Query structured spec data via REST or MCP. Get exactly what your agent needs.
https://console.jumpcloud.com/api/v2
/activedirectories
This endpoint allows you to list all your Active Directory Instances.
curl -X GET https://console.jumpcloud.com/api/v2/activedirectories/ \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| fields | query | optional | array | The comma separated fields included in the returned records. |
| filter | query | optional | array | A filter to apply to the query. Filter structure: field = Populate with a valid field from an endpoint response. operator = Supported operators are: eq, ne, gt, ge, lt, le, between, search, in. value = Populate with the value you want to search for. Is case sensitive. Supports wild cards. EX: |
| limit | query | optional | integer | The number of records to return at once. Limited to 100. |
| skip | query | optional | integer | The offset into the records to return. |
| sort | query | optional | array | The comma separated fields used to sort the collection. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
GET /activedirectories
/activedirectories
This endpoint allows you to create a new Active Directory.
curl -X POST https://console.jumpcloud.com/api/v2/activedirectories/ \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"domain": "{DC=AD_domain_name;DC=com}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
active-directory
| Property | Type | Required |
|---|---|---|
| id | string | optional |
| domain | string | optional |
| useCase | string | optional |
| primaryAgent | string | optional |
POST /activedirectories
/activedirectories/{activedirectory_id}/agents
This endpoint allows you to list all your Active Directory Agents for a given Instance.
curl -X GET https://console.jumpcloud.com/api/v2/activedirectories/{activedirectory_id}/agents \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| activedirectory_id | path | required | string | — |
| limit | query | optional | integer | The number of records to return at once. Limited to 100. |
| skip | query | optional | integer | The offset into the records to return. |
| sort | query | optional | array | The comma separated fields used to sort the collection. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
GET /activedirectories/{activedirectory_id}/agents
/activedirectories/{activedirectory_id}/agents
This endpoint allows you to create a new Active Directory Agent.
curl -X POST https://console.jumpcloud.com/api/v2/activedirectories/{activedirectory_id}/agents \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{ "agent_type":"{SYNC}" }'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| activedirectory_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
active-directory-agent
| Property | Type | Required |
|---|---|---|
| agentType | string | optional |
POST /activedirectories/{activedirectory_id}/agents
/activedirectories/{activedirectory_id}/agents/{agent_id}
This endpoint deletes an Active Directory agent.
curl -X DELETE https://console.jumpcloud.com/api/v2/activedirectories/{activedirectory_id}/agents/{agent_id} \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| activedirectory_id | path | required | string | — |
| agent_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
DELETE /activedirectories/{activedirectory_id}/agents/{agent_id}
/activedirectories/{activedirectory_id}/agents/{agent_id}
This endpoint returns an Active Directory agent.
curl -X GET https://console.jumpcloud.com/api/v2/activedirectories/{activedirectory_id}/agents/{agent_id} \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| activedirectory_id | path | required | string | — |
| agent_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
GET /activedirectories/{activedirectory_id}/agents/{agent_id}
/activedirectories/{id}
This endpoint allows you to delete an Active Directory Instance.
curl -X DELETE https://console.jumpcloud.com/api/v2/activedirectories/{ActiveDirectory_ID} \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| id | path | required | string | ObjectID of this Active Directory instance. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
OK
DELETE /activedirectories/{id}
/activedirectories/{id}
This endpoint returns a specific Active Directory.
curl -X GET https://console.jumpcloud.com/api/v2/activedirectories/{ActiveDirectory_ID} \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| id | path | required | string | ObjectID of this Active Directory instance. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
GET /activedirectories/{id}
/activedirectories/{id}
This endpoint allows you to update Active Directory.
curl -X PATCH https://console.jumpcloud.com/api/v2/activedirectories/{Domain_ID} \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"domain": "{DC=DOMAIN;DC=COM}",
"use_case": "{ADASAUTHORITY}"
}' \
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| id | path | required | string | ObjectID of this Active Directory instance. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
active-directory
| Property | Type | Required |
|---|---|---|
| id | string | optional |
| domain | string | optional |
| useCase | string | optional |
| primaryAgent | string | optional |
PATCH /activedirectories/{id}
/administrators/{administrator_id}/organizationlinks/{id}
This endpoint removes the association link between an Administrator and an Organization.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| administrator_id | path | required | string | — |
| id | path | required | string | — |
No Content
DELETE /administrators/{administrator_id}/organizationlinks/{id}
/administrators/{id}/organizationlinks
This endpoint returns the association links between an Administrator and Organizations.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| id | path | required | string | — |
| limit | query | optional | integer | The number of records to return at once. Limited to 100. |
| skip | query | optional | integer | The offset into the records to return. |
OK
GET /administrators/{id}/organizationlinks
/administrators/{id}/organizationlinks
This endpoint allows you to grant Administrator access to an Organization.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| id | path | required | string | — |
application/json
AdministratorOrganizationLinkReq
| Property | Type | Required |
|---|---|---|
| organization | string | optional |
OK
POST /administrators/{id}/organizationlinks
/organizations/{id}/administratorlinks
This endpoint returns the association links between an Organization and Administrators.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| id | path | required | string | — |
| limit | query | optional | integer | The number of records to return at once. Limited to 100. |
| skip | query | optional | integer | The offset into the records to return. |
GET /organizations/{id}/administratorlinks
/systems/{systemObjectId}/aggregated-policy-stats
Gets the aggregated policy stats for a system.
curl -X GET https://console.jumpcloud.com/api/v2/systems/{system_object_id}/aggregated-policy-stats \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key:{API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| systemObjectId | path | required | string | — |
| organizationObjectId | query | optional | string | — |
An unexpected error response.
A successful response.
GET /systems/{systemObjectId}/aggregated-policy-stats
/applemdms
Get a list of all Apple MDM configurations. An empty topic indicates that a signed certificate from Apple has not been provided to the PUT endpoint yet.
Note: currently only one MDM configuration per organization is supported.
curl https://console.jumpcloud.com/api/v2/applemdms \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
| limit | query | optional | integer | — |
| skip | query | optional | integer | The offset into the records to return. |
| filter | query | optional | array | A filter to apply to the query. Filter structure: field = Populate with a valid field from an endpoint response. operator = Supported operators are: eq, ne, gt, ge, lt, le, between, search, in. value = Populate with the value you want to search for. Is case sensitive. Supports wild cards. EX: |
GET /applemdms
/applemdms/{apple_mdm_id}/csr
Retrieves an Apple MDM signed CSR Plist for an organization. The user must supply the returned plist to Apple for signing, and then provide the certificate provided by Apple back into the PUT API.
curl -X GET https://console.jumpcloud.com/api/v2/applemdms/{APPLE_MDM_ID}/csr \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
GET /applemdms/{apple_mdm_id}/csr
/applemdms/{apple_mdm_id}/depkey
Retrieves an Apple MDM DEP Public Key.
curl https://console.jumpcloud.com/api/v2/applemdms/{APPLE_MDM_ID}/depkey \
-H 'accept: application/x-pem-file' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
GET /applemdms/{apple_mdm_id}/depkey
/applemdms/{apple_mdm_id}/devices
Lists all Apple MDM devices.
The filter and sort queries will allow the following fields:
createdAt
depRegistered
enrolled
id
osVersion
serialNumber
udid
curl -X GET https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices \
-H 'accept: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| limit | query | optional | integer | The number of records to return at once. Limited to 100. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
| skip | query | optional | integer | The offset into the records to return. |
| filter | query | optional | array | A filter to apply to the query. Filter structure: field = Populate with a valid field from an endpoint response. operator = Supported operators are: eq, ne, gt, ge, lt, le, between, search, in. value = Populate with the value you want to search for. Is case sensitive. Supports wild cards. EX: |
| sort | query | optional | array | The comma separated fields used to sort the collection. |
| x-total-count | header | optional | integer | — |
OK
GET /applemdms/{apple_mdm_id}/devices
/applemdms/{apple_mdm_id}/devices/{device_id}
Remove a single Apple MDM device from MDM enrollment.
curl -X DELETE https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id} \
-H 'accept: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
OK
DELETE /applemdms/{apple_mdm_id}/devices/{device_id}
/applemdms/{apple_mdm_id}/devices/{device_id}
Gets a single Apple MDM device.
curl -X GET https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id} \
-H 'accept: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
OK
GET /applemdms/{apple_mdm_id}/devices/{device_id}
/applemdms/{apple_mdm_id}/devices/{device_id}/clearActivationLock
Clears the activation lock on the specified device.
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/clearActivationLock \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/clearActivationLock
/applemdms/{apple_mdm_id}/devices/{device_id}/erase
Erases a DEP-enrolled device.
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/erase \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
ApplemdmsDeviceseraseRequest
| Property | Type | Required |
|---|---|---|
| pin | string | optional |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/erase
/applemdms/{apple_mdm_id}/devices/{device_id}/lock
Locks a DEP-enrolled device.
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/lock \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
ApplemdmsDeviceslockRequest
| Property | Type | Required |
|---|---|---|
| pin | string | optional |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/lock
/applemdms/{apple_mdm_id}/devices/{device_id}/osUpdateStatus
Pass through to request the status of an OS update
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/osUpdateStatus \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/osUpdateStatus
/applemdms/{apple_mdm_id}/devices/{device_id}/refreshActivationLockInformation
Refreshes the activation lock information for a device
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/refreshActivationLockInformation \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/refreshActivationLockInformation
/applemdms/{apple_mdm_id}/devices/{device_id}/restart
Restarts a DEP-enrolled device.
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/restart \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{"kextPaths": ["Path1", "Path2"]}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
ApplemdmsDevicesrestartRequest
| Property | Type | Required |
|---|---|---|
| kextPaths | array | optional |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/restart
/applemdms/{apple_mdm_id}/devices/{device_id}/scheduleOSUpdate
Schedules an OS update for a device
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/scheduleOSUpdate \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{"install_action": "INSTALL_ASAP", "product_key": "key"}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
ScheduleOSUpdate
| Property | Type | Required |
|---|---|---|
| product_key | string | required |
| install_action | string | required |
| max_user_deferrals | integer | optional |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/scheduleOSUpdate
/applemdms/{apple_mdm_id}/devices/{device_id}/shutdown
Shuts down a DEP-enrolled device.
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/shutdown \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/shutdown
/applemdms/{apple_mdm_id}/enrollmentprofiles
Get a list of enrollment profiles for an apple mdm.
Note: currently only one enrollment profile is supported.
curl https://console.jumpcloud.com/api/v2/applemdms/{APPLE_MDM_ID}/enrollmentprofiles \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
GET /applemdms/{apple_mdm_id}/enrollmentprofiles
/applemdms/{apple_mdm_id}/enrollmentprofiles/{id}
Get an enrollment profile
Currently only requesting the mobileconfig is supported.
curl https://console.jumpcloud.com/api/v2/applemdms/{APPLE_MDM_ID}/enrollmentprofiles/{ID} \
-H 'accept: application/x-apple-aspen-config' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
GET /applemdms/{apple_mdm_id}/enrollmentprofiles/{id}
/applemdms/{apple_mdm_id}/refreshdepdevices
Refreshes the list of devices that a JumpCloud admin has added to their virtual MDM in Apple Business Manager - ABM so that they can be DEP enrolled with JumpCloud.
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/refreshdepdevices \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
POST /applemdms/{apple_mdm_id}/refreshdepdevices
/applemdms/{id}
Removes an Apple MDM configuration.
Warning: This is a destructive operation and will remove your Apple Push Certificates. We will no longer be able to manage your devices and the only recovery option is to re-register all devices into MDM.
curl -X DELETE https://console.jumpcloud.com/api/v2/applemdms/{id} \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
DELETE /applemdms/{id}
/applemdms/{id}
Updates an Apple MDM configuration. This endpoint is used to supply JumpCloud with a signed certificate from Apple in order to finalize the setup and allow JumpCloud to manage your devices. It may also be used to update the DEP Settings.
curl -X PUT https://console.jumpcloud.com/api/v2/applemdms/{ID} \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"name": "MDM name",
"appleSignedCert": "{CERTIFICATE}",
"encryptedDepServerToken": "{SERVER_TOKEN}",
"dep": {
"welcomeScreen": {
"title": "Welcome",
"paragraph": "In just a few steps, you will be working securely from your Mac.",
"button": "continue",
},
},
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
apple-mdm-patch
| Property | Type | Required |
|---|---|---|
| dep | object | optional |
| └ welcomeScreen | object | optional |
| └ title | string | optional |
| └ button | string | optional |
| └ paragraph | string | optional |
| └ setupAssistantOptions | array | optional |
| └ option | string | optional |
| └ enableZeroTouchEnrollment | boolean | optional |
| ades | object | optional |
| └ ios | object | optional |
| └ setupOptions | array | optional |
| └ welcomeScreen | object | optional |
| └ title | string | optional |
| └ button | string | optional |
| └ paragraph | string | optional |
| └ setupAssistantOptions | array | optional |
| └ option | string | optional |
| └ enableZeroTouchEnrollment | boolean | optional |
| └ defaultDeviceGroupObjectIds | array | optional |
| └ macos | object | optional |
| └ setupOptions | array | optional |
| └ welcomeScreen | object | optional |
| └ title | string | optional |
| └ button | string | optional |
| └ paragraph | string | optional |
| └ setupAssistantOptions | array | optional |
| └ option | string | optional |
| └ enableZeroTouchEnrollment | boolean | optional |
| └ defaultDeviceGroupObjectIds | array | optional |
| name | string | optional |
| appleSignedCert | string | optional |
| defaultSystemGroupID | string | optional |
| appleCertCreatorAppleID | string | optional |
| encryptedDepServerToken | string | optional |
| allowMobileUserEnrollment | boolean | optional |
| defaultIosUserEnrollmentDeviceGroupID | string | optional |
PUT /applemdms/{id}
/applications/{application_id}
The endpoint retrieves an Application.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| application_id | path | required | string | ObjectID of the Application. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
OK
GET /applications/{application_id}
/applications/{application_id}/import/jobs
This endpoint allows you to create a user import job that will import new users and/or update existing users in JumpCloud from the application. The endpoint can currently only be used for applications that have an active Identity Management custom API integration. The request will fail with a “Not found” error for applications if that type of integration is not configured. To learn more about configuring this type of integration, read Import users from an external identity source using a custom API integration.
curl -X POST https://console.jumpcloud.com/api/v2/applications/{application_id}/import/jobs \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-H 'x-org-id: {ORG_ID}' \
-d '{
"allowUserReactivation": true,
"operations": [
"users.create",
"users.update"
]
"queryString": "location=Chicago&department=IT"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| application_id | path | required | string | ObjectID of the Application. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
ImportUsersRequest
| Property | Type | Required |
|---|---|---|
| operations | array | optional |
| queryString | string | optional |
| allowUserReactivation | boolean | optional |
OK
POST /applications/{application_id}/import/jobs
/applications/{application_id}/import/users
Get a list of users to import from an Application IdM service provider.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| application_id | path | required | string | ObjectID of the Application. |
| filter | query | optional | string | Filter users by a search term |
| query | query | optional | string | URL query to merge with the service provider request |
| sort | query | optional | string | Sort users by supported fields |
| sortOrder | query | optional | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
| limit | query | optional | integer | The number of records to return at once. Limited to 100. |
| skip | query | optional | integer | The offset into the records to return. |
OK
GET /applications/{application_id}/import/users
/applications/{application_id}/logo
Deletes the specified image from an application
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| application_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
NO_CONTENT
DELETE /applications/{application_id}/logo
/applications/{application_id}/logo
This endpoint sets the logo for an application.
curl -X POST 'https://console.jumpcloud.com/api/v2/applications/{Application_ID}/logo \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| application_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
multipart/form-data
ApplicationsPostLogoRequest
| Property | Type | Required |
|---|---|---|
| image | string | optional |
NO_CONTENT
POST /applications/{application_id}/logo
/authn/policies
Get a list of all authentication policies.
curl https://console.jumpcloud.com/api/v2/authn/policies \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
| x-total-count | header | optional | integer | — |
| limit | query | optional | integer | The number of records to return at once. Limited to 100. |
| skip | query | optional | integer | The offset into the records to return. |
| filter | query | optional | array | A filter to apply to the query. Filter structure: field = Populate with a valid field from an endpoint response. operator = Supported operators are: eq, ne, gt, ge, lt, le, between, search, in. value = Populate with the value you want to search for. Is case sensitive. Supports wild cards. EX: |
| sort | query | optional | array | The comma separated fields used to sort the collection. |
OK
GET /authn/policies
/authn/policies
Create an authentication policy.
curl -X POST https://console.jumpcloud.com/api/v2/authn/policies \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"name": "Sample Policy",
"disabled": false,
"effect": {
"action": "allow"
},
"targets": {
"users": {
"inclusions": ["ALL"]
},
"userGroups": {
"exclusions": [{USER_GROUP_ID}]
},
"resources": [ {"type": "user_portal" } ]
},
"conditions":{
"ipAddressIn": [{IP_LIST_ID}]
}
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
AuthnPolicy
| Property | Type | Required |
|---|---|---|
| id | string | optional |
| name | string | optional |
| type | string | optional |
| effect | object | optional |
| └ action | string | required |
| └ obligations | object | optional |
| └ mfa | object | optional |
| └ required | boolean | optional |
| └ userVerification | object | optional |
| └ requirement | string | optional |
| targets | object | optional |
| └ users | object | optional |
| └ inclusions | array | optional |
| └ resources | array | optional |
| └ id | string | optional |
| └ type | string | required |
| └ userGroups | object | optional |
| └ exclusions | array | optional |
| └ inclusions | array | optional |
| └ userAttributes | object | optional |
| └ exclusions | array | optional |
| └ field | string | optional |
| └ value | object | optional |
| └ operator | string | optional |
| └ inclusions | array | optional |
| └ field | string | optional |
| └ value | object | optional |
| └ operator | string | optional |
| disabled | boolean | optional |
| conditions | object | optional |
| description | string | optional |
Created
POST /authn/policies
/authn/policies/{id}
Delete the specified authentication policy.
curl -X DELETE https://console.jumpcloud.com/api/v2/authn/policies/{id} \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| id | path | required | string | Unique identifier of the authentication policy |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
OK
DELETE /authn/policies/{id}
/authn/policies/{id}
Return a specific authentication policy.
curl https://console.jumpcloud.com/api/v2/authn/policies/{id} \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| id | path | required | string | Unique identifier of the authentication policy |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
OK
GET /authn/policies/{id}
/authn/policies/{id}
Patch the specified authentication policy.
curl -X PATCH https://console.jumpcloud.com/api/v2/authn/policies/{id} \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{ "disabled": false }'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| id | path | required | string | Unique identifier of the authentication policy |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
AuthnPolicy
| Property | Type | Required |
|---|---|---|
| id | string | optional |
| name | string | optional |
| type | string | optional |
| effect | object | optional |
| └ action | string | required |
| └ obligations | object | optional |
| └ mfa | object | optional |
| └ required | boolean | optional |
| └ userVerification | object | optional |
| └ requirement | string | optional |
| targets | object | optional |
| └ users | object | optional |
| └ inclusions | array | optional |
| └ resources | array | optional |
| └ id | string | optional |
| └ type | string | required |
| └ userGroups | object | optional |
| └ exclusions | array | optional |
| └ inclusions | array | optional |
| └ userAttributes | object | optional |
| └ exclusions | array | optional |
| └ field | string | optional |
| └ value | object | optional |
| └ operator | string | optional |
| └ inclusions | array | optional |
| └ field | string | optional |
| └ value | object | optional |
| └ operator | string | optional |
| disabled | boolean | optional |
| conditions | object | optional |
| description | string | optional |
OK
PATCH /authn/policies/{id}
/bulk/user/expires
The endpoint allows you to start a bulk job to asynchronously expire users.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
BulkUserExpiresRequest
of object
| Property | Type | Required |
|---|---|---|
| id | string | optional |
| attributes | array | optional |
| organization | string | optional |
Created
POST /bulk/user/expires
/bulk/user/unlocks
The endpoint allows you to start a bulk job to asynchronously unlock users.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
BulkUserUnlocksRequest
of object
| Property | Type | Required |
|---|---|---|
| id | string | optional |
| attributes | array | optional |
| organization | string | optional |
Created
POST /bulk/user/unlocks
/bulk/users
The endpoint allows you to create a bulk job to asynchronously update users. See Update a System User for full list of attributes.
curl -X PATCH https://console.jumpcloud.com/api/v2/bulk/users \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '[
{
"id":"5be9fb4ddb01290001e85109",
"firstname":"{UPDATED_FIRSTNAME}",
"department":"{UPDATED_DEPARTMENT}",
"attributes":[
{"name":"Custom","value":"{ATTRIBUTE_VALUE}"}
]
},
{
"id":"5be9fb4ddb01290001e85109",
"firstname":"{UPDATED_FIRSTNAME}",
"costCenter":"{UPDATED_COST_CENTER}",
"phoneNumbers":[
{"type":"home","number":"{HOME_PHONE_NUMBER}"},
{"type":"work","number":"{WORK_PHONE_NUMBER}"}
]
}
]
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
BulkUsersUpdateRequest
of object
| Property | Type | Required |
|---|---|---|
| id | string | optional |
| string | optional | |
| lastname | string | optional |
| username | string | optional |
| firstname | string | optional |
| attributes | array | optional |
| organization | string | optional |
PATCH /bulk/users
/bulk/users
The endpoint allows you to create a bulk job to asynchronously create users.
See Create a System User
for the full list of attributes.
The state of each user in the request can be explicitly passed in or
omitted. If state is omitted, then the user will get created
using the value returned from the
Get an Organization
endpoint. The default user state for bulk created users depends on the
creation-source header. For creation-source:jumpcloud:bulk the
default state is stored in settings.newSystemUserStateDefaults.csvImport.
For other creation-source header values, the default state is stored in
settings.newSystemUserStateDefaults.applicationImport
These default state values can be changed in the admin portal settings
or by using the
Update an Organization
endpoint.
curl -X POST https://console.jumpcloud.com/api/v2/bulk/users \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '[
{
"email":"{email}",
"firstname":"{firstname}",
"lastname":"{firstname}",
"username":"{username}",
"attributes":[
{
"name":"EmployeeID",
"value":"0000"
},
{
"name":"Custom",
"value":"attribute"
}
]
}
]'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
| creation-source | header | optional | string | Defines the creation-source header for gapps, o365 and workdays requests. |
application/json
BulkUsersCreateRequest
of object
| Property | Type | Required |
|---|---|---|
| string | optional | |
| lastname | string | optional |
| username | string | optional |
| firstname | string | optional |
| attributes | array | optional |
POST /bulk/users
/bulk/users/{job_id}/results
This endpoint will return the results of particular user import or update job request.
curl -X GET \
https://console.jumpcloud.com/api/v2/bulk/users/{ImportJobID}/results \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| job_id | path | required | string | — |
| limit | query | optional | integer | The number of records to return at once. Limited to 100. |
| skip | query | optional | integer | The offset into the records to return. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
GET /bulk/users/{job_id}/results
/bulk/userstates
The endpoint allows you to list scheduled statechange jobs.
curl -X GET "https://console.jumpcloud.com/api/v2/bulk/userstates" \
-H 'x-api-key: {API_KEY}' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| limit | query | optional | integer | The number of records to return at once. Limited to 100. |
| filter | query | optional | array | A filter to apply to the query. Filter structure: field = Populate with a valid field from an endpoint response. operator = Supported operators are: eq, ne, gt, ge, lt, le, between, search, in. value = Populate with the value you want to search for. Is case sensitive. Supports wild cards. EX: |
| skip | query | optional | integer | The offset into the records to return. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
| userid | query | optional | string | The systemuser id to filter by. |
OK
GET /bulk/userstates
/bulk/userstates
This endpoint allows you to create scheduled statechange jobs.
curl -X POST "https://console.jumpcloud.com/api/v2/bulk/userstates" \
-H 'x-api-key: {API_KEY}' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
"user_ids": ["{User_ID_1}", "{User_ID_2}", "{User_ID_3}"],
"state": "SUSPENDED",
"start_date": "2000-01-01T00:00:00.000Z"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
bulk-scheduled-statechange-create
| Property | Type | Required |
|---|---|---|
| state | string | required |
| user_ids | array | required |
| start_date | string | required |
| send_activation_emails | boolean | optional |
| activation_email_override | string | optional |
Created
Bad Request
Unauthorized
Internal Server Error
POST /bulk/userstates
ADE
{
"type": "object",
"title": "ADE",
"properties": {
"setupOptions": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SetupAssistantOption"
},
"description": "A list of configured setup options for this enrollment."
},
"welcomeScreen": {
"$ref": "#/components/schemas/DEPWelcomeScreen"
},
"setupAssistantOptions": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DEPSetupAssistantOption"
},
"description": "A Setup Option wrapped as an object",
"x-deprecated": true
},
"enableZeroTouchEnrollment": {
"type": "boolean",
"description": "A toggle to determine if ADE registered devices should go through JumpCloud Zero Touch Enrollment."
},
"defaultDeviceGroupObjectIds": {
"type": "array",
"items": {
"type": "string"
},
"nullable": true,
"description": "An array of ObjectIDs identifying the default device groups for this specific type (based on the OS family) of automated device enrollment. Currently, only a single DeviceGroupID is supported."
}
}
}
ADES
{
"type": "object",
"title": "ADES",
"properties": {
"ios": {
"$ref": "#/components/schemas/ADE"
},
"macos": {
"$ref": "#/components/schemas/ADE"
}
}
}
AccessRequestApiRevokeAccessRequestResponse
{
"type": "object",
"example": {},
"properties": {}
}
AccessRequestApiUpdateAccessRequestRequest
{
"type": "object",
"properties": {
"expiry": {
"type": "string",
"format": "date-time"
},
"remarks": {
"type": "string"
},
"additionalAttributes": {
"type": "object"
},
"organizationObjectId": {
"type": "string",
"format": "byte"
}
}
}
AccessRequestApiUpdateAccessRequestResponse
{
"type": "object",
"example": {},
"properties": {}
}
ActivedirectoriesAgentsListResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/active-directory-agent-list"
}
}
ActivedirectoriesListResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/active-directory"
}
}
Address
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"type": {
"type": "string",
"maxLength": 1024
},
"poBox": {
"type": "string",
"maxLength": 1024
},
"region": {
"type": "string",
"maxLength": 1024
},
"country": {
"type": "string",
"maxLength": 1024
},
"locality": {
"type": "string",
"maxLength": 1024
},
"postalCode": {
"type": "string",
"maxLength": 1024
},
"streetAddress": {
"type": "string",
"maxLength": 1024
},
"extendedAddress": {
"type": "string",
"maxLength": 1024
}
}
}
Administrator
{
"type": "object",
"title": "Administrator",
"example": {
"id": "0123456789abcdef01234567",
"email": "joe@example.com",
"lastname": "Blough",
"firstname": "Joe",
"registered": false,
"enableMultiFactor": true
},
"properties": {
"id": {
"type": "string"
},
"role": {
"type": "string"
},
"email": {
"type": "string"
},
"lastname": {
"type": "string"
},
"roleName": {
"type": "string"
},
"apiKeySet": {
"type": "boolean"
},
"firstname": {
"type": "string"
},
"suspended": {
"type": "boolean"
},
"registered": {
"type": "boolean"
},
"apiKeyAllowed": {
"type": "boolean"
},
"enableMultiFactor": {
"type": "boolean"
},
"organizationAccessTotal": {
"type": "number"
}
}
}
AdministratorOrganizationLink
{
"type": "object",
"title": "AdministratorOrganizationLink",
"example": {
"organization": "6230a0d26a4e4bc86c6b36f1",
"administrator": "6230a0c233a6cbea7c470398"
},
"properties": {
"organization": {
"type": "string",
"description": "The identifier for an organization"
},
"administrator": {
"type": "string",
"description": "The identifier for an administrator"
}
}
}
AdministratorOrganizationLinkReq
{
"type": "object",
"title": "AdministratorOrganizationLinkReq",
"example": {
"organization": "6230a0d26a4e4bc86c6b36f1"
},
"properties": {
"organization": {
"type": "string",
"description": "The identifier for an organization to link this administrator to."
}
}
}
AdministratorOrganizationsListByAdministratorResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/AdministratorOrganizationLink"
}
}
AdministratorOrganizationsListByOrganizationResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/AdministratorOrganizationLink"
}
}
AnyValue
{
"description": "Can be any value - string, number, boolean, array or object."
}
AppleMDM
{
"type": "object",
"title": "AppleMDM",
"required": [
"id"
],
"properties": {
"id": {
"type": "string",
"description": "ObjectId uniquely identifying an MDM Enrollment,"
},
"dep": {
"$ref": "#/components/schemas/DEP"
},
"ades": {
"$ref": "#/components/schemas/ADES"
},
"name": {
"type": "string",
"maxLength": 255,
"description": "A friendly name to identify this enrollment. Not required to be unique."
},
"organization": {
"type": "string",
"description": "The identifier for an organization"
},
"apnsPushTopic": {
"type": "string",
"description": "The push topic assigned to this enrollment by Apple after uploading the Signed CSR plist."
},
"apnsCertExpiry": {
"type": "string",
"description": "The expiration date and time for the APNS Certificate."
},
"depServerTokenState": {
"enum": [
"unknown",
"missing",
"valid",
"expired"
],
"type": "string",
"description": "The state of the dep server token, presence and expiry."
},
"defaultSystemGroupID": {
"type": "string",
"description": "ObjectId uniquely identifying the MDM default System Group.",
"x-deprecated": true
},
"depAccessTokenExpiry": {
"type": "string",
"description": "The expiration date and time for the DEP Access Token. This aligns with the DEP Server Token State."
},
"appleCertSerialNumber": {
"type": "string",
"description": "The serial number of the Apple signed certificate associated to the Device Manager."
},
"appleCertCreatorAppleID": {
"type": "string",
"description": "The Apple ID of the admin who created the Apple signed certificate associated to the Device Manager."
},
"allowMobileUserEnrollment": {
"type": "boolean",
"description": "A toggle to allow mobile device enrollment for an organization."
},
"defaultIosUserEnrollmentDeviceGroupID": {
"type": "string",
"description": "ObjectId uniquely identifying the MDM default iOS user enrollment device group."
}
}
}
ApplemdmsDevicesClearActivationLock500Response
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesClearActivationLockResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesOsUpdateStatusResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesRefreshActivationLockInformation500Response
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesRefreshActivationLockInformationResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesScheduleOsUpdateResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDeviceserase500Response
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDeviceseraseRequest
{
"type": "object",
"properties": {
"pin": {
"type": "string",
"example": "123456",
"pattern": "^[0-9]{6}$",
"description": "6-digit PIN, required for MacOS, to erase the device"
}
}
}
ApplemdmsDeviceseraseResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDeviceslistResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/apple-mdm-device"
}
}
ApplemdmsDeviceslock500Response
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDeviceslockRequest
{
"type": "object",
"properties": {
"pin": {
"type": "string",
"example": "123456",
"pattern": "^[0-9]{6}$",
"description": "6-digit PIN, required for MacOS, to lock the device"
}
}
}
ApplemdmsDeviceslockResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesrestart500Response
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesrestartRequest
{
"type": "object",
"properties": {
"kextPaths": {
"type": "array",
"items": {
"type": "string"
},
"description": "The string to pass when doing a restart and performing a RebuildKernelCache."
}
}
}
ApplemdmsDevicesrestartResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesshutdown500Response
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesshutdownResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsEnrollmentprofileslistResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/AppleMDM"
}
}
ApplemdmsListResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/AppleMDM"
}
}
ApplemdmsRefreshdepdevices500Response
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsRefreshdepdevicesResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplicationsGetResponse
{
"type": "object",
"example": {},
"properties": {}
}
ApplicationsPostLogoRequest
{
"type": "object",
"properties": {
"image": {
"type": "string",
"format": "binary",
"description": "The file to upload."
}
}
}
Apps
{
"type": "array",
"items": {
"type": "object",
"properties": {
"osId": {
"type": "integer",
"format": "int32",
"example": 1
},
"appVersion": {
"type": "string",
"example": "1.1.1"
}
}
}
}
AuthnPolicy
{
"type": "object",
"title": "AuthnPolicy",
"properties": {
"id": {
"type": "string",
"readOnly": true
},
"name": {
"type": "string"
},
"type": {
"$ref": "#/components/schemas/AuthnPolicyType"
},
"effect": {
"$ref": "#/components/schemas/AuthnPolicyEffect"
},
"targets": {
"$ref": "#/components/schemas/AuthnPolicyTargets"
},
"disabled": {
"type": "boolean"
},
"conditions": {
"type": "object",
"description": "Conditions may be added to an authentication policy using the following conditional language:\n\n```\n<conditions> ::= <expression>\n<expression> ::= <deviceEncrypted> | <deviceManaged> | <ipAddressIn> |\n <locationIn> | <notExpression> | <allExpression> |\n <anyExpression>\n<deviceEncrypted> ::= { \"deviceEncrypted\": <boolean> }\n<deviceManaged> ::= { \"deviceManaged\": <boolean> }\n<ipAddressIn> ::= { \"ipAddressIn\": [ <objectId>, ... ] }\n<locationIn> ::= { \"locationIn\": {\n \"countries\": [\n <iso_3166_country_code>, ...\n ]\n }\n }\n<notExpression> ::= { \"not\": <expression> }\n<allExpression> ::= { \"all\": [ <expression>, ... ] }\n<anyExpression> ::= { \"any\": [ <expression>, ... ] }\n```\n\nFor example, to add a condition that applies to IP addresses in a given list, the following condition can be added:\n\n```\n{\"ipAddressIn\": [ <ip_list_object_id> ]}\n```\n\nIf you would rather exclude IP addresses in the given lists, the following condition could be added:\n\n```\n{\n \"not\": {\n \"ipAddressIn\": [ <ip_list_object_id_1>, <ip_list_object_id_2> ]\n }\n}\n```\n\nYou may also include more than one condition and choose whether \"all\" or \"any\" of them must be met for the policy to apply:\n\n```\n{\n \"all\": [\n {\n \"ipAddressIn\": [ <ip_list_object_id>, ... ]\n },\n {\n \"deviceManaged\": true\n },\n {\n \"locationIn\": {\n countries: [ <iso_3166_country_code>, ... ]\n }\n }\n ]\n}\n```"
},
"description": {
"type": "string"
}
},
"description": "This represents an authentication policy. See the details of each field for valid values and restrictions."
}
AuthnPolicyEffect
{
"type": "object",
"title": "AuthnPolicyEffect",
"required": [
"action"
],
"properties": {
"action": {
"enum": [
"allow",
"deny",
"unknown"
],
"type": "string"
},
"obligations": {
"$ref": "#/components/schemas/AuthnPolicyObligations"
}
},
"x-examples": {
"example-deny": {
"action": "deny"
},
"example-allow": {
"action": "allow"
},
"example-allow-with-mfa": {
"action": "allow",
"obligations": {
"mfa": {
"required": true
}
}
}
}
}
AuthnPolicyObligations
{
"type": "object",
"title": "AuthnPolicyObligations",
"properties": {
"mfa": {
"type": "object",
"properties": {
"required": {
"type": "boolean"
}
}
},
"userVerification": {
"type": "object",
"properties": {
"requirement": {
"enum": [
"none",
"optional",
"required"
],
"type": "string"
}
}
}
}
}
AuthnPolicyResourceTarget
{
"type": "object",
"title": "AuthnPolicyResourceTarget",
"required": [
"type"
],
"properties": {
"id": {
"type": "string",
"description": "Object ID of the resource target. If undefined, then all resources of the given type are targeted."
},
"type": {
"enum": [
"user_portal",
"application",
"ldap"
],
"type": "string"
}
}
}
AuthnPolicyTargets
{
"type": "object",
"title": "AuthnPolicyTargets",
"properties": {
"users": {
"$ref": "#/components/schemas/AuthnPolicyUserTarget"
},
"resources": {
"type": "array",
"items": {
"$ref": "#/components/schemas/AuthnPolicyResourceTarget"
}
},
"userGroups": {
"$ref": "#/components/schemas/AuthnPolicyUserGroupTarget"
},
"userAttributes": {
"$ref": "#/components/schemas/AuthnPolicyUserAttributeTarget"
}
}
}
AuthnPolicyType
{
"enum": [
"user_portal",
"application",
"ldap"
],
"type": "string",
"title": "AuthnPolicyType",
"default": "user_portal"
}
AuthnPolicyUserAttributeFilter
{
"type": "object",
"title": "AuthnPolicyUserAttributeFilter",
"properties": {
"field": {
"type": "string",
"description": "The only field that is currently supported is ldap_binding_user"
},
"value": {
"$ref": "#/components/schemas/AnyValue"
},
"operator": {
"enum": [
"EQ"
],
"type": "string"
}
}
}
AuthnPolicyUserAttributeTarget
{
"type": "object",
"title": "AuthnPolicyUserAttributeTarget",
"properties": {
"exclusions": {
"type": "array",
"items": {
"$ref": "#/components/schemas/AuthnPolicyUserAttributeFilter"
}
},
"inclusions": {
"type": "array",
"items": {
"$ref": "#/components/schemas/AuthnPolicyUserAttributeFilter"
}
}
},
"description": "User attribute targets are currently only supported for LDAP policies."
}
AuthnPolicyUserGroupTarget
{
"type": "object",
"title": "AuthnPolicyUserGroupTarget",
"properties": {
"exclusions": {
"type": "array",
"items": {
"type": "string"
}
},
"inclusions": {
"type": "array",
"items": {
"type": "string"
}
}
}
}
AuthnPolicyUserTarget
{
"type": "object",
"title": "AuthnPolicyUserTarget",
"properties": {
"inclusions": {
"type": "array",
"items": {
"type": "string"
}
}
}
}
| Version | Endpoints | Schemas | Ingested | Status |
|---|---|---|---|---|
| 2.0 | 416 | 669 | 2026-05-11 | current |
| 2.0 | 416 | 669 | 2026-04-20 | |
| 2.0 | 416 | 669 | 2026-04-20 | |
| 2.0 | 416 | 669 | 2026-04-16 |