APIs

02/2024

Schema Types

Table of Contents

Query

FieldArgumentTypeDescription

ping

Boolean!

Ping the API to check if it is up and running.

getEndUserState

EndUserState!

Fetch a concise summary of end-user information, including key fields and relevant details. Use this query when you want to get a basic end-user digest.

login

String!

End-user's email address.

email

String!

End-user primary email address.

getEndUsersByIp

GetEndUsersByIpConnection!

Retrieve end-users associated with a specified IP address.

ipAddress

String!

IP Address.

pageSize

Int

Number of items per page. Default pageSize is 50. Max pageSize is 1000.

pageToken

String

Token for paginating through the result set.

getEndUser

GetEndUserOutput!

Fetch end-user's detailed information, including including devices, integrations, factors and more. Use this query when you want to get a comprehensive end-user details.

login

String!

End-user's email address.

listEndUsers

ListEndUsersConnection!

Fetch the list of end-users. Use this query to retrieve a large number of items using paging. The default page size is 100, and the maximum page size is 1000. Page token is used to retrieve the next page. If not provided, the first page is retrieved.

input

ListEndUsersInput!

Input data end-users listing.

pageSize

Int

Number of items per page. Default pageSize is 50. Max pageSize is 1000.

pageToken

String

Token for paginating through the result set.

Mutation

FieldArgumentTypeDescription

registerWebhookWithApiKey

ID!

Register a Webhook Notification Target with an API key as a target for Failed Check findings. See more at https://docs.oort.io/integrations/webhooks

input

RegisterWebhookWithApiKey!

Input data for registering a webhook with an API key.

registerWebhookWithDuoSecurityClient

ID!

Register a Webhook Notification Target with Duo Security Client as a target for Failed Checks findings.

input

RegisterWebhookWithDuoSecurityClient!

Input data for registering a webhook with an Duo Security Client.

unregisterWebhook

Boolean!

Unregister a Webhook Notification Target.

id

ID!

ID of the webhook to unregister.

Objects

ConnectivityStatus

FieldArgumentTypeDescription

statusCode

Int!

payload

String

reason

String

DailySchedule

FieldArgumentTypeDescription

hour

Int!

minute

Int!

EndUserRef

Represents a reference to an end-user.

FieldArgumentTypeDescription

id

ID!

The end-user ID in Cisco Identity Intelligence.

displayName

String!

The end-user's display name.

login

String!

End-user's email address.

referenceUrl

String

End-user's URL in Cisco Identity Intelligence.

EndUserState

Represents a concise summary of end-user information, including key fields and relevant details.

FieldArgumentTypeDescription

id

ID!

The end-user ID in Cisco Identity Intelligence.

displayName

String!

The end-user's display name.

login

String!

End-user's email address.

employeeId

[String!]

List of employee IDs associated with the end-user in the Identity Provider and HR systems.

status

String!

The aggregated end-user status in the identity providers.

userTypeClassification

UserTypeClassification

The end-user classification in Cisco Identity Intelligence.

managerLogin

String

End-user's manager email address.

ipAddresses

[IpAddressInfo!]

List of IP Addresses used by the end-user.

phoneNumber

String

End-user's phone number.

unusedApplications

[String!]

Names of applications the end-user has access and did not access in the past 30 days.

usedApplications

[String!]

Names of applications the end-user has access and accessed in the past 30 days.

usedFactors

[String!]

Authentication factors used by the end-user.

referenceUrl

String

End-user's URL in Cisco Identity Intelligence.

registeredLocationDetails

GeoLocation

The end-user's registered location

workingLocationDetails

[LocationWithPrevalence!]

List of the locations the end-user works in.

GeoCoordinates

FieldArgumentTypeDescription

latitude

Float

longitude

Float

GeoLocation

IP Address geolocation information.

FieldArgumentTypeDescription

city

String

The city name.

state

String

The state name.

country

String

two-letter country code defined in ISO 3166-1.

GetEndUserOutput

FieldArgumentTypeDescription

endUserDetails

PublicEndUserDetails!

The unified end-user details across all providers.

providerEndUserDetails

[PublicProviderEndUserDetails!]!

The array of end-user details by provider.

GetEndUsersByIpConnection

End-users associated with a specified IP address.

FieldArgumentTypeDescription

items

[EndUserRef!]!

Itemized list of end-users associated with a specified IP address.

pageToken

String

Token for paginating through the result set. If pageToken is undefined, there are no more results to fetch.

IpAddressInfo

IP Address information.

FieldArgumentTypeDescription

ipAddress

String!

IP Address.

location

GeoLocation

IP Address geolocation information.

ItemList

FieldArgumentTypeDescription

listType

ListType!

items

[String!]!

KeyValuePair

FieldArgumentTypeDescription

key

String!

value

String!

LabelCount

FieldArgumentTypeDescription

value

String!

count

Int!

ListEndUsersConnection

End-users list.

FieldArgumentTypeDescription

items

[PublicEndUser!]!

Itemized list of end-users.

pageToken

String

Token for paginating through the result set. If pageToken is undefined, there are no more results to fetch.

LocationWithPrevalence

FieldArgumentTypeDescription

location

GeoLocation!

userLocationPrevalence

Float!

PublicEndUser

Represents end-user basic data.

FieldArgumentTypeDescription

id

ID!

The end-user ID in Cisco Identity Intelligence.

displayName

String

The end-user's display name.

login

String!

End-user's email address.

emails

[String!]

List of emails associated with the end-user in the IdP and HR system.

status

EndUserStatus

The unified status of the end-user across all providers.

company

String

The company the end-user belongs to.

department

String

The department the end-user belongs to.

title

String

The end-user's title.

userTypeClassification

UserTypeClassification

The unified classification of the end-user type across all providers.

employeeIds

[String!]

List of employee IDs associated with the end-user in the Identity Provider and HR systems.

linkedEndUserLogins

[String!]

List of linked end-users' logins.

groupNames

[String!]

List of names of the groups the end-user is a member of. Maximum 10 items.

hasMoreGroups

Boolean!

The indication if more groups exist for the end-user.

phoneNumbers

[String!]

The end-user's phone numbers used for authentication.

managerLogin

String

The end-user's manager login.

devices

[PublicUserDevice!]

List of devices the end-user uses.

mfaEnabled

Boolean

Indicates if the MFA is enabled for the end-user.

lastSignIn

PublicUserSignInInfo

The last sign details for the end-user.

lastActive

AWSDateTime

The last active timestamp for the end-user.

failingChecks

[String!]

The checks that the end-user has failed.

firstCreatedDate

AWSDateTime

The first created date of the account across all providers.

providers

[Provider!]!

List of provider types for the integrations the end-user data is collected from.

referenceUrl

String!

End-user's URL in Cisco Identity Intelligence.

PublicEndUserDetails

Represents end-user data.

FieldArgumentTypeDescription

id

ID!

The end-user ID in Cisco Identity Intelligence.

displayName

String!

The end-user's display name.

login

String!

End-user's email address.

emails

[String]!

List of emails associated with the end-user in the IdP and HR system.

status

EndUserStatus!

The unified status of the end-user across all providers.

userIds

[String!]

List of end-user IDs associated with the end-user in the Identity Provider and HR systems.

company

String

The company the end-user belongs to.

department

String

The department the end-user belongs to.

title

String

The end-user's title.

userTypeClassification

UserTypeClassification

The unified classification of the end-user type across all providers.

employeeIds

[String!]

List of employee IDs associated with the end-user in the Identity Provider and HR systems.

linkedEndUserLogins

[String!]

List of linked end-users' logins.

groupNames

[String!]

List of names of the groups the end-user is a member of.

phoneNumbers

[String!]

The end-user's phone numbers used for authentication.

managerLogin

String

The end-user's manager login.

devices

[PublicUserDevice!]

List of devices the end-user uses.

mfaEnabled

Boolean

Indicates if the MFA is enabled for the end-user.

lastSignIn

PublicUserSignInInfo

The last sign details for the end-user.

lastActive

AWSDateTime

The last active timestamp for the end-user.

firstCreatedDate

AWSDateTime

The first created date of the account across all providers.

failingChecks

[String!]

The checks that the end-user has failed.

referenceUrl

String!

End-user's URL in Cisco Identity Intelligence.

PublicProviderEndUserDetails

FieldArgumentTypeDescription

userId

String!

The end-user userId.

provider

Provider!

The type of the provider.

firstName

String

The end-user's first name.

lastName

String

The end-user's last name.

displayName

String

The end-user's display name.

login

String!

End-user's email address.

status

EndUserStatus!

The unified status of the end-user across all providers.

company

String

The company the end-user belongs to.

department

String

The department the end-user belongs to.

title

String

The end-user's title.

userTypeClassification

UserTypeClassification

The unified classification of the end-user type across all providers.

employeeId

String

Employee ID associated with the end-user in the Identity Provider and HR systems.

managerLogin

String

The end-user's manager login.

mfaEnabled

Boolean

Indicates if the MFA is enabled for the end-user.

lastSignIn

PublicUserSignInInfo

The last sign details for the end-user.

creationDate

AWSDateTime

The creation date of the account across.

lastUpdated

AWSDateTime

The last updated date of the account.

PublicUserDevice

FieldArgumentTypeDescription

deviceId

String!

The device ID.

displayName

String

The device display name.

os

OsType

The device OS type.

lastSeen

AWSDateTime

The last time the end-user used the device.

deviceType

DeviceType

The device type: access or authentication.

provider

Provider!

The provider type.

PublicUserSignInInfo

FieldArgumentTypeDescription

timestamp

AWSDateTime!

The end-user's sign-in timestamp.

result

String

The end-user's sign-in result.

reason

String

The end-user's sign-in failure reason.

ipAddress

String

The end-user's sign-in IP address.

location

GeoLocation

The end-user's sign-in location.

TotalHits

FieldArgumentTypeDescription

count

Int!

relation

String!

TotalWithMedian

FieldArgumentTypeDescription

total

Int!

median

Float!

TypedKeyValuePair

FieldArgumentTypeDescription

key

String!

value

String!

type

String

minValue

Int

maxValue

Int

Inputs

DailyScheduleInput

FieldTypeDescription

hour

Int!

minute

Int!

ItemListInput

FieldTypeDescription

listType

ListType!

items

[String!]!

KeyValuePairInput

FieldTypeDescription

key

String!

value

String!

ListEndUsersInput

FieldTypeDescription

orderBy

[OrderBy!]

OrderBy

FieldTypeDescription

name

String!

order

Order

RegisterWebhookWithApiKey

Input for registering a webhook with an API key.

FieldTypeDescription

name

String!

Part of the name of the webhook. The webhook name is a combination of the name and a random suffix for uniqueness.

endpoint

String!

The URL of the webhook endpoint.

apiKeyName

String!

The name of the API key to use for the webhook. Sent in the webhook payload headers as the header name.

apiKey

String!

The value of the API secret key to use for the webhook. Sent in the webhook payload headers as the header value.

checkIds

[String!]!

The list of Cisco Identity Intelligence check IDs to subscribe to.

RegisterWebhookWithDuoSecurityClient

FieldTypeDescription

name

String!

Part of the name of the webhook. The webhook name is a combination of the name and a Webhook prefix

duoIntegrationInstanceId

String!

The ID of the existing Duo integration instance.

checkIds

[String!]!

The list of Cisco Identity Intelligence check IDs to subscribe to.

TimestampRange

FieldTypeDescription

startTimestamp

String!

endTimestamp

String

Enums

DataType

ValueDescription

APPS

APPS_TO_GROUPS

APPS_TO_USERS

EVENT_LOGS

AUDIT_LOGS

ACTIVITY_LOGS

ADDITIONAL_LOGS

FACTORS_TO_USERS

GROUPS

GROUPS_TO_USERS

DIRECT_REPORTS

DIRECTORY_ROLES

IDP

USERS

DEVICES

RISKY_USERS

RISKY_USER_EVENTS

NAMED_LOCATIONS

IP_CIDR_LIST

IP_THREAT_INSIGHTS

POLICIES

POLICY_RULES

SERVICE_PRINCIPAL

API_TOKEN

EVENT_HUB

AUTHENTICATORS

AUTHENTICATORS_TO_USERS

SIGNIN_LOGS

LOGIN_HISTORY

LOGIN_GEO

AUTH_CONFIG

USER_LOGIN

END_USER_LOGINS

PROFILES

CONDITIONAL_ACCESS_POLICY

PROVISIONING_EVENTS

ORGANIZATIONS

USER_EMAILS

USER_ENTERPRISE_EMAILS

COLLABORATORS

MEMBER_INVITATIONS

COLLABORATOR_INVITATIONS

PERMISSION_SETS

USER_SCHEMA

MAILBOX_SETTINGS

MESSAGE_RULES

DEVICE_AUDIT_EVENTS

AUTH_API

ENDPOINTS

TOKENS

WEBAUTHNCREDENTIALS

BYPASS_CODES

SIGNIN_ACTIVITY

DeviceType

ValueDescription

ACCESS

AUTHENTICATION

EndUserStatus

ValueDescription

ACTIVE

INACTIVE

DEPROVISIONED

LOCKED_OUT

PASSWORD_EXPIRED

PROVISIONED

RECOVERY

STAGED

SUSPENDED

INCONSISTENT

DELETED

DISABLED

BLOCKED

TRANSIENT

UNKNOWN

HttpMethod

ValueDescription

GET

POST

PUT

HEAD

OPTIONS

PATCH

DELETE

ListType

ValueDescription

allow

block

ignore

include

Order

ValueDescription

asc

desc

OsType

ValueDescription

WINDOWS

WINDOWS_MOBILE

MACOS

IOS

ANDROID

LINUX

CHROME_OS

UNKNOWN

Provider

ValueDescription

AUTH0

AWS

AZURE_AD

OKTA

HRIS

SLACK

DUO

G_SUITE

WORKDAY

SALESFORCE

GIT_HUB

UserTypeClassification

ValueDescription

INTERNAL

EXTERNAL

MISSING

UNCLASSIFIED

INCONSISTENT

SERVICE_ACCOUNT

SHARED_MAILBOX

LINKED_USER_ACCOUNT

CONFERENCE_ROOM

EQUIPMENT_MAILBOX

OTHER_MAILBOX

WorkflowState

ValueDescription

SUCCESS

ERROR

UNKNOWN

RUNNING

Scalars

AWSDate

The AWSDate scalar type represents a valid extended ISO 8601 Date string. In other words, this scalar type accepts date strings of the form YYYY-MM-DD. This scalar type can also accept time zone offsets. For example, 1970-01-01Z, 1970-01-01-07:00 and 1970-01-01+05:30 are all valid dates. The time zone offset must either be Z (representing the UTC time zone) or be in the format Β±hh:mm:ss. The seconds field in the timezone offset will be considered valid even though it is not part of the ISO 8601 standard.

AWSDateTime

The AWSDateTime scalar type represents a valid extended ISO 8601 DateTime string. In other words, this scalar type accepts datetime strings of the form YYYY-MM-DDThh:mm:ss.sssZ. The field after the seconds field is a nanoseconds field. It can accept between 1 and 9 digits. The seconds and nanoseconds fields are optional (the seconds field must be specified if the nanoseconds field is to be used). The time zone offset is compulsory for this scalar. The time zone offset must either be Z (representing the UTC time zone) or be in the format Β±hh:mm:ss. The seconds field in the timezone offset will be considered valid even though it is not part of the ISO 8601 standard.

AWSEmail

The AWSEmail scalar type represents an Email address string that complies with RFC 822. For example, username@example.com is a valid Email address.

AWSIPAddress

The AWSIPAddress scalar type represents a valid IPv4 or IPv6 address string.

AWSJSON

The AWSJSON scalar type represents a JSON string that complies with RFC 8259.

Maps like {\"upvotes\": 10}, lists like [1,2,3], and scalar values like \"AWSJSON example string\", 1, and true are accepted as valid JSON. They will automatically be parsed and loaded in the resolver mapping templates as Maps, Lists, or Scalar values rather than as the literal input strings. Invalid JSON strings like {a: 1}, {'a': 1} and Unquoted string will throw GraphQL validation errors.

AWSPhone

The AWSPhone scalar type represents a valid Phone Number. Phone numbers are serialized and deserialized as Strings. Phone numbers provided may be whitespace delimited or hyphenated. The number can specify a country code at the beginning but this is not required.

AWSTime

The AWSTime scalar type represents a valid extended ISO 8601 Time string. In other words, this scalar type accepts time strings of the form hh:mm:ss.sss. The field after the seconds field is a nanoseconds field. It can accept between 1 and 9 digits. The seconds and nanoseconds fields are optional (the seconds field must be specified if the nanoseconds field is to be used). This scalar type can also accept time zone offsets.

For example, 12:30Z, 12:30:24-07:00 and 12:30:24.500+05:30 are all valid time strings.

The time zone offset must either be Z (representing the UTC time zone) or be in the format hh:mm:ss. The seconds field in the timezone offset will be considered valid even though it is not part of the ISO 8601 standard.

AWSTimestamp

The AWSTimestamp scalar type represents the number of seconds that have elapsed since 1970-01-01T00:00Z. Timestamps are serialized and deserialized as numbers. Negative values are also accepted and these represent the number of seconds till 1970-01-01T00:00Z.

AWSURL

The AWSURL scalar type represents a valid URL string. The URL may use any scheme and may also be a local URL (Ex: http://localhost/). URLs without schemes are considered invalid. URLs which contain double slashes are also considered invalid.

Boolean

The Boolean scalar type represents true or false.

Float

The Float scalar type represents signed double-precision fractional values as specified by IEEE 754.

ID

The ID scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as "4") or integer (such as 4) input value will be accepted as an ID.

Int

The Int scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1.

String

The String scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.

PreviousPublic APINextTroubleshooting & Support

Last updated