APIs
10/2024
Schema Types
Query
ping
Boolean!
Ping the API to check if it is up and running.
getEndUserState
Fetch a concise summary of end-user information, including key fields and relevant details. Use this query when you want to get a basic end-user digest.
login
String!
End-user's email address.
String!
End-user primary email address.
getEndUsersByIp
Retrieve end-users associated with a specified IP address.
ipAddress
String!
IP Address.
pageSize
Int
Number of items per page. Default pageSize is 100. Max pageSize is 500.
pageToken
String
Token for paginating through the result set.
getEndUser
Fetch end-user's detailed information, including including devices, integrations, factors and more. Use this query when you want to get a comprehensive end-user details.
login
String!
End-user's email address.
listEndUsers
Fetch the list of end-users. Use this query to retrieve a large number of items using paging. The default page size is 100, and the maximum page size is 1000. Page token is used to retrieve the next page. If not provided, the first page is retrieved.
input
Input data end-users listing.
pageSize
Int
Number of items per page. Default pageSize is 100. Max pageSize is 500.
pageToken
String
Token for paginating through the result set.
Mutation
registerWebhookWithApiKey
ID!
input
Input data for registering a webhook with an API key.
registerWebhookWithDuoSecurityClient
ID!
Register a Webhook Notification Target with Duo Security Client as a target for Failed Checks findings.
input
Input data for registering a webhook with an Duo Security Client.
unregisterWebhook
Boolean!
Unregister a Webhook Notification Target.
id
ID!
ID of the webhook to unregister.
Objects
ConnectivityStatus
statusCode
Int!
payload
String
reason
String
DailySchedule
hour
Int!
minute
Int!
EndUserRef
Represents a reference to an end-user.
id
ID!
The end-user ID in Cisco Identity Intelligence.
displayName
String!
The end-user's display name.
login
String!
End-user's email address.
referenceUrl
String
End-user's URL in Cisco Identity Intelligence.
EndUserState
Represents a concise summary of end-user information, including key fields and relevant details.
id
ID!
The end-user ID in Cisco Identity Intelligence.
displayName
String!
The end-user's display name.
login
String!
End-user's email address.
employeeId
[String!]
List of employee IDs associated with the end-user in the Identity Provider and HR systems.
status
String!
The aggregated end-user status in the identity providers.
userTypeClassification
The end-user classification in Cisco Identity Intelligence.
managerLogin
String
End-user's manager email address.
ipAddresses
List of IP Addresses used by the end-user.
phoneNumber
String
End-user's phone number.
unusedApplications
[String!]
Names of applications the end-user has access and did not access in the past 30 days.
usedApplications
[String!]
Names of applications the end-user has access and accessed in the past 30 days.
usedFactors
[String!]
Authentication factors used by the end-user.
referenceUrl
String
End-user's URL in Cisco Identity Intelligence.
registeredLocationDetails
The end-user's registered location
workingLocationDetails
List of the locations the end-user works in.
FeatureExplainabilityItem
featureId
String!
details
GeoCoordinates
latitude
Float
longitude
Float
GeoLocation
IP Address geolocation information.
city
String
The city name.
state
String
The state name.
country
String
two-letter country code defined in ISO 3166-1.
GetEndUserOutput
endUserDetails
The unified end-user details across all providers.
providerEndUserDetails
The array of end-user details by provider.
GetEndUsersByIpConnection
End-users associated with a specified IP address.
items
Itemized list of end-users associated with a specified IP address.
pageToken
String
Token for paginating through the result set. If pageToken is undefined, there are no more results to fetch.
GroupExplainabilityItem
groupId
weight
Normalized trust score weight
details
IpAddressInfo
IP Address information.
ipAddress
String!
IP Address.
location
IP Address geolocation information.
ItemList
listType
items
[String!]!
KeyValuePair
key
String!
value
String!
LabelCount
value
String!
count
Int!
ListEndUsersConnection
End-users list.
items
Itemized list of end-users.
pageToken
String
Token for paginating through the result set. If pageToken is undefined, there are no more results to fetch.
LocationWithPrevalence
location
userLocationPrevalence
Float!
PublicEndUser
Represents end-user basic data.
id
ID!
The end-user ID in Cisco Identity Intelligence.
displayName
String
The end-user's display name.
login
String!
End-user's email address.
emails
[String!]
List of emails associated with the end-user in the IdP and HR system.
status
The unified status of the end-user across all providers.
company
String
The company the end-user belongs to.
department
String
The department the end-user belongs to.
title
String
The end-user's title.
userTypeClassification
The unified classification of the end-user type across all providers.
employeeIds
[String!]
List of employee IDs associated with the end-user in the Identity Provider and HR systems.
userKeys
[String!]
List of user keys associated with the end-user in the Identity Provide
linkedEndUserLogins
[String!]
List of linked end-users' logins.
groupNames
[String!]
List of names of the groups the end-user is a member of. Maximum 10 items.
hasMoreGroups
Boolean!
The indication if more groups exist for the end-user.
phoneNumbers
[String!]
The end-user's phone numbers used for authentication.
managerLogin
String
The end-user's manager login.
devices
List of devices the end-user uses.
mfaEnabled
Boolean
Indicates if the MFA is enabled for the end-user.
lastSignIn
The last sign details for the end-user.
lastActive
The last active timestamp for the end-user.
failingChecks
[String!]
The checks that the end-user has failed.
firstCreatedDate
The first created date of the account across all providers.
providers
List of provider types for the integrations the end-user data is collected from.
referenceUrl
String!
End-user's URL in Cisco Identity Intelligence.
endUserTrustScore
PublicEndUserDetails
Represents end-user data.
id
ID!
The end-user ID in Cisco Identity Intelligence.
displayName
String!
The end-user's display name.
login
String!
End-user's email address.
emails
[String]!
List of emails associated with the end-user in the IdP and HR system.
status
The unified status of the end-user across all providers.
userIds
[String!]
List of end-user IDs associated with the end-user in the Identity Provider and HR systems.
company
String
The company the end-user belongs to.
department
String
The department the end-user belongs to.
title
String
The end-user's title.
userTypeClassification
The unified classification of the end-user type across all providers.
employeeIds
[String!]
List of employee IDs associated with the end-user in the Identity Provider and HR systems.
linkedEndUserLogins
[String!]
List of linked end-users' logins.
groupNames
[String!]
List of names of the groups the end-user is a member of.
phoneNumbers
[String!]
The end-user's phone numbers used for authentication.
managerLogin
String
The end-user's manager login.
devices
List of devices the end-user uses.
mfaEnabled
Boolean
Indicates if the MFA is enabled for the end-user.
lastSignIn
The last sign details for the end-user.
lastActive
The last active timestamp for the end-user.
firstCreatedDate
The first created date of the account across all providers.
failingChecks
[String!]
The checks that the end-user has failed.
referenceUrl
String!
End-user's URL in Cisco Identity Intelligence.
endUserTrustScore
PublicEndUserTrustScore
levelOfTrust
scoreExplainabilitySummary
meaningfulExplainability
[String!]
Human readable explainability of the score
lastUpdated
The last score evaluation timestamp
PublicProviderEndUserDetails
userId
String!
The end-user userId.
provider
The type of the provider.
firstName
String
The end-user's first name.
lastName
String
The end-user's last name.
displayName
String
The end-user's display name.
login
String!
End-user's email address.
status
The unified status of the end-user across all providers.
company
String
The company the end-user belongs to.
department
String
The department the end-user belongs to.
title
String
The end-user's title.
userTypeClassification
The unified classification of the end-user type across all providers.
employeeId
String
Employee ID associated with the end-user in the Identity Provider and HR systems.
managerLogin
String
The end-user's manager login.
mfaEnabled
Boolean
Indicates if the MFA is enabled for the end-user.
lastSignIn
The last sign details for the end-user.
creationDate
The creation date of the account across.
lastUpdated
The last updated date of the account.
PublicRiskyActivityCounts
total
Int!
levelOfTrust
counts grouped by the level of trust
PublicScoreExplainabilitySummary
riskyActivityCounts
combinedScoreExplainability
PublicUserDevice
deviceId
String!
The device ID.
displayName
String
The device display name.
os
OsType
The device OS type.
lastSeen
The last time the end-user used the device.
deviceType
The device type: access or authentication.
provider
The provider type.
PublicUserSignInInfo
timestamp
The end-user's sign-in timestamp.
result
String
The end-user's sign-in result.
reason
String
The end-user's sign-in failure reason.
ipAddress
String
The end-user's sign-in IP address.
location
The end-user's sign-in location.
TotalHits
count
Int!
relation
String!
TotalWithMedian
total
Int!
median
Float!
TypedKeyValuePair
key
String!
value
String!
type
String
minValue
Int
maxValue
Int
Inputs
DailyScheduleInput
hour
Int!
minute
Int!
ItemListInput
listType
ListType!
items
[String!]!
KeyValuePairInput
key
String!
value
String!
ListEndUsersInput
orderBy
[OrderBy!]
OrderBy
name
String!
order
Order
RegisterWebhookWithApiKey
Input for registering a webhook with an API key.
name
String!
Part of the name of the webhook. The webhook name is a combination of the name and a random suffix for uniqueness.
endpoint
String!
The URL of the webhook endpoint.
apiKeyName
String!
The name of the API key to use for the webhook. Sent in the webhook payload headers as the header name.
apiKey
String!
The value of the API secret key to use for the webhook. Sent in the webhook payload headers as the header value.
checkIds
[String!]!
The list of Cisco Identity Intelligence check IDs to subscribe to.
RegisterWebhookWithDuoSecurityClient
name
String!
Part of the name of the webhook. The webhook name is a combination of the name and a Webhook prefix
duoIntegrationInstanceId
String!
The ID of the existing Duo integration instance.
checkIds
[String!]!
The list of Cisco Identity Intelligence check IDs to subscribe to.
TimestampRange
startTimestamp
String!
endTimestamp
String
Enums
DataType
APPS
APPS_TO_GROUPS
APPS_TO_USERS
EVENT_LOGS
AUDIT_LOGS
ACTIVITY_LOGS
ADDITIONAL_LOGS
FACTORS_TO_USERS
GROUPS
GROUPS_TO_USERS
DIRECT_REPORTS
DIRECTORY_ROLES
IDP
USERS
DEVICES
RISKY_USERS
RISKY_USER_EVENTS
NAMED_LOCATIONS
IP_CIDR_LIST
IP_THREAT_INSIGHTS
POLICIES
POLICY_RULES
SERVICE_PRINCIPAL
API_TOKEN
EVENT_HUB
AUTHENTICATORS
AUTHENTICATORS_TO_USERS
SIGNIN_LOGS
LOGIN_HISTORY
LOGIN_GEO
AUTH_CONFIG
USER_LOGIN
END_USER_LOGINS
PROFILES
CONDITIONAL_ACCESS_POLICY
PROVISIONING_EVENTS
ORGANIZATIONS
USER_EMAILS
USER_ENTERPRISE_EMAILS
COLLABORATORS
MEMBER_INVITATIONS
COLLABORATOR_INVITATIONS
PERMISSION_SETS
USER_SCHEMA
MAILBOX_SETTINGS
MESSAGE_RULES
DEVICE_AUDIT_EVENTS
AUTH_API
ENDPOINTS
TOKENS
WEBAUTHNCREDENTIALS
BYPASS_CODES
SIGNIN_ACTIVITY
DeviceType
ACCESS
AUTHENTICATION
EndUserStatus
ACTIVE
INACTIVE
DEPROVISIONED
LOCKED_OUT
PASSWORD_EXPIRED
PROVISIONED
RECOVERY
STAGED
SUSPENDED
INCONSISTENT
DELETED
DISABLED
BLOCKED
TRANSIENT
UNKNOWN
HttpMethod
GET
POST
PUT
HEAD
OPTIONS
PATCH
DELETE
LevelOfTrust
TRUSTED
Indicates exceptional safety
FAVORABLE
Indicates a level of safety
NEUTRAL
Displaying neither positive or negative behavior. However, has been evaluated.
QUESTIONABLE
Displaying behavior that may indicate risk, or could be undesirable
UNTRUSTED
Displaying behavior that is exceptionally bad, malicious, or undesirable
UNKNOWN
Not previously evaluated, or lacking features to assert a threat level verdict
ListType
allow
block
ignore
include
Order
asc
desc
OsType
WINDOWS
WINDOWS_MOBILE
MACOS
IOS
ANDROID
LINUX
CHROME_OS
UNKNOWN
Provider
AUTH0
AWS
AZURE_AD
OKTA
HRIS
SLACK
DUO
G_SUITE
WORKDAY
SALESFORCE
GIT_HUB
TrustScoreGroupId
ACCOUNT_LOGIN_BEHAVIOR
ACTIONS_IN_SESSION
APPLICATION
DEVICE
EXTERNAL_THREAT
FIRST_FACTOR
SECOND_FACTOR
NETWORK
PERMISSION
SESSION
ACCOUNT_VALIDITY
TrustScoreWeight
NO_RISK
LOW_RISK
MEDIUM_RISK
HIGH_RISK
UserTypeClassification
INTERNAL
EXTERNAL
MISSING
UNCLASSIFIED
INCONSISTENT
SERVICE_ACCOUNT
SHARED_MAILBOX
LINKED_USER_ACCOUNT
CONFERENCE_ROOM
EQUIPMENT_MAILBOX
OTHER_MAILBOX
WorkflowState
SUCCESS
ERROR
UNKNOWN
RUNNING
Scalars
AWSDate
The AWSDate scalar type represents a valid extended ISO 8601 Date string. In other words, this scalar type accepts date strings of the form YYYY-MM-DD. This scalar type can also accept time zone offsets. For example, 1970-01-01Z, 1970-01-01-07:00 and 1970-01-01+05:30 are all valid dates. The time zone offset must either be Z (representing the UTC time zone) or be in the format ±hh:mm:ss. The seconds field in the timezone offset will be considered valid even though it is not part of the ISO 8601 standard.
AWSDateTime
The AWSDateTime scalar type represents a valid extended ISO 8601 DateTime string. In other words, this scalar type accepts datetime strings of the form YYYY-MM-DDThh:mm:ss.sssZ. The field after the seconds field is a nanoseconds field. It can accept between 1 and 9 digits. The seconds and nanoseconds fields are optional (the seconds field must be specified if the nanoseconds field is to be used). The time zone offset is compulsory for this scalar. The time zone offset must either be Z (representing the UTC time zone) or be in the format ±hh:mm:ss. The seconds field in the timezone offset will be considered valid even though it is not part of the ISO 8601 standard.
AWSEmail
The AWSEmail scalar type represents an Email address string that complies with RFC 822. For example, username@example.com is a valid Email address.
AWSIPAddress
The AWSIPAddress scalar type represents a valid IPv4 or IPv6 address string.
AWSJSON
The AWSJSON scalar type represents a JSON string that complies with RFC 8259.
Maps like {\"upvotes\": 10}, lists like [1,2,3], and scalar values like \"AWSJSON example string\", 1, and true are accepted as valid JSON. They will automatically be parsed and loaded in the resolver mapping templates as Maps, Lists, or Scalar values rather than as the literal input strings. Invalid JSON strings like {a: 1}, {'a': 1} and Unquoted string will throw GraphQL validation errors.
AWSPhone
The AWSPhone scalar type represents a valid Phone Number. Phone numbers are serialized and deserialized as Strings. Phone numbers provided may be whitespace delimited or hyphenated. The number can specify a country code at the beginning but this is not required.
AWSTime
The AWSTime scalar type represents a valid extended ISO 8601 Time string. In other words, this scalar type accepts time strings of the form hh:mm:ss.sss. The field after the seconds field is a nanoseconds field. It can accept between 1 and 9 digits. The seconds and nanoseconds fields are optional (the seconds field must be specified if the nanoseconds field is to be used). This scalar type can also accept time zone offsets.
For example, 12:30Z, 12:30:24-07:00 and 12:30:24.500+05:30 are all valid time strings.
The time zone offset must either be Z (representing the UTC time zone) or be in the format hh:mm:ss. The seconds field in the timezone offset will be considered valid even though it is not part of the ISO 8601 standard.
AWSTimestamp
The AWSTimestamp scalar type represents the number of seconds that have elapsed since 1970-01-01T00:00Z. Timestamps are serialized and deserialized as numbers. Negative values are also accepted and these represent the number of seconds till 1970-01-01T00:00Z.
AWSURL
The AWSURL scalar type represents a valid URL string. The URL may use any scheme and may also be a local URL (Ex: http://localhost/). URLs without schemes are considered invalid. URLs which contain double slashes are also considered invalid.
Boolean
The Boolean scalar type represents true or false.
Float
The Float scalar type represents signed double-precision fractional values as specified by IEEE 754.
ID
The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.
Int
The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.
String
The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.
Last updated