enforced when persisting a document. If type conversion is not possible, an error will be returned

The ANY type

This type allows any value. Data will be inserted as is, without conversion.

This is the typing applied to undeclared criteria.

The OBJECT type

This type should be used for criteria that are objects and that are searched on with an exact match (eg. _id = '{"id": "foo", "date": "1970-01-01T00:00:00Z"}').

When persisting a Document:

  • The map type will be enforced

  • ANY / ANY_ARRAY keys (declared or not) are not allowed

  • Keys will be reordered to match the criteria declaration order (because exact match is sensitive to key order)

As a consequence, all sub-criteria must be declared (_id.id and _id.date in the example above), and the declaration order should match the key order of existing data (if any), and should never be changed.

Implicit objects

When a criteria is of type ANY (respectively ANY_ARRAY) and at list one sub-criteria is declared, this criteria is an Implicit Object. (respectively an array of Implicit Objects).

While searching on an Implicit Object Criteria directly is not allowed, one may search on its declared sub-criteria.

When persisting a Document:

  • The map type will be enforced

  • Undeclared keys are allowed

  • No key reordering will be performed.

Array types

To each simple type (ANY, OBJECT, STRING, INTEGER,…) corresponds an array type (ANY_ARRAY, OBJECT_ARRAY, STRING_ARRAY, OBJECT_ARRAY,…)

The semantics of ANY_ARRAY and OBJECT_ARRAY matches those of the corresponding simple types:

  • All sub-criteria of OBJECT_ARRAY criteria must be declared, keys will be reordered

  • An ANY_ARRAY criteria with at least one declared sub-criteria is an array of Implicit Objects

Read Next

Reporting Object Configurations — Reporting Objects define how one may interact with an underlying (built-in or custom) Document Collection.
Reporting Data APIs
Exporting Reporting Data using the Synchronization Service — Reporting data can be exported as CSV files using the Synchronization Service Export Task.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close