Query structured spec data via REST or MCP. Get exactly what your agent needs.
https://console.jumpcloud.com/api/v2
/activedirectories
This endpoint allows you to create a new Active Directory.
curl -X POST https://console.jumpcloud.com/api/v2/activedirectories/ \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"domain": "{DC=AD_domain_name;DC=com}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
active-directory
| Property | Type | Required |
|---|---|---|
| id | string | optional |
| domain | string | optional |
| useCase | string | optional |
| primaryAgent | string | optional |
POST /activedirectories
/activedirectories/{activedirectory_id}/agents
This endpoint allows you to create a new Active Directory Agent.
curl -X POST https://console.jumpcloud.com/api/v2/activedirectories/{activedirectory_id}/agents \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{ "agent_type":"{SYNC}" }'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| activedirectory_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
active-directory-agent
| Property | Type | Required |
|---|---|---|
| agentType | string | optional |
POST /activedirectories/{activedirectory_id}/agents
/administrators/{id}/organizationlinks
This endpoint allows you to grant Administrator access to an Organization.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| id | path | required | string | — |
application/json
AdministratorOrganizationLinkReq
| Property | Type | Required |
|---|---|---|
| organization | string | optional |
OK
POST /administrators/{id}/organizationlinks
/applemdms/{apple_mdm_id}/devices/{device_id}/clearActivationLock
Clears the activation lock on the specified device.
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/clearActivationLock \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/clearActivationLock
/applemdms/{apple_mdm_id}/devices/{device_id}/erase
Erases a DEP-enrolled device.
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/erase \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
ApplemdmsDeviceseraseRequest
| Property | Type | Required |
|---|---|---|
| pin | string | optional |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/erase
/applemdms/{apple_mdm_id}/devices/{device_id}/lock
Locks a DEP-enrolled device.
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/lock \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
ApplemdmsDeviceslockRequest
| Property | Type | Required |
|---|---|---|
| pin | string | optional |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/lock
/applemdms/{apple_mdm_id}/devices/{device_id}/osUpdateStatus
Pass through to request the status of an OS update
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/osUpdateStatus \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/osUpdateStatus
/applemdms/{apple_mdm_id}/devices/{device_id}/refreshActivationLockInformation
Refreshes the activation lock information for a device
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/refreshActivationLockInformation \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/refreshActivationLockInformation
/applemdms/{apple_mdm_id}/devices/{device_id}/restart
Restarts a DEP-enrolled device.
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/restart \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{"kextPaths": ["Path1", "Path2"]}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
ApplemdmsDevicesrestartRequest
| Property | Type | Required |
|---|---|---|
| kextPaths | array | optional |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/restart
/applemdms/{apple_mdm_id}/devices/{device_id}/scheduleOSUpdate
Schedules an OS update for a device
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/scheduleOSUpdate \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{"install_action": "INSTALL_ASAP", "product_key": "key"}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
ScheduleOSUpdate
| Property | Type | Required |
|---|---|---|
| product_key | string | required |
| install_action | string | required |
| max_user_deferrals | integer | optional |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/scheduleOSUpdate
/applemdms/{apple_mdm_id}/devices/{device_id}/shutdown
Shuts down a DEP-enrolled device.
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/devices/{device_id}/shutdown \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| device_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
POST /applemdms/{apple_mdm_id}/devices/{device_id}/shutdown
/applemdms/{apple_mdm_id}/refreshdepdevices
Refreshes the list of devices that a JumpCloud admin has added to their virtual MDM in Apple Business Manager - ABM so that they can be DEP enrolled with JumpCloud.
curl -X POST https://console.jumpcloud.com/api/v2/applemdms/{apple_mdm_id}/refreshdepdevices \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| apple_mdm_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
POST /applemdms/{apple_mdm_id}/refreshdepdevices
/applications/{application_id}/import/jobs
This endpoint allows you to create a user import job that will import new users and/or update existing users in JumpCloud from the application. The endpoint can currently only be used for applications that have an active Identity Management custom API integration. The request will fail with a “Not found” error for applications if that type of integration is not configured. To learn more about configuring this type of integration, read Import users from an external identity source using a custom API integration.
curl -X POST https://console.jumpcloud.com/api/v2/applications/{application_id}/import/jobs \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-H 'x-org-id: {ORG_ID}' \
-d '{
"allowUserReactivation": true,
"operations": [
"users.create",
"users.update"
]
"queryString": "location=Chicago&department=IT"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| application_id | path | required | string | ObjectID of the Application. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
ImportUsersRequest
| Property | Type | Required |
|---|---|---|
| operations | array | optional |
| queryString | string | optional |
| allowUserReactivation | boolean | optional |
OK
POST /applications/{application_id}/import/jobs
/applications/{application_id}/logo
This endpoint sets the logo for an application.
curl -X POST 'https://console.jumpcloud.com/api/v2/applications/{Application_ID}/logo \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| application_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
multipart/form-data
ApplicationsPostLogoRequest
| Property | Type | Required |
|---|---|---|
| image | string | optional |
NO_CONTENT
POST /applications/{application_id}/logo
/authn/policies
Create an authentication policy.
curl -X POST https://console.jumpcloud.com/api/v2/authn/policies \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"name": "Sample Policy",
"disabled": false,
"effect": {
"action": "allow"
},
"targets": {
"users": {
"inclusions": ["ALL"]
},
"userGroups": {
"exclusions": [{USER_GROUP_ID}]
},
"resources": [ {"type": "user_portal" } ]
},
"conditions":{
"ipAddressIn": [{IP_LIST_ID}]
}
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
AuthnPolicy
| Property | Type | Required |
|---|---|---|
| id | string | optional |
| name | string | optional |
| type | string | optional |
| effect | object | optional |
| └ action | string | required |
| └ obligations | object | optional |
| └ mfa | object | optional |
| └ required | boolean | optional |
| └ userVerification | object | optional |
| └ requirement | string | optional |
| targets | object | optional |
| └ users | object | optional |
| └ inclusions | array | optional |
| └ resources | array | optional |
| └ id | string | optional |
| └ type | string | required |
| └ userGroups | object | optional |
| └ exclusions | array | optional |
| └ inclusions | array | optional |
| └ userAttributes | object | optional |
| └ exclusions | array | optional |
| └ field | string | optional |
| └ value | object | optional |
| └ operator | string | optional |
| └ inclusions | array | optional |
| └ field | string | optional |
| └ value | object | optional |
| └ operator | string | optional |
| disabled | boolean | optional |
| conditions | object | optional |
| description | string | optional |
Created
POST /authn/policies
/bulk/user/expires
The endpoint allows you to start a bulk job to asynchronously expire users.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
BulkUserExpiresRequest
of object
| Property | Type | Required |
|---|---|---|
| id | string | optional |
| attributes | array | optional |
| organization | string | optional |
Created
POST /bulk/user/expires
/bulk/user/unlocks
The endpoint allows you to start a bulk job to asynchronously unlock users.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
BulkUserUnlocksRequest
of object
| Property | Type | Required |
|---|---|---|
| id | string | optional |
| attributes | array | optional |
| organization | string | optional |
Created
POST /bulk/user/unlocks
/bulk/users
The endpoint allows you to create a bulk job to asynchronously create users.
See Create a System User
for the full list of attributes.
The state of each user in the request can be explicitly passed in or
omitted. If state is omitted, then the user will get created
using the value returned from the
Get an Organization
endpoint. The default user state for bulk created users depends on the
creation-source header. For creation-source:jumpcloud:bulk the
default state is stored in settings.newSystemUserStateDefaults.csvImport.
For other creation-source header values, the default state is stored in
settings.newSystemUserStateDefaults.applicationImport
These default state values can be changed in the admin portal settings
or by using the
Update an Organization
endpoint.
curl -X POST https://console.jumpcloud.com/api/v2/bulk/users \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '[
{
"email":"{email}",
"firstname":"{firstname}",
"lastname":"{firstname}",
"username":"{username}",
"attributes":[
{
"name":"EmployeeID",
"value":"0000"
},
{
"name":"Custom",
"value":"attribute"
}
]
}
]'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
| creation-source | header | optional | string | Defines the creation-source header for gapps, o365 and workdays requests. |
application/json
BulkUsersCreateRequest
of object
| Property | Type | Required |
|---|---|---|
| string | optional | |
| lastname | string | optional |
| username | string | optional |
| firstname | string | optional |
| attributes | array | optional |
POST /bulk/users
/bulk/userstates
This endpoint allows you to create scheduled statechange jobs.
curl -X POST "https://console.jumpcloud.com/api/v2/bulk/userstates" \
-H 'x-api-key: {API_KEY}' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
"user_ids": ["{User_ID_1}", "{User_ID_2}", "{User_ID_3}"],
"state": "SUSPENDED",
"start_date": "2000-01-01T00:00:00.000Z"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
bulk-scheduled-statechange-create
| Property | Type | Required |
|---|---|---|
| state | string | required |
| user_ids | array | required |
| start_date | string | required |
| send_activation_emails | boolean | optional |
| activation_email_override | string | optional |
Created
Bad Request
Unauthorized
Internal Server Error
POST /bulk/userstates
/customemails
Create the custom email configuration for the specified custom email type.
This action is only available to paying customers.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
CustomEmail
| Property | Type | Required |
|---|---|---|
| id | string | optional |
| body | string | optional |
| type | string | required |
| title | string | optional |
| button | string | optional |
| header | string | optional |
| subject | string | required |
| nextStepContactInfo | string | optional |
OK
POST /customemails
/duo/accounts
Registers a Duo account for an organization. Only one Duo account will be allowed,
in case an organization has a Duo account already a 409 (Conflict) code will be returned.
curl -X POST https://console.jumpcloud.com/api/v2/duo/accounts \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
POST /duo/accounts
/duo/accounts/{account_id}/applications
Creates a Duo application for your organization and the specified account.
curl -X POST https://console.jumpcloud.com/api/v2/duo/accounts/{ACCOUNT_ID}/applications \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"name": "Application Name",
"apiHost": "api-1234.duosecurity.com",
"integrationKey": "1234",
"secretKey": "5678"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| account_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
DuoApplicationReq
| Property | Type | Required |
|---|---|---|
| name | string | required |
| apiHost | string | required |
| secretKey | string | required |
| integrationKey | string | required |
POST /duo/accounts/{account_id}/applications
/gsuites/{gsuite_id}/domains
Add a domain to a specific Google Workspace directory sync integration instance. The domain must be a verified domain in Google Workspace.
curl -X POST https://console.jumpcloud.com/api/v2/gsuites/{gsuite_id}/domains \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{"domain": "{domain name}"}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| gsuite_id | path | required | string | Id for the specific Google Workspace directory sync integration instance. |
| domain | query | optional | string | — |
An unexpected error response.
A successful response.
Created
Unauthorized
Forbidden
Not Found
Conflict
Internal Server Error
POST /gsuites/{gsuite_id}/domains
/gsuites/{gsuite_id}/import/schedules
Endpoint to create a scheduled job for specified Google Workspace integration.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| gsuite_id | path | required | string | ObjectID of the Google Workspace integration |
An unexpected error response.
A successful response.
Created
Unauthorized
Forbidden
Not Found
Internal Server Error
POST /gsuites/{gsuite_id}/import/schedules
/gsuites/{gsuite_id}/translationrules
This endpoint allows you to create a translation rule for a specific G Suite instance. These rules specify how JumpCloud attributes translate to G Suite Admin SDK attributes.
curl -X POST https://console.jumpcloud.com/api/v2/gsuites/{gsuite_id}/translationrules \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
{Translation Rule Parameters}
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| gsuite_id | path | required | string | — |
application/json
GSuiteTranslationRuleRequest
| Property | Type | Required |
|---|---|---|
| builtIn | string | optional |
| direction | string | optional |
POST /gsuites/{gsuite_id}/translationrules
/google-emm/devices/{deviceId}/erase-device
Removes the work profile and all policies from a personal/company-owned Android 8.0+ device. Company owned devices will be relinquished for personal use. Apps and data associated with the personal profile(s) are preserved.
curl -X POST https://console.jumpcloud.com/api/v2/google-emm/devices/{deviceId}/erase-device \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| deviceId | path | required | string | — |
application/json
DevicesEraseDeviceRequest
A successful response.
POST /google-emm/devices/{deviceId}/erase-device
/google-emm/devices/{deviceId}/lock
Locks a Google EMM enrolled device, as if the lock screen timeout had expired.
curl -X POST https://console.jumpcloud.com/api/v2/google-emm/devices/{deviceId}/lock \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| deviceId | path | required | string | — |
application/json
DevicesEraseDeviceRequest
A successful response.
POST /google-emm/devices/{deviceId}/lock
/google-emm/devices/{deviceId}/reboot
Reboots a Google EMM enrolled device. Only supported on fully managed devices running Android 7.0 or higher.
curl -X POST https://console.jumpcloud.com/api/v2/google-emm/devices/{deviceId}/reboot \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| deviceId | path | required | string | — |
application/json
DevicesEraseDeviceRequest
A successful response.
POST /google-emm/devices/{deviceId}/reboot
/google-emm/devices/{deviceId}/resetpassword
Reset the user’s password of a Google EMM enrolled device.
curl -X POST https://console.jumpcloud.com/api/v2/google-emm/devices/{deviceId}/resetpassword \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{ 'new_password' : 'string' }' \
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| deviceId | path | required | string | — |
application/json
DevicesResetPasswordRequest
| Property | Type | Required |
|---|---|---|
| flags | array | optional |
| newPassword | string | optional |
A successful response.
POST /google-emm/devices/{deviceId}/resetpassword
/google-emm/enrollment-tokens
Gets an enrollment token to enroll a device into Google EMM.
curl -X POST https://console.jumpcloud.com/api/v2/google-emm/enrollment-tokens \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
application/json
jumpcloud.google_emm.CreateEnrollmentTokenRequest
| Property | Type | Required |
|---|---|---|
| duration | string | optional |
| zeroTouch | boolean | optional |
| displayName | string | optional |
| oneTimeOnly | boolean | optional |
| createdWhere | string | optional |
| userObjectId | string | optional |
| enrollmentType | string | optional |
| allowPersonalUsage | string | optional |
| enterpriseObjectId | string | optional |
| provisioningExtras | object | optional |
| └ wifiSsid | string | optional |
| └ wifiPassword | string | optional |
| └ wifiSecurityType | string | optional |
| └ wifiHiddenNetwork | boolean | optional |
A successful response.
POST /google-emm/enrollment-tokens
/google-emm/enterprises
Creates a Google EMM enterprise.
curl -X POST https://console.jumpcloud.com/api/v2/google-emm/enterprises \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{ 'signupUrlName': 'string', 'enrollmentToken': 'string' }' \
application/json
jumpcloud.google_emm.CreateEnterpriseRequest
| Property | Type | Required |
|---|---|---|
| signupUrlName | string | optional |
| enrollmentToken | string | optional |
A successful response.
POST /google-emm/enterprises
/google-emm/enterprises/{enterpriseObjectId}/enrollment-tokens
Gets an enrollment token to enroll a device into Google EMM.
curl -X POST https://console.jumpcloud.com/api/v2/google-emm/enterpries/{enterprise_object_id}/enrollment-tokens \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| enterpriseObjectId | path | required | string | — |
application/json
EnrollmentTokensCreateEnterprisesEnrollmentTokenRequest
| Property | Type | Required |
|---|---|---|
| duration | string | optional |
| zeroTouch | boolean | optional |
| displayName | string | optional |
| oneTimeOnly | boolean | optional |
| createdWhere | string | optional |
| userObjectId | string | optional |
| enrollmentType | string | optional |
| allowPersonalUsage | string | optional |
| provisioningExtras | object | optional |
| └ wifiSsid | string | optional |
| └ wifiPassword | string | optional |
| └ wifiSecurityType | string | optional |
| └ wifiHiddenNetwork | boolean | optional |
A successful response.
POST /google-emm/enterprises/{enterpriseObjectId}/enrollment-tokens
/google-emm/signup-urls
Creates a Google EMM enterprise signup URL.
curl -X POST https://console.jumpcloud.com/api/v2/google-emm/signup-urls \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
A successful response.
POST /google-emm/signup-urls
/google-emm/web-tokens
Creates a web token to access an embeddable managed Google Play web UI for a given Google EMM enterprise.
curl -X POST https://console.jumpcloud.com/api/v2/google-emm/web-tokens \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
application/json
jumpcloud.google_emm.CreateWebTokenRequest
| Property | Type | Required |
|---|---|---|
| iframeFeature | string | optional |
| parentFrameUrl | string | optional |
| enterpriseObjectId | string | optional |
A successful response.
POST /google-emm/web-tokens
/activedirectories/{activedirectory_id}/associations
This endpoint allows you to manage the direct associations of an Active Directory instance.
A direct association can be a non-homogeneous relationship between 2 different objects, for example Active Directory and Users.
curl -X POST https://console.jumpcloud.com/api/v2/activedirectories/{AD_Instance_ID}/associations \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"op": "add",
"type": "user",
"id": "{User_ID}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| activedirectory_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-ActiveDirectory
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
POST /activedirectories/{activedirectory_id}/associations
/applications/{application_id}/associations
This endpoint allows you to manage the direct associations of an Application. A direct association can be a non-homogeneous relationship between 2 different objects, for example Application and User Groups.
curl -X POST 'https://console.jumpcloud.com/api/v2/applications/{Application_ID}/associations' \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"op": "add",
"type": "user_group",
"id": "{Group_ID}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| application_id | path | required | string | ObjectID of the Application. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-Application
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
OK
POST /applications/{application_id}/associations
/commands/{command_id}/associations
This endpoint will allow you to manage the direct associations of this Command.
A direct association can be a non-homogeneous relationship between 2 different objects, for example Commands and User Groups.
curl -X POST https://console.jumpcloud.com/api/v2/commands/{Command_ID}/associations \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"op": "add",
"type": "system_group",
"id": "Group_ID"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| command_id | path | required | string | ObjectID of the Command. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-Command
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
OK
POST /commands/{command_id}/associations
/gsuites/{gsuite_id}/associations
This endpoint returns the direct associations of this G Suite instance.
A direct association can be a non-homogeneous relationship between 2 different objects, for example G Suite and Users.
curl -X POST https://console.jumpcloud.com/api/v2/gsuites/{Gsuite_ID}/associations \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"op": "add",
"type": "user_group",
"id": "{Group_ID}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| gsuite_id | path | required | string | ObjectID of the G Suite instance. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-GSuite
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
OK
POST /gsuites/{gsuite_id}/associations
/identity-provider/policies/{idp_routing_policy_id}/associations
This endpoint manages the direct associations of a Routing Policy.
A direct association can be a non-homogeneous relationship between 2 different objects, for example a Routing Policy and Users.
curl -X POST https://console.jumpcloud.com/api/v2/identity-provider/policies/{IDP_ROUTING_POLICY_ID}/associations?targets=user \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}'
-d '{"type":"user", "id":"{USER_ID}", "op":"add"}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| idp_routing_policy_id | path | required | string | ObjectID of the Routing Policy. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-IDPRoutingPolicy
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
OK
POST /identity-provider/policies/{idp_routing_policy_id}/associations
/ldapservers/{ldapserver_id}/associations
This endpoint allows you to manage the direct associations of a LDAP Server.
A direct association can be a non-homogeneous relationship between 2 different objects, for example LDAP and Users.
curl -X POST https://console.jumpcloud.com/api/v2/ldapservers/{LDAP_ID}/associations \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"op": "add",
"type": "user",
"id": "{User_ID}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| ldapserver_id | path | required | string | ObjectID of the LDAP Server. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-LdapServer
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
OK
POST /ldapservers/{ldapserver_id}/associations
/office365s/{office365_id}/associations
This endpoint allows you to manage the direct associations of a Office 365 instance.
A direct association can be a non-homogeneous relationship between 2 different objects, for example Office 365 and Users.
curl -X POST https://console.jumpcloud.com/api/v2/office365s/{OFFICE365_ID}/associations \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"op": "add",
"type": "user_group",
"id": "{Group_ID}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| office365_id | path | required | string | ObjectID of the Office 365 instance. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-Office365
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
OK
POST /office365s/{office365_id}/associations
/policies/{policy_id}/associations
This endpoint allows you to manage the direct associations of a Policy.
A direct association can be a non-homogeneous relationship between 2 different objects, for example Policies and Systems.
curl -X POST https://console.jumpcloud.com/api/v2/policies/{Policy_ID}/associations/ \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"op": "add",
"type": "system_group",
"id": "{Group_ID}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| policy_id | path | required | string | ObjectID of the Policy. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-Policy
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
POST /policies/{policy_id}/associations
/policygroups/{group_id}/associations
This endpoint manages the direct associations of this Policy Group.
A direct association can be a non-homogeneous relationship between 2 different objects, for example Policy Groups and Policies.
curl -X POST https://console.jumpcloud.com/api/v2/policygroups/{GroupID}/associations \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"op": "add",
"type": "system",
"id": "{SystemID}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| group_id | path | required | string | ObjectID of the Policy Group. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-PolicyGroup
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
OK
POST /policygroups/{group_id}/associations
/policygroups/{group_id}/members
This endpoint allows you to manage the Policy members of a Policy Group.
curl -X POST https://console.jumpcloud.com/api/v2/policygroups/{GroupID}/members \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"op": "add",
"type": "policy",
"id": "{Policy_ID}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| group_id | path | required | string | ObjectID of the Policy Group. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-PolicyGroup-Member
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
OK
POST /policygroups/{group_id}/members
/radiusservers/{radiusserver_id}/associations
This endpoint allows you to manage the direct associations of a Radius Server.
A direct association can be a non-homogeneous relationship between 2 different objects, for example Radius Servers and Users.
curl -X POST https://console.jumpcloud.com/api/v2/radiusservers/{RADIUS_ID}/associations \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"type":"user",
"id":"{USER_ID}",
"op":"add"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| radiusserver_id | path | required | string | ObjectID of the Radius Server. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-RadiusServer
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
OK
POST /radiusservers/{radiusserver_id}/associations
/softwareapps/{software_app_id}/associations
This endpoint allows you to associate or disassociate a software application to a system or system group.
$ curl -X POST https://console.jumpcloud.com/api/v2/softwareapps/{software_app_id}/associations \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"id": "<object_id>",
"op": "add",
"type": "system"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| software_app_id | path | required | string | ObjectID of the Software App. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-SoftwareApp
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
POST /softwareapps/{software_app_id}/associations
/systemgroups/{group_id}/associations
This endpoint allows you to manage the direct associations of a System Group.
A direct association can be a non-homogeneous relationship between 2 different objects, for example System Groups and Users.
curl -X POST https://console.jumpcloud.com/api/v2/systemgroups/{GroupID}/associations \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"op": "add",
"type": "user",
"id": "{UserID}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| group_id | path | required | string | ObjectID of the System Group. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-SystemGroup
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
OK
POST /systemgroups/{group_id}/associations
/systemgroups/{group_id}/members
This endpoint allows you to manage the system members of a System Group.
curl -X POST https://console.jumpcloud.com/api/v2/systemgroups/{Group_ID}/members \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"op": "add",
"type": "system",
"id": "{System_ID}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| group_id | path | required | string | ObjectID of the System Group. |
| Date | header | optional | string | Current date header for the System Context API |
| Authorization | header | optional | string | Authorization header for the System Context API |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-SystemGroup-Member
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
OK
POST /systemgroups/{group_id}/members
/systems/{system_id}/associations
This endpoint allows you to manage the direct associations of a System.
A direct association can be a non-homogeneous relationship between 2 different objects, for example Systems and Users.
curl -X POST https://console.jumpcloud.com/api/v2/systems/{System_ID}/associations \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"attributes": {
"sudo": {
"enabled": true,
"withoutPassword": false
}
},
"op": "add",
"type": "user",
"id": "UserID"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| system_id | path | required | string | ObjectID of the System. |
| Date | header | optional | string | Current date header for the System Context API |
| Authorization | header | optional | string | Authorization header for the System Context API |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-System
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
| └ sudo | object | optional |
| └ enabled | boolean | required |
| └ withoutPassword | boolean | required |
OK
POST /systems/{system_id}/associations
/usergroups/{group_id}/associations
This endpoint manages the direct associations of this User Group.
A direct association can be a non-homogeneous relationship between 2 different objects, for example User Groups and Users.
curl -X POST https://console.jumpcloud.com/api/v2/usergroups/{GroupID}/associations \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"op": "add",
"type": "system",
"id": "{SystemID}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| group_id | path | required | string | ObjectID of the User Group. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-UserGroup
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
OK
POST /usergroups/{group_id}/associations
/usergroups/{group_id}/members
This endpoint allows you to manage the user members of a User Group.
curl -X POST https://console.jumpcloud.com/api/v2/usergroups/{GroupID}/members \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"op": "add",
"type": "user",
"id": "{User_ID}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| group_id | path | required | string | ObjectID of the User Group. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-UserGroup-Member
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
OK
POST /usergroups/{group_id}/members
/users/{user_id}/associations
This endpoint allows you to manage the direct associations of a User.
A direct association can be a non-homogeneous relationship between 2 different objects, for example Users and Systems.
curl -X POST https://console.jumpcloud.com/api/v2/users/{UserID}/associations \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"attributes": {
"sudo": {
"enabled": true,
"withoutPassword": false
}
},
"op": "add",
"type": "system_group",
"id": "{GroupID}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| user_id | path | required | string | ObjectID of the User. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
GraphOperation-User
| Property | Type | Required |
|---|---|---|
| id | string | required |
| op | string | required |
| type | string | required |
| attributes | object | optional |
| └ sudo | object | optional |
| └ enabled | boolean | required |
| └ withoutPassword | boolean | required |
OK
POST /users/{user_id}/associations
/iplists
Create an IP list.
curl -X POST https://console.jumpcloud.com/api/v2/iplists \
-H 'accept: application/json' \
-H 'content-type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"name": "Sample IP List",
"ips": [
"192.168.10.12",
"192.168.10.20 - 192.168.10.30",
"123.225.10.0/32"
]
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
IPListRequest
| Property | Type | Required |
|---|---|---|
| ips | array | optional |
| name | string | optional |
| description | string | optional |
Created
POST /iplists
/microsoft-mdm/configuration-files
This endpoint allows you to download the config file.
application/json
jumpcloud.microsoft_mdm.DownloadConfigFilesRequest
OK
POST /microsoft-mdm/configuration-files
/office365s/{office365_id}/domains
Add a domain to a specific M365/Azure AD directory sync integration instance. The domain must be a verified domain in M365/Azure AD.
curl -X POST https://console.jumpcloud.com/api/v2/office365s/{OFFICE365_ID}/domains \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{"domain": "{domain name}"}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| office365_id | path | required | string | Id for the specific M365/Azure AD directory sync integration instance. |
application/json
DomainsInsertRequest
| Property | Type | Required |
|---|---|---|
| domain | string | optional |
An unexpected error response.
A successful response.
Created
POST /office365s/{office365_id}/domains
/office365s/{office365_id}/translationrules
This endpoint allows you to create a translation rule for a specific Office 365 instance. These rules specify how JumpCloud attributes translate to Microsoft Graph attributes.
curl -X POST https://console.jumpcloud.com/api/v2/office365s/{office365_id}/translationrules \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
{Translation Rule Parameters}
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| office365_id | path | required | string | — |
application/json
Office365TranslationRuleRequest
| Property | Type | Required |
|---|---|---|
| builtIn | string | optional |
| direction | string | optional |
POST /office365s/{office365_id}/translationrules
/policies
This endpoint allows you to create a policy. Given the amount of configurable parameters required to create a Policy, we suggest you use the JumpCloud Admin Console to create new policies.
curl -X POST https://console.jumpcloud.com/api/v2/policies \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
{Policy_Parameters}
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
PolicyCreateRequest
| Property | Type | Required |
|---|---|---|
| name | string | required |
| notes | string | optional |
| values | array | optional |
| └ value | string | optional |
| └ sensitive | boolean | optional |
| └ configFieldID | string | optional |
| template | object | required |
| └ id | string | required |
Created
POST /policies
/policygroups
This endpoint allows you to create a new Policy Group.
curl -X POST https://console.jumpcloud.com/api/v2/policygroups \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"name": "{Group_Name}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
PolicyGroupData
| Property | Type | Required |
|---|---|---|
| name | string | required |
Created
POST /policygroups
/providers/{provider_id}/integrations/autotask
Creates a new Autotask integration for the provider. You must be associated with the provider to use this route. A 422 Unprocessable Entity response means the server failed to validate with Autotask.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| provider_id | path | required | string | — |
application/json
AutotaskIntegrationReq
| Property | Type | Required |
|---|---|---|
| secret | string | required |
| username | string | required |
Created
Unprocessable Entity. The server failed to validate credentials with ConnectWise.
POST /providers/{provider_id}/integrations/autotask
/providers/{provider_id}/integrations/connectwise
Creates a new ConnectWise integration for the provider. You must be associated with the provider to use this route. A 422 Unprocessable Entity response means the server failed to validate with ConnectWise.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| provider_id | path | required | string | — |
application/json
ConnectwiseIntegrationReq
| Property | Type | Required |
|---|---|---|
| url | string | required |
| companyId | string | required |
| publicKey | string | required |
| privateKey | string | required |
Created
Unprocessable Entity. The server failed to validate credentials with ConnectWise.
POST /providers/{provider_id}/integrations/connectwise
/providers/{provider_id}/integrations/syncro
Creates a new Syncro integration for the provider. You must be associated with the provider to use this route. A 422 Unprocessable Entity response means the server failed to validate with Syncro.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| provider_id | path | required | string | — |
application/json
SyncroIntegrationReq
| Property | Type | Required |
|---|---|---|
| apiToken | string | required |
| subdomain | string | required |
Created
Unprocessable Entity. The server failed to validate credentials with Syncro.
POST /providers/{provider_id}/integrations/syncro
/providers/{provider_id}/administrators
This endpoint allows you to create a provider administrator. You must be associated with the provider to use this route. You must provide either role or roleName.
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| provider_id | path | required | string | — |
application/json
ProviderAdminReq
| Property | Type | Required |
|---|---|---|
| role | string | optional |
| string | required | |
| lastname | string | optional |
| roleName | string | optional |
| firstname | string | optional |
| bindNoOrgs | boolean | optional |
| apiKeyAllowed | boolean | optional |
| enableMultiFactor | boolean | optional |
POST /providers/{provider_id}/administrators
/providers/{provider_id}/organizations
This endpoint creates a new organization under the provider
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| provider_id | path | required | string | — |
application/json
CreateOrganization
| Property | Type | Required |
|---|---|---|
| name | string | optional |
| maxSystemUsers | integer | optional |
CREATED
A ‘Bad Request’ error will be returned in one of the following scenarios:
A ‘Forbidden’ error will be returned if organization creation is disabled for the provider.
POST /providers/{provider_id}/organizations
/users/{userId}/pushendpoints/{pushEndpointId}/verify
Endpoint for sending a verification push notification
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| userId | path | required | string | — |
| pushEndpointId | path | required | string | — |
application/json
PushVerificationsStartRequest
| Property | Type | Required |
|---|---|---|
| message | string | optional |
An unexpected error response.
OK
Bad Request
Unauthorized
Forbidden
Too Many Requests
Internal Server Error
POST /users/{userId}/pushendpoints/{pushEndpointId}/verify
/ldapservers/{ldapserver_id}/sambadomains
This endpoint allows you to create a samba domain for an LDAP server.
curl -X POST https://console.jumpcloud.com/api/v2/ldapservers/{LDAP_ID}/sambadomains \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"sid":"{SID_ID}",
"name":"{WORKGROUP_NAME}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| ldapserver_id | path | required | string | Unique identifier of the LDAP server. |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
samba-domain
| Property | Type | Required |
|---|---|---|
| id | string | optional |
| sid | string | required |
| name | string | required |
POST /ldapservers/{ldapserver_id}/sambadomains
/softwareapps
This endpoint allows you to create a Software Application that will be managed by JumpCloud on associated JumpCloud systems.
The optional isConfigEnabled and appConfiguration apple_vpp attributes are not included in the response.
$ curl -X POST https://console.jumpcloud.com/api/v2/softwareapps \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"displayName": "Adobe Reader",
"settings": [{"packageId": "adobereader"}]
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
software-app
| Property | Type | Required |
|---|---|---|
| id | string | optional |
| settings | array | optional |
| └ appleVpp | object | optional |
| └ details | object | optional |
| └ totalLicenses | integer | optional |
| └ isConfigEnabled | boolean | optional |
| └ appConfiguration | string | optional |
| └ assignedLicenses | integer | optional |
| └ availableLicenses | integer | optional |
| └ supportedDeviceFamilies | array | optional |
| └ location | string | optional |
| └ assetKind | string | optional |
| └ packageId | string | optional |
| └ autoUpdate | boolean | optional |
| └ description | string | optional |
| └ packageKind | string | optional |
| └ desiredState | string | optional |
| └ googleAndroid | object | optional |
| └ name | string | optional |
| └ type | string | optional |
| └ author | string | optional |
| └ iconUrl | string | optional |
| └ category | string | optional |
| └ startUrl | string | optional |
| └ appPricing | string | optional |
| └ appVersion | string | optional |
| └ updateTime | string | optional |
| └ displayMode | string | optional |
| └ installType | string | optional |
| └ versionCode | integer | optional |
| └ contentRating | string | optional |
| └ minSdkVersion | integer | optional |
| └ autoUpdateMode | string | optional |
| └ androidFeatures | array | optional |
| └ fullDescription | string | optional |
| └ permissionGrants | array | optional |
| └ id | string | optional |
| └ policy | string | optional |
| └ managedProperties | boolean | optional |
| └ runtimePermission | string | optional |
| └ …2 more | object | optional |
| └ storedPackage | object | optional |
| └ objectId | string | optional |
| └ versions | array | optional |
| └ name | string | optional |
| └ size | integer | optional |
| └ status | string | optional |
| └ version | integer | optional |
| └ metadata | object | optional |
| └ sha256sum | string | optional |
| └ rejectedReason | string | optional |
| └ microsoftStore | object | optional |
| └ doNotUpdate | boolean | optional |
| └ nonRemovable | boolean | optional |
| └ packageFamilyName | string | optional |
| └ packageManager | string | optional |
| └ packageVersion | string | optional |
| └ assetSha256Size | integer | optional |
| └ packageSubtitle | string | optional |
| └ allowUpdateDelay | boolean | optional |
| └ locationObjectId | string | optional |
| └ assetSha256Strings | array | optional |
| └ enterpriseObjectId | string | optional |
| └ commandLineArguments | string | optional |
| └ …1 more | object | optional |
| displayName | string | optional |
Created
POST /softwareapps
/softwareapps/validate
Validates an application install package from the specified URL to calculate the SHA256 hash and extract the installer manifest details.
curl -H 'x-api-key: {API_KEY}' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{"url": "https://dl.google.com/dl/chrome/mac/universal/stable/gcem/GoogleChrome.pkg"}' \
-i -X POST https://console.jumpcloud.com/api/v2/softwareapps/validate
application/json
jumpcloud.package_validator.ValidateApplicationInstallPackageRequest
| Property | Type | Required |
|---|---|---|
| url | string | optional |
OK
Bad Request
Unauthorized
Forbidden
Not Found
Internal Server Error
POST /softwareapps/validate
/softwareapps/{software_app_id}/reclaim-licenses
This endpoint allows you to reclaim the licenses from a software app associated with devices that are deleted.
$ curl -X POST https://console.jumpcloud.com/api/v2/softwareapps/{software_app_id}/reclaim-licenses \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| software_app_id | path | required | string | — |
Reclaim Licenses Response
POST /softwareapps/{software_app_id}/reclaim-licenses
/softwareapps/{software_app_id}/retry-installation
This endpoints initiates an installation retry of an Apple VPP App for the provided system IDs
$ curl -X POST https://console.jumpcloud.com/api/v2/softwareapps/{software_app_id}/retry-installation \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{"system_ids": "{<system_id_1>, <system_id_2>, ...}"}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| software_app_id | path | required | string | — |
No Content
POST /softwareapps/{software_app_id}/retry-installation
/systemgroups
This endpoint allows you to create a new System Group.
See the Dynamic Group Configuration KB article for more details on maintaining a Dynamic Group.
curl -X POST https://console.jumpcloud.com/api/v2/systemgroups \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"name": "{Group_Name}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
SystemGroupPost
| Property | Type | Required |
|---|---|---|
| name | string | required |
| string | optional | |
| attributes | object | optional |
| description | string | optional |
| memberQuery | object | optional |
| └ queryType | string | required |
| └ filters | array | optional |
| membershipMethod | string | optional |
| memberQueryExemptions | array | optional |
| └ id | string | required |
| └ type | string | required |
| └ attributes | object | optional |
| memberSuggestionsNotify | boolean | optional |
Created
POST /systemgroups
/systemgroups/{group_id}/suggestions
This endpoint applies the suggestions for the specified system group.
curl -X PUT https://console.jumpcloud.com/api/v2/systemgroups/{GroupID}/suggestions \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"object_ids": ["212345678901234567890123",
"123456789012345678901234"]
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
| group_id | path | required | string | ID of the group |
application/json
SystemGroupsApplySuggestionsRequest
| Property | Type | Required |
|---|---|---|
| object_ids | array | optional |
OK
POST /systemgroups/{group_id}/suggestions
/accessrequests
Endpoint for adding a new access request
application/json
jumpcloud.ingresso.CreateAccessRequestsRequest
| Property | Type | Required |
|---|---|---|
| expiry | string | optional |
| remarks | string | optional |
| resourceId | string | optional |
| operationId | string | optional |
| requestorId | string | optional |
| resourceType | string | optional |
| applicationIntId | string | optional |
| additionalAttributes | object | optional |
| organizationObjectId | string | optional |
An unexpected error response.
A successful response.
POST /accessrequests
/accessrequests/{accessId}/revoke
Endpoint for revoking access request by id
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| accessId | path | required | string | — |
An unexpected error response.
A successful response.
POST /accessrequests/{accessId}/revoke
/usergroups
This endpoint allows you to create a new User Group.
See the Dynamic Group Configuration KB article for more details on maintaining a Dynamic Group.
curl -X POST https://console.jumpcloud.com/api/v2/usergroups \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"name": "{Group_Name}"
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
UserGroupPost
| Property | Type | Required |
|---|---|---|
| name | string | required |
| string | optional | |
| attributes | object | optional |
| └ sudo | object | optional |
| └ enabled | boolean | required |
| └ withoutPassword | boolean | required |
| └ ldapGroups | array | optional |
| └ name | string | optional |
| └ posixGroups | array | optional |
| └ id | integer | required |
| └ name | string | required |
| └ radius | object | optional |
| └ reply | array | optional |
| └ name | string | required |
| └ value | string | required |
| └ sambaEnabled | boolean | optional |
| description | string | optional |
| memberQuery | object | optional |
| └ queryType | string | required |
| └ filters | array | optional |
| membershipMethod | string | optional |
| memberQueryExemptions | array | optional |
| └ id | string | required |
| └ type | string | required |
| └ attributes | object | optional |
| memberSuggestionsNotify | boolean | optional |
Created
POST /usergroups
/usergroups/{group_id}/suggestions
This endpoint applies the suggestions for the specified user group.
curl -X PUT https://console.jumpcloud.com/api/v2/usergroups/{GroupID}/suggestions \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"user_ids": ["212345678901234567890123",
"123456789012345678901234"]
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
| group_id | path | required | string | ID of the group |
application/json
UserGroupsApplySuggestionsRequest
| Property | Type | Required |
|---|---|---|
| user_ids | array | optional |
OK
POST /usergroups/{group_id}/suggestions
/workdays
This endpoint allows you to create a new workday instance.
You must supply a username and password for Basic Authentication that is the same as your WorkDay Integrator System User. Failure to provide these credentials will result in the request being rejected.
Currently O-Auth isn’t a supported authentication protocol for WorkDay, but will be in the future.
Currently, only one instance is allowed and it must be Workday Import.
curl -X POST https://console.jumpcloud.com/api/v2/workdays/ \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"name": "Workday2",
"reportUrl":"https://workday.com/ccx/service/customreport2/gms/user/reportname?format=json",
"auth": {
"basic": {
"username": "someDeveloper",
"password": "notTheRealPassword"
}
}
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
workday-input
| Property | Type | Required |
|---|---|---|
| auth | object | optional |
| └ basic | object | optional |
| └ password | string | optional |
| └ username | string | optional |
| └ oauth | object | optional |
| └ code | string | optional |
| name | string | optional |
| reportUrl | string | optional |
POST /workdays
/workdays/{workday_id}/auth
This endpoint adds an authorization method to a workday instance.
You must supply a username and password for Basic Authentication that is the same as your WorkDay Integrator System User. Failure to provide these credentials will result in the request being rejected.
Currently O-Auth isn’t a supported authentication protocol for WorkDay, but will be in the future.
curl -X POST https://console.jumpcloud.com/api/v2/workdays/{WorkDayID}/auth \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"auth":{
"basic": {
"username": "someDeveloper",
"password": "notTheRealPassword"
}
}
}'
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| workday_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
auth-input-object
| Property | Type | Required |
|---|---|---|
| auth | object | optional |
| └ basic | object | optional |
| └ password | string | optional |
| └ username | string | optional |
| └ oauth | object | optional |
| └ code | string | optional |
POST /workdays/{workday_id}/auth
/workdays/{workday_id}/import
The endpoint allows you to create a Workday Import request.
curl -X POST https://console.jumpcloud.com/api/v2/workdays/{WorkdayID}/import \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '[
{
"email":"{email}",
"firstname":"{firstname}",
"lastname":"{firstname}",
"username":"{username}",
"attributes":[
{"name":"EmployeeID","value":"0000"},
{"name":"WorkdayID","value":"name.name"}
]
}
]
| Name | In | Required | Type | Description |
|---|---|---|---|---|
| workday_id | path | required | string | — |
| x-org-id | header | optional | string | Organization identifier that can be obtained from console settings. |
application/json
BulkUsersCreateRequest
of object
| Property | Type | Required |
|---|---|---|
| string | optional | |
| lastname | string | optional |
| username | string | optional |
| firstname | string | optional |
| attributes | array | optional |
POST /workdays/{workday_id}/import
ADE
{
"type": "object",
"title": "ADE",
"properties": {
"setupOptions": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SetupAssistantOption"
},
"description": "A list of configured setup options for this enrollment."
},
"welcomeScreen": {
"$ref": "#/components/schemas/DEPWelcomeScreen"
},
"setupAssistantOptions": {
"type": "array",
"items": {
"$ref": "#/components/schemas/DEPSetupAssistantOption"
},
"description": "A Setup Option wrapped as an object",
"x-deprecated": true
},
"enableZeroTouchEnrollment": {
"type": "boolean",
"description": "A toggle to determine if ADE registered devices should go through JumpCloud Zero Touch Enrollment."
},
"defaultDeviceGroupObjectIds": {
"type": "array",
"items": {
"type": "string"
},
"nullable": true,
"description": "An array of ObjectIDs identifying the default device groups for this specific type (based on the OS family) of automated device enrollment. Currently, only a single DeviceGroupID is supported."
}
}
}
ADES
{
"type": "object",
"title": "ADES",
"properties": {
"ios": {
"$ref": "#/components/schemas/ADE"
},
"macos": {
"$ref": "#/components/schemas/ADE"
}
}
}
AccessRequestApiRevokeAccessRequestResponse
{
"type": "object",
"example": {},
"properties": {}
}
AccessRequestApiUpdateAccessRequestRequest
{
"type": "object",
"properties": {
"expiry": {
"type": "string",
"format": "date-time"
},
"remarks": {
"type": "string"
},
"additionalAttributes": {
"type": "object"
},
"organizationObjectId": {
"type": "string",
"format": "byte"
}
}
}
AccessRequestApiUpdateAccessRequestResponse
{
"type": "object",
"example": {},
"properties": {}
}
ActivedirectoriesAgentsListResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/active-directory-agent-list"
}
}
ActivedirectoriesListResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/active-directory"
}
}
Address
{
"type": "object",
"properties": {
"id": {
"type": "string"
},
"type": {
"type": "string",
"maxLength": 1024
},
"poBox": {
"type": "string",
"maxLength": 1024
},
"region": {
"type": "string",
"maxLength": 1024
},
"country": {
"type": "string",
"maxLength": 1024
},
"locality": {
"type": "string",
"maxLength": 1024
},
"postalCode": {
"type": "string",
"maxLength": 1024
},
"streetAddress": {
"type": "string",
"maxLength": 1024
},
"extendedAddress": {
"type": "string",
"maxLength": 1024
}
}
}
Administrator
{
"type": "object",
"title": "Administrator",
"example": {
"id": "0123456789abcdef01234567",
"email": "joe@example.com",
"lastname": "Blough",
"firstname": "Joe",
"registered": false,
"enableMultiFactor": true
},
"properties": {
"id": {
"type": "string"
},
"role": {
"type": "string"
},
"email": {
"type": "string"
},
"lastname": {
"type": "string"
},
"roleName": {
"type": "string"
},
"apiKeySet": {
"type": "boolean"
},
"firstname": {
"type": "string"
},
"suspended": {
"type": "boolean"
},
"registered": {
"type": "boolean"
},
"apiKeyAllowed": {
"type": "boolean"
},
"enableMultiFactor": {
"type": "boolean"
},
"organizationAccessTotal": {
"type": "number"
}
}
}
AdministratorOrganizationLink
{
"type": "object",
"title": "AdministratorOrganizationLink",
"example": {
"organization": "6230a0d26a4e4bc86c6b36f1",
"administrator": "6230a0c233a6cbea7c470398"
},
"properties": {
"organization": {
"type": "string",
"description": "The identifier for an organization"
},
"administrator": {
"type": "string",
"description": "The identifier for an administrator"
}
}
}
AdministratorOrganizationLinkReq
{
"type": "object",
"title": "AdministratorOrganizationLinkReq",
"example": {
"organization": "6230a0d26a4e4bc86c6b36f1"
},
"properties": {
"organization": {
"type": "string",
"description": "The identifier for an organization to link this administrator to."
}
}
}
AdministratorOrganizationsListByAdministratorResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/AdministratorOrganizationLink"
}
}
AdministratorOrganizationsListByOrganizationResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/AdministratorOrganizationLink"
}
}
AnyValue
{
"description": "Can be any value - string, number, boolean, array or object."
}
AppleMDM
{
"type": "object",
"title": "AppleMDM",
"required": [
"id"
],
"properties": {
"id": {
"type": "string",
"description": "ObjectId uniquely identifying an MDM Enrollment,"
},
"dep": {
"$ref": "#/components/schemas/DEP"
},
"ades": {
"$ref": "#/components/schemas/ADES"
},
"name": {
"type": "string",
"maxLength": 255,
"description": "A friendly name to identify this enrollment. Not required to be unique."
},
"organization": {
"type": "string",
"description": "The identifier for an organization"
},
"apnsPushTopic": {
"type": "string",
"description": "The push topic assigned to this enrollment by Apple after uploading the Signed CSR plist."
},
"apnsCertExpiry": {
"type": "string",
"description": "The expiration date and time for the APNS Certificate."
},
"depServerTokenState": {
"enum": [
"unknown",
"missing",
"valid",
"expired"
],
"type": "string",
"description": "The state of the dep server token, presence and expiry."
},
"defaultSystemGroupID": {
"type": "string",
"description": "ObjectId uniquely identifying the MDM default System Group.",
"x-deprecated": true
},
"depAccessTokenExpiry": {
"type": "string",
"description": "The expiration date and time for the DEP Access Token. This aligns with the DEP Server Token State."
},
"appleCertSerialNumber": {
"type": "string",
"description": "The serial number of the Apple signed certificate associated to the Device Manager."
},
"appleCertCreatorAppleID": {
"type": "string",
"description": "The Apple ID of the admin who created the Apple signed certificate associated to the Device Manager."
},
"allowMobileUserEnrollment": {
"type": "boolean",
"description": "A toggle to allow mobile device enrollment for an organization."
},
"defaultIosUserEnrollmentDeviceGroupID": {
"type": "string",
"description": "ObjectId uniquely identifying the MDM default iOS user enrollment device group."
}
}
}
ApplemdmsDevicesClearActivationLock500Response
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesClearActivationLockResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesOsUpdateStatusResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesRefreshActivationLockInformation500Response
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesRefreshActivationLockInformationResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesScheduleOsUpdateResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDeviceserase500Response
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDeviceseraseRequest
{
"type": "object",
"properties": {
"pin": {
"type": "string",
"example": "123456",
"pattern": "^[0-9]{6}$",
"description": "6-digit PIN, required for MacOS, to erase the device"
}
}
}
ApplemdmsDeviceseraseResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDeviceslistResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/apple-mdm-device"
}
}
ApplemdmsDeviceslock500Response
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDeviceslockRequest
{
"type": "object",
"properties": {
"pin": {
"type": "string",
"example": "123456",
"pattern": "^[0-9]{6}$",
"description": "6-digit PIN, required for MacOS, to lock the device"
}
}
}
ApplemdmsDeviceslockResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesrestart500Response
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesrestartRequest
{
"type": "object",
"properties": {
"kextPaths": {
"type": "array",
"items": {
"type": "string"
},
"description": "The string to pass when doing a restart and performing a RebuildKernelCache."
}
}
}
ApplemdmsDevicesrestartResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesshutdown500Response
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsDevicesshutdownResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsEnrollmentprofileslistResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/AppleMDM"
}
}
ApplemdmsListResponse
{
"type": "array",
"items": {
"$ref": "#/components/schemas/AppleMDM"
}
}
ApplemdmsRefreshdepdevices500Response
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplemdmsRefreshdepdevicesResponse
{
"type": "object",
"properties": {
"message": {
"type": "string"
}
}
}
ApplicationsGetResponse
{
"type": "object",
"example": {},
"properties": {}
}
ApplicationsPostLogoRequest
{
"type": "object",
"properties": {
"image": {
"type": "string",
"format": "binary",
"description": "The file to upload."
}
}
}
Apps
{
"type": "array",
"items": {
"type": "object",
"properties": {
"osId": {
"type": "integer",
"format": "int32",
"example": 1
},
"appVersion": {
"type": "string",
"example": "1.1.1"
}
}
}
}
AuthnPolicy
{
"type": "object",
"title": "AuthnPolicy",
"properties": {
"id": {
"type": "string",
"readOnly": true
},
"name": {
"type": "string"
},
"type": {
"$ref": "#/components/schemas/AuthnPolicyType"
},
"effect": {
"$ref": "#/components/schemas/AuthnPolicyEffect"
},
"targets": {
"$ref": "#/components/schemas/AuthnPolicyTargets"
},
"disabled": {
"type": "boolean"
},
"conditions": {
"type": "object",
"description": "Conditions may be added to an authentication policy using the following conditional language:\n\n```\n<conditions> ::= <expression>\n<expression> ::= <deviceEncrypted> | <deviceManaged> | <ipAddressIn> |\n <locationIn> | <notExpression> | <allExpression> |\n <anyExpression>\n<deviceEncrypted> ::= { \"deviceEncrypted\": <boolean> }\n<deviceManaged> ::= { \"deviceManaged\": <boolean> }\n<ipAddressIn> ::= { \"ipAddressIn\": [ <objectId>, ... ] }\n<locationIn> ::= { \"locationIn\": {\n \"countries\": [\n <iso_3166_country_code>, ...\n ]\n }\n }\n<notExpression> ::= { \"not\": <expression> }\n<allExpression> ::= { \"all\": [ <expression>, ... ] }\n<anyExpression> ::= { \"any\": [ <expression>, ... ] }\n```\n\nFor example, to add a condition that applies to IP addresses in a given list, the following condition can be added:\n\n```\n{\"ipAddressIn\": [ <ip_list_object_id> ]}\n```\n\nIf you would rather exclude IP addresses in the given lists, the following condition could be added:\n\n```\n{\n \"not\": {\n \"ipAddressIn\": [ <ip_list_object_id_1>, <ip_list_object_id_2> ]\n }\n}\n```\n\nYou may also include more than one condition and choose whether \"all\" or \"any\" of them must be met for the policy to apply:\n\n```\n{\n \"all\": [\n {\n \"ipAddressIn\": [ <ip_list_object_id>, ... ]\n },\n {\n \"deviceManaged\": true\n },\n {\n \"locationIn\": {\n countries: [ <iso_3166_country_code>, ... ]\n }\n }\n ]\n}\n```"
},
"description": {
"type": "string"
}
},
"description": "This represents an authentication policy. See the details of each field for valid values and restrictions."
}
AuthnPolicyEffect
{
"type": "object",
"title": "AuthnPolicyEffect",
"required": [
"action"
],
"properties": {
"action": {
"enum": [
"allow",
"deny",
"unknown"
],
"type": "string"
},
"obligations": {
"$ref": "#/components/schemas/AuthnPolicyObligations"
}
},
"x-examples": {
"example-deny": {
"action": "deny"
},
"example-allow": {
"action": "allow"
},
"example-allow-with-mfa": {
"action": "allow",
"obligations": {
"mfa": {
"required": true
}
}
}
}
}
AuthnPolicyObligations
{
"type": "object",
"title": "AuthnPolicyObligations",
"properties": {
"mfa": {
"type": "object",
"properties": {
"required": {
"type": "boolean"
}
}
},
"userVerification": {
"type": "object",
"properties": {
"requirement": {
"enum": [
"none",
"optional",
"required"
],
"type": "string"
}
}
}
}
}
AuthnPolicyResourceTarget
{
"type": "object",
"title": "AuthnPolicyResourceTarget",
"required": [
"type"
],
"properties": {
"id": {
"type": "string",
"description": "Object ID of the resource target. If undefined, then all resources of the given type are targeted."
},
"type": {
"enum": [
"user_portal",
"application",
"ldap"
],
"type": "string"
}
}
}
AuthnPolicyTargets
{
"type": "object",
"title": "AuthnPolicyTargets",
"properties": {
"users": {
"$ref": "#/components/schemas/AuthnPolicyUserTarget"
},
"resources": {
"type": "array",
"items": {
"$ref": "#/components/schemas/AuthnPolicyResourceTarget"
}
},
"userGroups": {
"$ref": "#/components/schemas/AuthnPolicyUserGroupTarget"
},
"userAttributes": {
"$ref": "#/components/schemas/AuthnPolicyUserAttributeTarget"
}
}
}
AuthnPolicyType
{
"enum": [
"user_portal",
"application",
"ldap"
],
"type": "string",
"title": "AuthnPolicyType",
"default": "user_portal"
}
AuthnPolicyUserAttributeFilter
{
"type": "object",
"title": "AuthnPolicyUserAttributeFilter",
"properties": {
"field": {
"type": "string",
"description": "The only field that is currently supported is ldap_binding_user"
},
"value": {
"$ref": "#/components/schemas/AnyValue"
},
"operator": {
"enum": [
"EQ"
],
"type": "string"
}
}
}
AuthnPolicyUserAttributeTarget
{
"type": "object",
"title": "AuthnPolicyUserAttributeTarget",
"properties": {
"exclusions": {
"type": "array",
"items": {
"$ref": "#/components/schemas/AuthnPolicyUserAttributeFilter"
}
},
"inclusions": {
"type": "array",
"items": {
"$ref": "#/components/schemas/AuthnPolicyUserAttributeFilter"
}
}
},
"description": "User attribute targets are currently only supported for LDAP policies."
}
AuthnPolicyUserGroupTarget
{
"type": "object",
"title": "AuthnPolicyUserGroupTarget",
"properties": {
"exclusions": {
"type": "array",
"items": {
"type": "string"
}
},
"inclusions": {
"type": "array",
"items": {
"type": "string"
}
}
}
}
AuthnPolicyUserTarget
{
"type": "object",
"title": "AuthnPolicyUserTarget",
"properties": {
"inclusions": {
"type": "array",
"items": {
"type": "string"
}
}
}
}
| Version | Endpoints | Schemas | Ingested | Status |
|---|---|---|---|---|
| 2.0 | 416 | 669 | 2026-05-11 | current |
| 2.0 | 416 | 669 | 2026-04-20 | |
| 2.0 | 416 | 669 | 2026-04-20 | |
| 2.0 | 416 | 669 | 2026-04-16 |