The API is accessed using SOAP over HTTPS with a WSDL specification. It is accessible from a wide range of platforms, including Windows and Unix, .NET and J2EE, Perl, Python and PHP, etc.
The Hitachi ID Identity and Access Management Suite API supports a wide range of operations, including:
- Submitting new workflow requests. This includes requests to:
- Create new user profiles.
- Add login accounts to new or existing profiles.
- Add users to or remove users from managed groups.
- Assign roles to users or remove roles from users.
- Get or set user identity attributes.
- Initiating certification campaigns.
- Searching for users, groups or roles matching specified criteria.
- Creating, updating or deleting roles and SoD policies.
- Getting or changing the set of authorizers attached to a request.
- Approving or denying requests.
- Enumerating users per entitlement or entitlements per user.
- Running any report and consuming its output in a streamed format (e.g., orphan/dormant accounts, stale workflow requests, SoD violations, etc.).
- Performing a variety of Hitachi ID Identity and Access Management Suite configuration tasks.
A REST API is included but currently only supports authentication by the Hitachi ID Identity and Access Management Suite UI. In a near-term release, OAuth authentication into the REST API will be added, to enable third party applications to leverage it.