Creates a campaign configuration for the specific tenant.

The API is used to create a campaign configuration for the specific tenant.
The administrator managing a specific tenant can create campaign configurations for that tenant.
The application owners can create a campaign configuration only for their owned applications.
The optional reviewer, if specified, can be any existing userId present for that tenant.
Allowlist or blocklist must specify only groups in case of groupassignment campaign.
Entitlements required: manageAccessCertification [Manage Access Certification].

Body Params

Campaign configuration create request payload details:

- owner: Information about the campaign owner.
This is a required field.
- type: Type of campaign (For example, userassignment, groupassignment, account). Default type is userassignment.
- priority: Priority of the campaign (For example, high, medium, low ). Default priority is medium.
- name: Name of the campaign.
This is a required field with maximum length of 256 characters.
- description: Description of the campaign.
- reviewer: Information about the campaign reviewer.
- applications: List of applications that the campaign certifies.
Note: This is a required field, however, in case of User entitlement campaigns, either the 'Applications' or 'Entitlement' or both must be specified.
- userFilter: It is set to filter the list of included or excluded users or groups for certification.


In case of user entitlement campaign, you can either specify userConditionSet or userInclusionList or userExclusionList in userFilter.

- entitlementFilter: It is set to filter the list of included or excluded entitlements for certification.


You can either specify entitlementInclusionList or entitlementExclusionList in entitlementFilter.
- launchDate: Date when the first instance of the campaign starts.
The launchDate must be in the future, including the time, relative to the current date and time.
This field is required when runNow is false.
- creationDate: Creation date of the campaign configuration. Default value is the current Date.
- duration: The duration (in milliseconds) for which each campaign instance remains open.
Duration should not be added when "continuous" is true.
Duration should be greater than 30 seconds if "continuous" is false.
Duration must be less than the frequency if campaign scheduled ("runNow" is false).
- frequency: Frequency of campaign instance.
Frequency should not be added when the "runNow" flag is set to true.
This field is required when "runNow" flag is set to false.
- runNow: Flag to start the campaign immediately. Default value for runNow is true.
- nextRunDate: Forecasted Run Date for the next campaign instance.
- overdueAction: Action for open records when a campaign closes.
Allowable values for overdueAction are: rejectAll, approveAll, doNothing.
Default overdueAction is doNothing.
- mitigationAction: Action after a campaign closes to avoid open records.
Allowable value for type in mitigationAction are: none, reminder.
reminderInterval should be shorter than durantion.
Default value is { type = none, reminderInterval=0 }.
- defaultReviewer: Default reviewer for assignments in the absence of a suitable reviewer.
- preview: A flag indicating that the campaign is in preview mode and not open to reviewers. Default value for preview is false.
- signOff: Campaign sign-off policy refers to the pre-determined approach that governs when and how campaign actions are officially approved or denied (auto, manual, eoc, no_signoff).
signOff should be auto when "continuous" is true.
Default signOff policy is eoc.


Allowable values for signOff are: auto, manual, eoc or no_signoff.
auto: This setting would mean immediate sign-off. Actions taken by the approver in terms of approval or rejection are applied on the assignment immediately).
manual: This setting would mean a manual sign-off. The certifier can decide whether to enforce the action immediately OR at the end of the campaign).
eoc: The setting would mean sign-off towards the end of the campaign. Actions taken by the approver in terms of approval or rejection are persisted till the Due date of the campaign and then rolled out together).
no_signoff: Actions are not executed and only used for reporting.


- supervisors: List of supervisors identified for the campaign.
The field is required when allowSupervisorEscalation is true.
- allowSupervisorEscalation: Allow escalation to supervisors.
- reviewerOverwritten: Flag indicating if the reviewer is manually overwritten.
- reviewerType: The Reviewer identifer for the campaign.
Following are the values corresponding to the campaign types:
1.userassignment - usermanager, specific, self, applicationowner
2.groupassignment - applicationowner, specific
3.account - usermanager, specific, self, applicationowner
In case you are specifying the reviewer explicitly, then provide the value as specific in the reviewerType field.
In case you are creating a self certification campaign, then provide the value as self in the reviewerType field. reviewerType value as self is applicable only for userassignment and account type of campaigns.

Allowable values for reviewerType are: usermanager, applicationowner, specific, self.

object

Represents a user group

string
required

Campaign Type

string
required

Campaign Priority

string
required

Campaign Name

string

Campaign Description

object

Represents a user group

array of objects
required

The list of Applications certified by the campaign.

applications*
object

List of Users or Groups to be included or exluded or filter for users allowed for the certification

object

Rest representation for an entitlement or entitlement condition set filter.

date-time

The start date of the first instance of campaign.

int64

The duration (in milliseconds) for which each campaign instance remains open.

object

A UNIX or Linux Cron compatible string that defines the start of subsequent instances

boolean

The flag indicating the campaign occurs one-time and needs to be started immediately.

date-time

Forecasted Run date for the next campaign instance.

string

The action to be taken for open records when a campaign closes.

object

The action to be taken after a while to avoid open records when a campaign closes

object

Represents a user group

boolean

A flag indicating that the campaign is in preview mode and not open to reviewers.

string

The campaign sign-off policy.

array of objects

The list of supervisors identified for the campaign.

supervisors
boolean

Allow escalation to the supervisors.

string

The Reviewer identifer for the campaign.

boolean
Headers
boolean
required

If the value is set to true, the API call is treated as an admin API call.

Responses

500

Your request cannot be processed because an internal server error occurred.

Language
URL
Choose an example:
application/json