Centrify Developer Program

  • Guides
  • API Reference
  • GitHub
  • FAQ
  • Community Forums
  • Twitter

The Centrify Developer Program

Welcome to the Centrify Developer Program. You’ll find comprehensive guides and documentation to help you start working with the Centrify Platform as quickly as possible.

HomeGuidesRecipesAPI ReferenceReferenceChangelogDiscussionsPage Not FoundSearch{{ state.current().meta.title }}API Logs
    HomeGuidesAPI ReferenceChangelog
discard

Getting Started

  • Centrify Identity Services API
    • Core Services
    • Applications, Endpoints, and Infrastructure Services
    • Getting Access to the API
    • API Support Requests
  • The Basics
    • Using Postman
    • Using Trace Tools
  • Use Queries
  • Use your Tenant URL
  • Develop with the API
  • Centrify Platform SDK

Authenticate and Authorize Users

  • Overview
    • Adaptive Authentication
    • Social Login
    • Authentication Cookies
    • Public Keys
  • Authentication Quick Start
    • Starting the Authentication Process
    • Advancing the Authentication
    • Advancing Multi-factor Authentication
    • Advancing Out-of-bounds Authentication
    • Using the Authentication Token
    • Identifying a Client Device
    • Social Login
    • Logging Out
    • C# Example
  • About OpenID Connect
  • Centrify SAML Toolkits for SSO
  • OAuth Clients
    • Client Credentials Flow
    • Authorization (Auth) Code Flow
    • Resource Owner Flow
    • Refresh Tokens
    • Revoke a Token
    • Validate a Token
  • Check Out a Password
  • MFA for Password Checkout
  • On Demand Challenges
  • User Self Password Reset
  • User Self Get Username
  • Secure Remote Access
  • Get a SAML Assertion for a Configured App
  • Generate a Random Password
  • Verifying a Signature
  • Vault Functionality

Installation Guides

  • AWS CLI for Centrify
    • Python Installation
    • Library Installations
    • AWS CLI Installation
    • Edit Configuration Files
    • Create cacerts.pem
    • Running the Program
  • AWS Powershell Utility V10
    • Centrify Powershell Utility Installation
    • Logging – Verbose output

Manage Users

  • User Management
  • Create and Manage Cloud Directory Users
  • Manage Applications for Users
  • Generic User Functions
    • Invite users to the portal
    • Get information for users
    • Configure authentication settings
  • Use Extensible Attributes
  • Manage Roles
  • Multiple Secret Question Enrollment
  • Watch and Terminate Sessions
  • Create an Authentication Profile
  • Create a Policy
  • Create a Customer

Manage Resources

  • Add Resources
    • Add Domains
    • Check out Shared Account Passwords
  • Monitor Connector Status
  • Create and Manage Secrets
  • Request and Approve Privileged Access
  • Privilege Elevation
  • Request a Zone Role
  • Update a Proxy Collection List
  • Configure CORS

Manage Applications

  • Manage Access to Applications
  • Add Applications to a Website
  • Editing Custom Logic
  • Business Partner Federation

Mobilize

  • Manage Devices

Authentication and Privilege Elevation Services

  • Audit and Monitoring
  • Direct Manage
  • Manage Federations
  • CClient Commands

Discover

  • Discover Resources

Example Projects

  • AWS AutoScaling
  • AWS OpsWorks
  • AWS Automation
  • GCP Automation

Analytics

  • Work with Analytics Endpoints
  • Webhooks
    • Slack Example Webhook
    • PagerDuty Example Webhook

Getting Started

  • Centrify Identity Services API
    • Core Services
    • Applications, Endpoints, and Infrastructure Services
    • Getting Access to the API
    • API Support Requests
  • The Basics
    • Using Postman
    • Using Trace Tools
  • Use Queries
  • Use your Tenant URL
  • Develop with the API
  • Centrify Platform SDK

Authenticate and Authorize Users

  • Overview
    • Adaptive Authentication
    • Social Login
    • Authentication Cookies
    • Public Keys
  • Authentication Quick Start
    • Starting the Authentication Process
    • Advancing the Authentication
    • Advancing Multi-factor Authentication
    • Advancing Out-of-bounds Authentication
    • Using the Authentication Token
    • Identifying a Client Device
    • Social Login
    • Logging Out
    • C# Example
  • About OpenID Connect
  • Centrify SAML Toolkits for SSO
  • OAuth Clients
    • Client Credentials Flow
    • Authorization (Auth) Code Flow
    • Resource Owner Flow
    • Refresh Tokens
    • Revoke a Token
    • Validate a Token
  • Check Out a Password
  • MFA for Password Checkout
  • On Demand Challenges
  • User Self Password Reset
  • User Self Get Username
  • Secure Remote Access
  • Get a SAML Assertion for a Configured App
  • Generate a Random Password
  • Verifying a Signature
  • Vault Functionality

Installation Guides

  • AWS CLI for Centrify
    • Python Installation
    • Library Installations
    • AWS CLI Installation
    • Edit Configuration Files
    • Create cacerts.pem
    • Running the Program
  • AWS Powershell Utility V10
    • Centrify Powershell Utility Installation
    • Logging – Verbose output

Manage Users

  • User Management
  • Create and Manage Cloud Directory Users
  • Manage Applications for Users
  • Generic User Functions
    • Invite users to the portal
    • Get information for users
    • Configure authentication settings
  • Use Extensible Attributes
  • Manage Roles
  • Multiple Secret Question Enrollment
  • Watch and Terminate Sessions
  • Create an Authentication Profile
  • Create a Policy
  • Create a Customer

Manage Resources

  • Add Resources
    • Add Domains
    • Check out Shared Account Passwords
  • Monitor Connector Status
  • Create and Manage Secrets
  • Request and Approve Privileged Access
  • Privilege Elevation
  • Request a Zone Role
  • Update a Proxy Collection List
  • Configure CORS

Manage Applications

  • Manage Access to Applications
  • Add Applications to a Website
  • Editing Custom Logic
  • Business Partner Federation

Mobilize

  • Manage Devices

Authentication and Privilege Elevation Services

  • Audit and Monitoring
  • Direct Manage
  • Manage Federations
  • CClient Commands

Discover

  • Discover Resources

Example Projects

  • AWS AutoScaling
  • AWS OpsWorks
  • AWS Automation
  • GCP Automation

Analytics

  • Work with Analytics Endpoints
  • Webhooks
    • Slack Example Webhook
    • PagerDuty Example Webhook

Centrify Identity Platform API

  • Authentication
    • post
      Check row ACLs.
    • post
      Gets a users access rights.
    • post
      Get a collection of access rights.
    • post
      Retrieves a list of who has what rights for the directory.
    • post
      Gets a list of directory rights.
    • post
      Gets a list of file rights.
    • post
      Gets ACLs on a file.
    • post
      Gets the access rights for a row.
    • post
      Authenticates a request.
    • post
      Confirm
    • post
      https://openid.net/specs/openid-connect-session-1_0.html#RPLogout
    • post
      Introspect.
    • post
      Keys
    • post
      Revoke.
    • post
      Gets a token based on grant type.
    • post
      This returns the contents of the bearer token used.
    • post
      Attempt to advance the state of an authentication session.
    • post
      Advances a forgot username session (similar to MFA advance authentication).
    • post
      Terminate an incomplete session started with StartAuthentication or StartChallenge.
    • post
      Allows OAuth2 clients to perform on-demand step-up authentication challenges.
    • post
      Continues user authentication.
    • post
      Starts a user authentication session.
    • post
      Starts a step-up authentication challenge session.
    • post
      Starts a forgot username session that looks similar to an MFA authentication session.
    • post
      Submit OATH OTP code for the specify user
    • post
      Answer registration challenge.
    • post
      Deletes the U2f device.
    • post
      Delete a list of U2f devices.
    • post
      Get the trusted facet list for the tenant.
    • post
      Get registration challenge.
    • post
      Gets a list of U2f devices.
    • post
      Gets a list of U2f devices for the current user.
  • User Management
    • post
      Gets a list of row rights.
    • post
      Deprecated -- Delete a list of users with permission check.
    • post
      Create new users in the Cloud Directory Service based on data read from files.
    • post
      Delete user after permission check (DEPRECATED)
    • post
      Exempt a specified user from MFA login for a period of time.
    • post
      Get details for the current user.
    • post
      Reads users from a csv file(s) for bulk user import.
    • post
      Refresh a user's cached identity.
    • post
      Create a Bulk User Import scheduled task to process an uploaded file.
    • post
      Retreives a list of users that are members of a specific federated group.
    • post
      Retrieves the Federated Group Memberships for a specfic user.
    • post
      Revokes federated group membership from a specific group for a specific user.
    • post
      Refresh current user's cached identity.
    • post
      Delete admin security question.
    • post
      Get a specific admin security question
    • post
      Get admin security questions
    • post
      Add admin security question.
    • post
      Runs a risk check for the current user.
    • post
      Check to see if a user can edit attributes.
    • post
      Update user attributes
    • post
      Change the password for the current user.
    • post
      Query all directory services for users, groups, and/or roles using a json query string.
    • post
      Get the cached entity.
    • post
      Get the cached user.
    • post
      Get security questions for the current user
    • post
      Fetch attributes for a specified user.
    • post
      Get certificate info for a given user.
    • post
      Fetch the reporting hierarchy for a specified user.
    • post
      Get additional info for a specified user.
    • post
      Fetch a cloud user's picture.
    • post
      Gets user roles and administrative rights.
    • post
      Invite one or more users to the cloud portal.
    • post
      Checks to see if a given user is cloud locked.
    • post
      Determine if the current user can (or cannot...) satisfy the requisite MFA challenges.
    • post
      Checks to see if a given user is subject to cloud locks.
    • post
      Remove a user from the cloud.
    • post
      Remove one or more certificates for a given user.
    • post
      Remove one or more users.
    • post
      Resets (clears) security questions for a user.
    • post
      Reset the password for a specified user.
    • post
      Send email invitation to a specified user.
    • post
      Send invitation emails to one or more users.
    • post
      Send SMS invitation to a specified user.
    • post
      Applies or clears a cloud lock for a given user.
    • post
      Set the phone pin for a user.
    • post
      Updates security questions for a user.
    • post
      Updates various user preferences for the currently logged in user.
  • Core Services
    • post
      Deletes an authentication profile.
    • post
      Gets an authentication profile.
    • post
      Gets a list of Authentication profiles.
    • post
      Saves an authentication profile.
    • post
      The tenant brand information.
    • post
      The tenant brand.
    • post
      Fetch technical support user.
    • post
      Grant portal access to technical support.
    • post
      Create a dynamic set.
    • post
      Create a manual set.
    • post
      Delete a set.
    • post
      Gets the contents of a bucket.
    • post
      Gets a set based on the ID.
    • post
      Gets the references to a set.
    • post
      Gets the rights on a set.
    • post
      Gets a set template based on ObjectType and SubObjectType.
    • post
      Gets the members with access to the set.
    • post
      Gets the objects set.
    • post
      Gets a set of ObjectType.
    • post
      Gets the members with access to the set.
    • post
      Update a set.
    • post
      Updates the set members.
    • post
      Adds a Blocked IP Range.
    • post
      Adds an IP Range local to the customer network.
    • post
      Requests a heath check from a specific cloud connector or from all cloud connectors.
    • post
      Create a directory.
    • post
      Creates a Reports directory in Path for the tenant.
    • post
      Creates a Reports directory in the tenant for the current user.
    • post
      Deletes a Blocked IP Range.
    • post
      Removes a suffix.
    • post
      Removes multiple suffixes.
    • post
      Delete a set of certificates.
    • post
      Deletes a directory.
    • post
      Deletes a file.
    • post
      Deletes a set of files.
    • post
      Deletes a list of proxies.
    • post
      Remove a connector referred to by proxyUuid.
    • post
      Deletes a connector registration code.
    • post
      Deletes a list of connector registration codes.
    • post
      Deletes the tenant configuration key.
    • post
      Deletes an IP Range local to the customer network.
    • post
      Check for the existence of a directory.
    • post
      Downloads a certificate.
    • post
      Download the contents of a file.
    • post
      Check for the existence of a file.
    • post
      Generates a new connector registration code.
    • post
      Generates a password.
    • post
      Get a list of domains in the forest.
    • post
      Gets the active directory topology for the directory service Uuid or the domain name.
    • post
      Get the tenant suffixes.
    • post
      Gets the blocked IP Ranges.
    • post
      Gets the certificate authority certificate chain.
    • post
      Get the tenant suffixes excluding 'legacy' versions.
    • post
      Gets the public part of the cloud certificate authority certificate.
    • post
      Gets the connector log4net config for the connector.
    • post
      Gets the current Iwa Json Url.
    • post
      Gets the current Iwa Url.
    • post
      Gets the public part of the default global app signing certificate.
    • post
      List the directory contents of a directory.
    • post
      Get a list of directory contents.
    • post
      Gets directory information for the path.
    • post
      Gets the directory services.
    • post
      Gets a list of domain controllers for the directory service Uuid in domain name.
    • post
      Gets download urls.
    • post
      Get metadata and information about a file, as well as the file contents.
    • post
      Get the Iwa trust root certificate.
    • post
      Gets the localized value of the tag.
    • post
      Get domains and organizational units.
    • post
      Gets the IP Ranges local to the customer network.
    • post
      Fetchs a connector registration code along with its settings.
    • post
      Fetchs a standard UI report that contains all of the connector registration codes.
    • post
      Get the connector Iwa host certificate file.
    • post
      Gets the Iwa settings for the connector Uuid.
    • post
      Retrieves a list of product licenses for this tenant, from Salesforce.
    • post
      Get a list of directory contents with a file extension of 'report'.
    • post
      Get supported cultures, returning their code and native name.
    • post
      Gets the public part of the tenant CA certificate.
    • post
      Gets the tenant's config value for a key.
    • post
      Returns a file name that is unique in the directory.
    • post
      Gets all user settings of setting type.
    • post
      Gets the Zso certificate
    • post
      Gets the Zso host information.
    • post
      This is a callback used by the twilio service.
    • post
      Issues a user certificate. (Deprecated, please use OAuth2 instead.)
    • post
      Issues a Zso user certificate
    • post
      List the file contents of a directory.
    • post
      Return given text as a file.
    • post
      Move directory 'path' to 'toPath'.
    • post
      Calls the NotifyEnvironment method on the connector.
    • post
      Redirect to the targetUrl.
    • post
      Read the contents of a file.
    • post
      Re issue the certificate for the connector.
    • post
      Rename certificate with thumbprint to newName.
    • post
      Sets the connector Log4Net config for a connector.
    • post
      Sets the default certificate for the current tenant.
    • post
      Set the certificate for the Iwa connector.
    • post
      Set the connector Iwa Settings for proxyUuid.
    • post
      Sets the value of a tenant configuration key.
    • post
      Starts the named service on the connector.
    • post
      Stops the named service on the connector.
    • post
      Store a suffix.
    • post
      Saves the user information.
    • post
      Stores the user settings.
    • post
      Updates the directory services stack for a tenant.
    • post
      Updates an existing connector registration code.
    • post
      Updates the Iwa connector settings.
    • post
      Uploads a certificate.
    • post
      Write string content to a file.
    • post
      Gets the value of an extended column.
    • post
      Gets the value of all extended columns for a row.
    • post
      Gets the tables extended columnar schema.
    • post
      Sets the value of an extended column.
    • post
      Sets the value of an extended column.
    • post
      Updates a table's extended columnar schema.
    • post
      Add a certificate authority.
    • post
      Downloads the certificate authority public key file.
    • post
      Get certificate authorities for the tenant.
    • post
      Remove a certificate authority.
    • post
      Update a certificate authority.
    • post
      Add global group assertion mapping.
    • post
      Create federation.
    • post
      Delete a federation.
    • post
      Delete global group assertion mapping.
    • post
      Get the federation metadata.
    • post
      Get a federation.
    • post
      Get federation group assertion mappings.
    • post
      Gets a list of federations.
    • post
      Gets a list of federation types.
    • post
      Get global federation settings.
    • post
      Get global group assertion mappings.
    • post
      Gets a list of federated groups.
    • post
      Gets the public part of the Service Provider signing certificate.
    • post
      Gets the public part of the Service Provider signing certificate authority.
    • post
      Update a federation.
    • post
      Update federation group assertion mappings.
    • post
      Update the global group assertion mappings.
    • post
      Call back for the google directory service.
    • post
      Gets the IDP authorization state for the pollingToken.
    • post
      Gets the directory service configuration.
    • post
      Gets the state id and the service login url.
    • post
      Updates the directory service configuration.
    • post
      Updates the directory service configuration.
    • post
      Simple health check for load balancers: Is this node active?
    • post
      Returns a report of deployment history, schema upgrade history, current nodes, for support.
    • post
      Returns a report of deployment history, schema upgrade history, current nodes, for support.
    • post
      Returns login Data configurement.
    • post
      Query and read the config for the one Safenet kmip box for this tenant.
    • post
      Delete the Kmip configuration.
    • post
      Get the Kmip configuration
    • post
      Stores the Kmip remote password.
    • post
      Adds a service to the Lightweight Directory Access Protocol (LDAP) config.
    • post
      Remove a service from the Lightweight Directory Access Protocol (LDAP).
    • post
      Get a list of cloud connectors that have the LDAP module enabled.
    • post
      Gets the directory service version for an LDAP directory service specified by UUID.
    • post
      Get the Lightweight Directory Access Protocol (LDAP) config.
    • post
      Get the Directory Service UUID for a specific LDAP, using the name assigned by the user.
    • post
      Gets the list of mappable LDAP attributes.
    • post
      Gets a property to attribute mapping on an LDAP enabled directory service.
    • post
      Gets the scripting property to attribute mapping from an LDAP enabled directory service.
    • post
      Modify a service in the Lightweight Directory Access Protocol (LDAP) config.
    • post
      Sets a property to attribute mapping on an LDAP enabled directory service.
    • post
      Sets the scripting property to attribute mapping on an LDAP enabled directory service.
    • post
      Gets the results of the specified mappings by looking up a user by name.
    • post
      Verify the Lightweight Directory Access Protocol (LDAP) directory service config.
    • post
      Retrieves the file from the virtual file system.
    • post
      Add a single OATH profile to a specific user.
    • post
      Delete a list of profiles.
    • post
      Gets data from a csv file.
    • post
      Get import profile list.
    • post
      Gets the profile list for the user.
    • post
      Gets the oath profile list for a device.
    • post
      Resets the Centrify OATH profile.
    • post
      Resynchronize a TOTP or HOTP token.
    • post
      Save or update the default Centrify profile.
    • post
      Process a previously uploaded csv file.
    • post
      Update the oath profile counter.
    • post
      Validate the otp code.
    • post
      Creates a client token.
    • post
      Login
    • post
      Add an authentication policy modifier.
    • post
      Delete an authentication policy modifier.
    • post
      Delete a policy block.
    • post
      Get the authentication policy modifiers.
    • post
      Gets a list of policy links.
    • post
      Get policy block.
    • post
      Gets the oath otp name for the user.
    • post
      Get the password complexity requirements for the user.
    • post
      Gets a list of policy links.
    • post
      Get policy block.
    • post
      Retrieves a boolean policy value.
    • post
      Retrieves an integer policy value.
    • post
      Get the policy meta data.
    • post
      Retrieves a string policy value.
    • post
      Get the rsop policy for the user and device.
    • post
      Gets the oath u2f name for the user.
    • post
      Get using cloud mobile group policy.
    • post
      Get a list of policies for a device.
    • post
      Deprecated; use SavePolicyBlock3.
    • post
      Save a new or updated policy.
    • post
      Saves a list of policy links.
    • post
      Saves a list of policy links.
    • post
      Sets the using cloud mobile group policy.
    • post
      Get all radius clients.
    • post
      Fetch Radius config for a specified connector
    • post
      Get the list of RADIUS servers
    • post
      Get the user identifier attribute types.
    • post
      Remove one or more radius clients if they exist.
    • post
      Remove radius servers.
    • post
      Add or update a radius client.
    • post
      Change radius config for a connector.
    • post
      Configures a Radius server.
    • post
      Gets a list of tenants for the customer.
    • post
      Register a new tenant.
    • post
      Delete job history.
    • post
      Make a job report.
    • post
      Deprecated -- Am I authenticated.
    • post
      Deprecated -- Checks for user execute rights on the Application Role Management task.
    • post
      Begin the process of recovering a lost or forgotten user name.
    • post
      Gets a list of risk levels.
    • post
      Deprecated -- Multi factor authentication login for user.
    • post
      Add an enrollment code
    • post
      Check user permissions.
    • post
      Delete an enrollment code
    • post
      Disables zero or more features for an enrolled machine.
    • post
      Deprecated -- EnableFeatures
    • post
      Enables zero or more features for an enrolled machine.
    • post
      Get all enrollment codes
    • post
      Returns specified configuration settings for the enrolled machine
    • post
      Get effective local groups.
    • post
      Get group by id.
    • post
      Get group by name.
    • post
      Get group members.
    • post
      Get information concerning which roles are allowed to be made visible as groups.
    • post
      Get the group visibility scopes for a given role.
    • post
      Get the group visibility scopes for a given type and effective scope.
    • post
      Gets a set of agent settings.
    • post
      Get user by Id.
    • post
      Get user by name.
    • post
      Get user groups.
    • post
      Update group scopes.
    • post
      Update information about the agent computer.
    • post
      Update settings.
    • post
      Check to validate the agent computer.
    • post
      Verify username and password.
    • post
      Verify password.
    • post
      Verify user can login.
    • post
      Deprecated -- Add computer.
    • post
      Gets all visible accounts for a database
    • post
      Check if a database exists or not
    • post
      Refresh health status of a host, domain or database.
    • post
      Grant permissions on a database collection
    • post
      For social authentication, this is the Facebook call back.
    • post
      For social authentication, this is the Google call back.
    • post
      For social authentication, this is the LinkedIn call back.
    • post
      For social authentication, this is the Microsoft call back.
    • post
      For social authentication, this is the Twitter call back.
    • post
      Gets the social configurations for all identity providers.
    • post
      Get the application client secret.
    • post
      Gets the social user authentication configuration.
    • post
      Gets the social configuration for the requested identity provider.
    • post
      Resets the social user authentication configuration.
    • post
      Sets the social user authentication configuration.
    • post
      Set custom configuration.
    • post
      Describe the system.
    • post
      Dummy
    • post
      Retrieve a session id.
    • post
      Get the system version.
    • post
      Request the cancellation of a job.
    • post
      Create a one time job.
    • post
      Emails the report from scriptPath to the emailTo address.
    • post
      Returns streaming job history data via a redrock style interface.
    • post
      Gets the history of a single job.
    • post
      Retrieve simple job metrics from the persistent job system.
    • post
      List the cnames assigned for the tenant.
    • post
      Gets the domain of tenant urls
    • post
      Creates a cname with prefix specified for the tenant.
    • post
      Sets the tenant cname to preferred as cname
    • post
      Gets the tenant cnames.
    • post
      Deletes the cname for the tenant. Full cname is expected, e.g. 'company.my.centrify.net'.
    • post
      Deletes a single key record from the config table.
    • post
      Returns tenant's configuration values.
    • post
      Get tenant configuration.
    • post
      Deprecated -- Get editable mail templates.
    • post
      Get editable message template.
    • post
      Get editable message templates.
    • post
      Gets the google key for the tenant.
    • post
      Gets the tenant mobile configuration data.
    • post
      Get the tenant Simple Mail Transport Protocol configuration.
    • post
      Get the tenant Twilio configuration.
    • post
      Reset portal configuration.
    • post
      Send a test message template.
    • post
      Set the tenant configuration.
    • post
      Set a tenant configuration.
    • post
      Sets the google key for the tenant.
    • post
      Sets the tenant mobile configuration.
    • post
      Set password persistance. i.e. do we save your password.
    • post
      Set the tenant Simple Mail Transport Protocol configuration.
    • post
      Set the tenant Twilio configuration.
    • post
      Test the tenant Simple Mail Transport Protocol configuration.
    • post
      Test the tenant Twilio configuration.
    • post
      Evaluate a shortened URL key, redirecting to its long URL if valid.
    • post
      Get the file.
    • post
      Get lower case file name.
    • post
      Authenticate the ZSO session.
    • post
      Login using a tenant Certificate authority certificate.
    • post
      Clears the Mac Safari Zso cookie.
    • post
      Is the Mac Safari Zso cookie set.
    • post
      Checks to see if sessionId is authenticated.
    • post
      Sets the Mac Safari Zso cookie.
  • Resource Management
    • post
      Add an AWS Access Key and Secret.
    • post
      Deletes an access key for an IAM user.
    • post
      Gets Access Keys for an IAM user.
    • post
      Retrieve an access key ID and secret access key for an IAM user.
    • post
      Verify an AWS Access Key and Secret
    • post
      Verify an AWS Access Key and Secret for an IAM User name and Cloud Provider.
    • post
      AddCloudProvider - Adds a cloud provider.
    • post
      DeleteCloudProvider - Deletes a cloud provider.
    • post
      Creates a asynchronous operation which will delete all cloud providers.
    • post
      GetAllCloudProviders - Gets all cloud providers.
    • post
      GetCloudProvider - Gets a cloud provider.
    • post
      Gets list of grants associated with a set of cloud providers.
    • post
      Gets list of grants associated with a cloud provider.
    • post
      Grant permissions on cloud provider sets.
    • post
      Grant permissions on cloud providers
    • post
      UpdateCloudProvider - Updates a cloud provider
    • post
      Get list of permissions associated with a set.
    • post
      Grant permissions on a set
    • post
      Execute the Dzdo authentication challenge.
    • post
      Get the Dzdo and the Mfa challenge profile ids.
    • post
      Execute the Mfa authentication challenge.
    • post
      Sets the Dzdo and the Mfa challenge profile id.
    • post
      Adds an alternate account discovery profile.
    • post
      Cancel all running Alternate Account Discovery jobs.
    • post
      Clear owner account set on the alternate account.
    • post
      Commit a discovered alternate account.
    • post
      Commit a list of discovered alternate accounts.
    • post
      Deletes a list of alternate account discovery profiles.
    • post
      Delete an alternate account discovery profile.
    • post
      Gets an alternate account discovery profile.
    • post
      Gets a list of alternate account discovery profiles.
    • post
      Get the current user's dash A accounts that they can checkout
    • post
      Gets the current user rights of the alternate account discovery profile.
    • post
      Starts a job for each of the alternate account discovery profile ids provided.
    • post
      Set alternate account discovery profile permissions.
    • post
      Changes the discovery account.
    • post
      Update an alternate account discovery profile.
    • post
      Add a discovery account.
    • post
      Are any discovery accounts referenced.
    • post
      Delete a blacklisted computer.
    • post
      Delete a discovery account.
    • post
      Delete a host from the excluded discovery list.
    • post
      Get discovery profile permissions.
    • post
      Get a list of hosts excluded from discovery.
    • post
      Get discovery job history.
    • post
      Set discovery profile permissions.
    • post
      Update a discovery account.
    • post
      Get the quick start state.
    • post
      Manage accounts.
    • post
      Run the quick start discovery job.
    • post
      Verify the administrator account.
    • post
      AddResourceProfile - Adds a resource profile.
    • post
      DeleteResourceProfile - Deletes a resource profile.
    • post
      ExportResourceProfilePackage - zips a resource profile into a package.
    • post
      GetAllResourceProfiles - Gets all resource profiles.
    • post
      GetResourceProfile - Gets a resource profile.
    • post
      Gets list of grants associated with a set of resource profiles.
    • post
      Gets list of grants associated with a resource profile.
    • post
      OpenResourceProfilePackage - unzips and validates a resource profile package.
    • post
      Grant permissions on resource profile sets.
    • post
      Grant permissions on resource profiles
    • post
      UpdateResourceProfile - Updates a resource profile
    • post
      Convert current agent from using machine cert to using OAuth.
    • post
      Deprecated -- Enroll
    • post
      Enrolls a machine to the CIP using user credentials.
    • post
      Enrolls a machine to the CIP using user credentials.
    • post
      Returns a machine certificate.
    • post
      Gets a DirectAudit configuration.
    • post
      Returns offline OTP settings for the enrolled machine
    • post
      Register
    • post
      Enrolls a machine to the CIP using an enrollment code.
    • post
      Enrolls a machine to the CIP using an enrollment code.
    • post
      Unenroll an enrolled Agent.
    • post
      Aysnchronous operation for unenrolling agents.
    • post
      Add an account for a resource
    • post
      Add a list of accounts.
    • post
      Add a database
    • post
      Add a list of databases.
    • post
      Add a domain
    • post
      Add a list of domains.
    • post
      Add a system
    • post
      Add a list of system resources.
    • post
      AddSecret - Adds a secret
    • post
      Adds a secret folder.
    • post
      Add an SSH key as a JSON string.
    • post
      Add an SSH key as a file in multipart/form-data.
    • post
      Checks if an SSH key can be deleted. Currently just looks for any accounts using this key.
    • post
      Checks in an account password
    • post
      Check whether offline OTP is available for the computer
    • post
      Checks out an account password
    • post
      Create a Discovery Profile
    • post
      Delete an account
    • post
      Delete multiple accounts in background job.
    • post
      Delete a database
    • post
      Delete a domain
    • post
      Delete a resource
    • post
      Creates a asynchronous operation which will delete all resources and associate accounts in the background.
    • post
      DeleteSecret - Deletes a secret
    • post
      Deletes a secret folder.
    • post
      Delete an SSH key.
    • post
      Delete one or more SSH Keys. SSH keys in the set that require an MFA challenge to delete will fail to delete. The exception is if RunSync is true and a single ssh key is included in the Ids array. That case will follow Centrify's standard MFA challenge pattern for API requests.
    • post
      Downloads a secret file in data chunks.
    • post
      Extend checkout time for a password
    • post
      Generate an SSH key based on given parameters
    • post
      Generate an SSH key based on given parameters
    • post
      Gets list of grants associated with collection of accounts
    • post
      Gets list of permissions associated with an account
    • post
      Retrieves Accounts for Login
    • post
      Gets all visible accounts for a resource
    • post
      Get's agent profile (if there is one) for a resource
    • post
      Get Challenges for login to a System
    • post
      Get Rights on Computer for current user.
    • post
      Get computer for ssh key accounts.
    • post
      Gets list of grants associated with collection of databases
    • post
      Get list of permissions associated with a database
    • post
      Gets list of grants associated with collection of domains
    • post
      Gets list of grants associated with a domain
    • post
      Retrieve token for an account
    • post
      Retrieve token settings for an account
    • post
      Returns an offline OTP for the computer
    • post
      Gets list of grants associated with collection of resources
    • post
      Gets list of grants associated with resource
    • post
      Get a retired password of an account
    • post
      Get the rsop policy for the user and entity. If no user is passed in then the rsop will be for the current user.
    • post
      GetSecret - Gets secret metadata
    • post
      Fetch the workflow settings associated with a secret
    • post
      Gets list of grants associated with a collection of secrets
    • post
      Gets a secret folder.
    • post
      Get secret folders can move to.
    • post
      Fetch the rights and authentication challenges associated with a secret.
    • post
      Gets a folder and its contents (secrets, sub-folders)
    • post
      Gets the permissions for a folder.
    • post
      Gets the rights and challenges for a secret folder.
    • post
      Get secret to be replaced.
    • post
      Gets all active sessions
    • post
      Gets list of grants associated with collection of SSH keys
    • post
      Gets an SSH key without any of the sensitive fields (PrivateKey, PublicKey, Passphrase)
    • post
      Gets list of permissions associated with a SSH key
    • post
      Fetch the rights and authentication challenges associated with an SSH Key
    • post
      Fetch the SSH keys available for login.
    • post
      Creates a asynchronous operation which will attempt to put all accounts under management.
    • post
      Moves a secret folder
    • post
      Moves a secret (between folders)
    • post
      Delete multiple accounts at once
    • post
      Rotate multiple accounts at once
    • post
      Check a domain exists or not
    • post
      Pre Checkout call to get info for Checkout.
    • post
      Retrieve TOTP token for an account
    • post
      Request secret download url.
    • post
      Request secret upload url.
    • post
      Retrieves the secret entity
    • post
      Retrieves the secret entity.
    • post
      Retrieve an SSH key.
    • post
      Rotate password of a managed account
    • post
      Rotate multiple accounts at once
    • post
      Grant permissions on account collections
    • post
      Grants permissions on accounts
    • post
      Grant permissions on a database
    • post
      Grant permissions on a domain collection.
    • post
      Grant permissions on domains
    • post
      Set escrow key from file.
    • post
      Sets an mfa token on an account
    • post
      Grant permissions on resource collections
    • post
      Grant permissions on resources
    • post
      Sets a list of grants associated with a collection of secrets.
    • post
      Sets permissions on a secret
    • post
      Sets the permissions on a folder.
    • post
      Grant permissions on SSH keys collection
    • post
      Grants permissions on SSH keys
    • post
      Terminate an active session
    • post
      Update an account
    • post
      Update a database
    • post
      Updates a domain
    • post
      Updates password of an account
    • post
      Update a system
    • post
      UpdateSecret - Updates a secret
    • post
      Updates a secret folder.
    • post
      Update server settings
    • post
      Update fields on an SSH key.
    • post
      Upload secret file in chunks.
    • post
      Walks thru a checklist of items to verify a domain administrative account can help manage local accounts on a domain joined system
    • post
      Get login url.
    • post
      Add a subscription.
    • post
      Create a multiplexed account.
    • post
      Delete a multiplexed account.
    • post
      Delete a subscription.
    • post
      Get all delayed multiplexed accounts.
    • post
      Get multiplexed account.
    • post
      Get list of permissions associated with a multiplexed account
    • post
      Get multiplexed account rights.
    • post
      Get all multiplexed accounts.
    • post
      Get a subscription.
    • post
      Gets list of grants associated with collection of subscriptions
    • post
      Get list of permissions associated with a subscription
    • post
      Get subscription rights.
    • post
      Push a subscription.
    • post
      Grant permissions on a multiplexed account
    • post
      Grant permissions on a subscription collection
    • post
      Grant permissions on a subscription
    • post
      Sync my subscriptions.
    • post
      Update a multiplexed account.
    • post
      Update a subscription.
    • post
      Create assignment.
    • post
      Delete expired assignments.
    • post
      Get all roles.
    • post
      Get workflow approvers.
    • post
      Get the domain configuration.
    • post
      Get resource roles.
    • post
      Refresh the resource's "zone joined" status.
    • post
      Validate user role request.
  • Cloud User Management
    • post
      Change cloud user properties.
    • post
      Create a new user in the Cloud Directory Service.
    • post
      Create a new user in the Cloud Directory Service using minimal user information.
    • post
      Create new users in the Cloud Directory Service.
    • post
      Delete a cloud user. (DEPRECATED)
    • post
      Get details for a specified cloud user.
    • post
      Get details for a specified user by name.
    • post
      Get all cloud users.
    • post
      Removes AuthSource for list of users
    • post
      Removes AuthSource from all users for a given Federation
    • post
      Set a cloud user's picture file.
    • post
      Set user State (locked, disabled, expired) for a specified cloud user.
    • post
      MultiFactor Auth support: answer out of band challenge.
    • post
      Determines if user needs step-up authentication.
    • post
      Fetches a one-time passcode for the specified use.
    • post
      Deprecated -- User login.
    • post
      Logout current user.
    • post
      Start social authentication.
    • post
      Checks to see if user has execute rights on the task.
    • post
      Checks to see if user has execute rights on a list of tasks.
    • post
      Looks for the multi auth customer response.
    • post
      Looks for the multi auth customer response.
    • post
      Confirms user authentication state.
    • post
      Check if a user profile challenge is required for the current user.
    • post
      Get the user preferences.
    • post
      DEPRECATED -- This API is deprecated and should not be used.
    • post
      Uncache the user preferences.
  • Directory Services
    • post
      Bulk imports users from csv file.
    • post
      Performs the action after confirming permission to do so.
  • Role Management
    • post
      Assigns directoryfile rights to roles.
    • post
      Assigns directory rights to roles.
    • post
      Assigns file rights to roles.
    • post
      Get list of administrative rights associated with a role.
    • post
      List the roles and rights to a directoryfile.
    • post
      List the roles and rights of a directory.
    • post
      List the roles and rights of a file.
    • post
      List the Dashboard roles and rights.
    • post
      List the Report roles and rights.
    • post
      Get the users for the specfied role id and return the paged results.
    • post
      Update specific attributes of a Role, leaving the rest unchanged.
    • post
      Add principals to role.
    • post
      Delete a role.
    • post
      Delete a list of Roles.
    • post
      Fetch a Role.
    • post
      Fetch a Role's principals.
    • post
      Remove principals from role.
    • post
      Create a Principal List role.
    • post
      Deprecated -- Update a Role.
  • Workflow Management
    • post
      Deletes a workflow job
    • post
      Sends a workflow event to a workflow
    • post
      Gets a workflow job
    • post
      Gets list of workflow jobs
    • post
      Gets list of workflow jobs associated with the current user
    • post
      Starts a workflow job
  • Device Management
    • post
      Delete a device (Mobile + OSX)
    • post
      Disable SSO on device (Mobile + OSX)
    • post
      Enable SSO on device (Mobile + OSX)
    • post
      Lock client app (Mobile)
    • post
      Ping a device (Mobile + OSX)
    • post
      Reapply device policies (Mobile + OSX)
    • post
      Reset client app lock pin (Mobile)
    • post
      Grant permissions on devices
    • post
      Set a device as primary (Mobile)
    • post
      Update device policies (Mobile + OSX)
    • post
      Grant permissions on applicationss
  • Application Management
    • post
      Get meta
    • post
      Delete an application.
    • post
      Gets the ID of an app from its service name
    • post
      Get information for an application.
    • post
      Get information for application templates.
    • post
      Create an application.
    • post
      Checks if Application is still available in the catalog.
    • post
      Update an application.
    • post
      Get an application's data.
    • post
      Return a user's portal applications and how the user has access to each application.
    • post
      Get the list of application tags for the current user.
    • post
      Gets all available data for the user portal in one call.
    • post
      Set user credentials for an application.
    • post
      Add and update application tags for the current user.

Server Management

  • post
    Run Discovery
  • post
    Get Discovery Status
  • post
    Get Discovery Profiles

Role Management

  • post
    /SaasManage/GetRoleApps

Server Session

  • get
    /serversession/jumpterm

Server Agent

  • post
    /ServerAgent/AddEnrollmentCode

uprest

  • get
    HandleAppClick
  • get
    getSSOToken

Application Management

  • post
    /saasManage/GetScript
  • post
    /SaaSManage/SetApplicationPermissions

Analytics

  • post
    /rules/webhook
  • post
    /rules/webhook/test
  • post
    /rules/{id}/status
  • get
    /rules
  • post
    /file/export/rules/webhook/{name}
  • post
    /file/import/rules/webhook
  • delete
    /rules/{id}
  • post
    /apis/access_tokens
  • get
    /apis/access_tokens
  • get
    /apis/scopes
  • put
    /apis/access_tokens/{id}/activate
  • put
    /apis/access_tokens/{id}/inactivate
  • delete
    /apis/access_tokens/{id}
  • get
    /dataset/system/models

Getting Started

  • Centrify Identity Services API
  • The Basics
  • Use Queries
View All 6

Authenticate and Authorize Users

  • Overview
  • Authentication Quick Start
  • About OpenID Connect
View All 15

Installation Guides

  • AWS CLI for Centrify
  • AWS Powershell Utility V10

Manage Users

  • User Management
  • Create and Manage Cloud Directory Users
  • Manage Applications for Users
View All 11

Manage Resources

  • Add Resources
  • Monitor Connector Status
  • Create and Manage Secrets
View All 8

Manage Applications

  • Manage Access to Applications
  • Add Applications to a Website
  • Editing Custom Logic
View All 4

Mobilize

  • Manage Devices

Authentication and Privilege Elevation Services

  • Audit and Monitoring
  • Direct Manage
  • Manage Federations
View All 4

Discover

  • Discover Resources

Example Projects

  • AWS AutoScaling
  • AWS OpsWorks
  • AWS Automation
View All 4

Analytics

  • Work with Analytics Endpoints
  • Webhooks
  • 1.669.444.5200
  • Contact Us
  • ©2020 Centrify Corporation. All rights reserved.
  • Privacy
  • Terms of Use
  • Sitemap