POST Identity/Browse

Returns information about individual identity, group identity, or distribution groups from a local or non-local provider such as Active Directory. The Identity/Browse method only searches for identities that are contained in the identity provider of the Web SDK user.

Requirements

  • Permissions:  The caller is not required to have any special permissions.
  • Token scope:  Configuration

Headers

  • Content type: Content-Type:application/json.

  • Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name

Description

Filter

(Optional) The individual identity, group identity, or distribution group name to search for in the provider. For AD or LDAP providers, use both the Filter and Limit parameters. For AD, Identity/Browse searches the Ambiguous Name Resolution (ANR) attributes in the AD provider. The attributes, which are included in ANR lookups, can be controlled by the AD administrator or from the default set that is available from Microsoft.

Limit

(Optional) The maximum number of items to return. For AD or LDAP, use both the Filter and Limit parameters. As a best practice, if you expect one result, specify Limit=2 to detect extraneous information. Default, when you omit this parameter:

  • AD = 250 individual identities, group identities, or distribution groups

  • LDAP = 500 individual identities, group identities, or distribution groups

  • Local = 50 individual identities, group identities, or distribution groups

IdentityType

An integer that describes the type of identities to return based on the Filter parameter. Required for local identity providers. For example, if the Filter is a group identity, the IdentityType is 2.

  • 1: User
  • 2: SecurityGroups
  • 8: DistributionGroups

    -OR-

  • [Combo value]. Any combination of identity types that are related to the Filter. For example, if you want Security groups and Distribution Groups, specify 10.

Returns

Response description

Name

Description

Identities

An array of Identity Entry object values that show the user's group and folder memberships.

Example: 1 Find Group Provider Identity Information

In this example, the Web SDK user is a member of the Identity Provider withPrefix: AD+venqa.

Request for Example 1

POST https://tpp.venafi.example/vedsdk/Identity/Browse
Authorization:Bearer 4MyGeneratedBearerTknz== 
{
   "Filter":"Group",
   "Limit":9,
   "IdentityType":2
}

Response for Example 1

HTTP/1.1 200 OK
   "Identities":[
      {
         "FullName":"CN=Group A,OU=Migrator,DC=venqa,DC=venafi,DC=com",
         "IsGroup":true,
         "Name":"Group A",
         "Prefix":"AD+venqa",
         "PrefixedName":"AD+venqa:Group A",
         "PrefixedUniversal":"AD+venqa:f8187074c851504c811d6e9b18528704",
         "Type":2,
         "Universal":"{f8187074c851504c811d6e9b18528704}"
      },
      {
         "FullName":"CN=Group B,OU=Migrator,DC=venqa,DC=venafi,DC=com",
         "IsGroup":true,
         "Name":"Group B",
         "Prefix":"AD+venqa",
         "PrefixedName":"AD+venqa:Group B",
         "PrefixedUniversal":"AD+venqa:ecaddbec685aeb4bbaee4b1166e63cb4",
         "Type":2,
         "Universal":"{ecaddbec685aeb4bbaee4b1166e63cb4}"
      }
   ]
}

Example: 2 Find a Person's Name Across all Group Provider Identities

In this example, the Web SDK user is a member of the Identity Provider with Prefix: AD+venqa.

Request for Example 2

POST https://tpp.venafi.example/vedsdk/Identity/Browse 
Authorization:Bearer 4MyGeneratedBearerTknz== 
{
   "Filter": "Ba",
   "Limit": 900,
   "IdentityType": 3
}			

Response for Example 2

HTTP/1.1 200 OK
{
   "Identities":[
      {
          "FullName": "CN=Jason Baddley,CN=Users,DC=venqa,DC=venafi,DC=com",
          "Name": "jbadd",
          "Prefix": "AD+venqa",
          "PrefixedName": "AD+venqa:jbadd",
          "PrefixedUniversal": "AD+venqa:7f93d2908020204a959910ea5a5704ff",
          "Type": 1,
          "Universal": "{7f93d2908020204a959910ea5a5704ff}",
      {
         "FullName":"CN=Bad-Anon,CN=Users,DC=venqa,DC=venafi,DC=com",
         "IsGroup":true,
         "Name":"Bad-Anon",
         "Prefix":"AD+venqa",
         "PrefixedName":"AD+venqa:Bad-Anon",
         "PrefixedUniversal":"AD+venqa:f61d2d8f2e466c4a97f0dc43d4acc791",
         "Type":2,
         "Universal":"{f61d2d8f2e466c4a97f0dc43d4acc791}"
      }, ...

   ]
}