POST Identity/Browse
Returns information about individual identity, group identity, or distribution groups from a local or non-local provider such as Active Directory. The Identity/Browse method only searches for identities that are contained in the identity provider of the Web SDK user.
Requirements
- Permissions: The caller is not required to have any special permissions.
- Token scope: Configuration
Headers
-
Content type: Content-Type:application/json.
- Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.
Parameters
Name |
Description |
---|---|
Filter |
(Optional) The individual identity, group identity, or distribution group name to search for in the provider. For AD or LDAP providers, use both the Filter and Limit parameters. For AD, Identity/Browse searches the Ambiguous Name Resolution (ANR) attributes in the AD provider. The attributes, which are included in ANR lookups, can be controlled by the AD administrator or from the default set that is available from Microsoft. |
Limit |
(Optional) The maximum number of items to return. For AD or LDAP, use both the Filter and Limit parameters. As a best practice, if you expect one result, specify Limit=2 to detect extraneous information. Default, when you omit this parameter:
|
IdentityType |
An integer that describes the type of identities to return based on the Filter parameter. Required for local identity providers. For example, if the Filter is a group identity, the IdentityType is 2.
|
Returns
Name |
Description |
---|---|
Identities |
An array of Identity Entry object values that show the user's group and folder memberships. |
Example: 1 Find Group Provider Identity Information
In this example, the Web SDK user is a member of the Identity Provider withPrefix: AD+venqa.
Request for Example 1
POST https://tpp.venafi.example/vedsdk/Identity/Browse Authorization:Bearer 4MyGeneratedBearerTknz== { "Filter":"Group", "Limit":9, "IdentityType":2 }
Response for Example 1
HTTP/1.1 200 OK "Identities":[ { "FullName":"CN=Group A,OU=Migrator,DC=venqa,DC=venafi,DC=com", "IsGroup":true, "Name":"Group A", "Prefix":"AD+venqa", "PrefixedName":"AD+venqa:Group A", "PrefixedUniversal":"AD+venqa:f8187074c851504c811d6e9b18528704", "Type":2, "Universal":"{f8187074c851504c811d6e9b18528704}" }, { "FullName":"CN=Group B,OU=Migrator,DC=venqa,DC=venafi,DC=com", "IsGroup":true, "Name":"Group B", "Prefix":"AD+venqa", "PrefixedName":"AD+venqa:Group B", "PrefixedUniversal":"AD+venqa:ecaddbec685aeb4bbaee4b1166e63cb4", "Type":2, "Universal":"{ecaddbec685aeb4bbaee4b1166e63cb4}" } ] }
Example: 2 Find a Person's Name Across all Group Provider Identities
In this example, the Web SDK user is a member of the Identity Provider with Prefix: AD+venqa.
Request for Example 2
POST https://tpp.venafi.example/vedsdk/Identity/Browse Authorization:Bearer 4MyGeneratedBearerTknz== { "Filter": "Ba", "Limit": 900, "IdentityType": 3 }
Response for Example 2
HTTP/1.1 200 OK { "Identities":[ { "FullName": "CN=Jason Baddley,CN=Users,DC=venqa,DC=venafi,DC=com", "Name": "jbadd", "Prefix": "AD+venqa", "PrefixedName": "AD+venqa:jbadd", "PrefixedUniversal": "AD+venqa:7f93d2908020204a959910ea5a5704ff", "Type": 1, "Universal": "{7f93d2908020204a959910ea5a5704ff}", { "FullName":"CN=Bad-Anon,CN=Users,DC=venqa,DC=venafi,DC=com", "IsGroup":true, "Name":"Bad-Anon", "Prefix":"AD+venqa", "PrefixedName":"AD+venqa:Bad-Anon", "PrefixedUniversal":"AD+venqa:f61d2d8f2e466c4a97f0dc43d4acc791", "Type":2, "Universal":"{f61d2d8f2e466c4a97f0dc43d4acc791}" }, ... ] }