# APIs ## Schema Types
Table of Contents * [Query](#query) * [Mutation](#mutation) * [Objects](#objects) * [ConnectivityStatus](#connectivitystatus) * [DailySchedule](#dailyschedule) * [EndUserRef](#enduserref) * [EndUserState](#enduserstate) * [GeoCoordinates](#geocoordinates) * [GeoLocation](#geolocation) * [GetEndUserOutput](#getenduseroutput) * [GetEndUsersByIpConnection](#getendusersbyipconnection) * [IpAddressInfo](#ipaddressinfo) * [ItemList](#itemlist) * [KeyValuePair](#keyvaluepair) * [LabelCount](#labelcount) * [ListEndUsersConnection](#listendusersconnection) * [LocationWithPrevalence](#locationwithprevalence) * [PublicEndUser](#publicenduser) * [PublicEndUserDetails](#publicenduserdetails) * [PublicProviderEndUserDetails](#publicproviderenduserdetails) * [PublicUserDevice](#publicuserdevice) * [PublicUserSignInInfo](#publicusersignininfo) * [TotalHits](#totalhits) * [TotalWithMedian](#totalwithmedian) * [TypedKeyValuePair](#typedkeyvaluepair) * [Inputs](#inputs) * [DailyScheduleInput](#dailyscheduleinput) * [ItemListInput](#itemlistinput) * [KeyValuePairInput](#keyvaluepairinput) * [ListEndUsersInput](#listendusersinput) * [OrderBy](#orderby) * [RegisterWebhookWithApiKey](#registerwebhookwithapikey) * [TimestampRange](#timestamprange) * [Enums](#enums) * [DataType](#datatype) * [DeviceType](#devicetype) * [EndUserStatus](#enduserstatus) * [HttpMethod](#httpmethod) * [ListType](#listtype) * [Order](#order) * [OsType](#ostype) * [Provider](#provider) * [UserTypeClassification](#usertypeclassification) * [WorkflowState](#workflowstate) * [Scalars](#scalars) * [AWSDate](#awsdate) * [AWSDateTime](#awsdatetime) * [AWSEmail](#awsemail) * [AWSIPAddress](#awsipaddress) * [AWSJSON](#awsjson) * [AWSPhone](#awsphone) * [AWSTime](#awstime) * [AWSTimestamp](#awstimestamp) * [AWSURL](#awsurl) * [Boolean](#boolean) * [Float](#float) * [ID](#id) * [Int](#int) * [String](#string)
### Query | Field | Argument | Type | Description | | ---------------------- | --------: | -------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **ping** | | Boolean! | Ping the API to check if it is up and running. | | **getEndUserState** | | [EndUserState](#enduserstate)! |

Note: This endpoint is no longer being maintained. Please use GetEndUser

Fetch a concise summary of end-user information, including key fields and relevant details. Use this query when you want to get a basic end-user digest.

| | **login** | | String! | End-user's email address. | | **email** | | String! | End-user primary email address. | | **getEndUsersByIp** | | [GetEndUsersByIpConnection](#getendusersbyipconnection)! | Retrieve end-users associated with a specified IP address. | | | ipAddress | String! | IP Address. | | | pageSize | Int | Number of items per page. Default pageSize is 100. Max pageSize is 500. | | | pageToken | String | Token for paginating through the result set. | | **getEndUser** | | [GetEndUserOutput](#getenduseroutput)! | Fetch end-user's detailed information, including including devices, integrations, factors and more. Use this query when you want to get a comprehensive end-user details. | | | login | String! | End-user's email address. | | **listEndUsers** | | [ListEndUsersConnection](#listendusersconnection)! | Fetch the list of end-users. Use this query to retrieve a large number of items using paging. The default page size is 100, and the maximum page size is 500. Page token is used to retrieve the next page. If not provided, the first page is retrieved. | | | input | [ListEndUsersInput](#listendusersinput)! | Input data for end-users listing. | | | pageSize | Int | Number of items per page. Default pageSize is 100. Max pageSize is 500. | | | pageToken | String | Token for paginating through the result set. | | **listEndUserUpdates** | | [EndUserUpdatesConnection](#locationwithprevalence)! | Fetch the list of updates to selected end-user properties (such as `endUserTrustScore`) since the specified date. Use this query to retrieve large result sets with paging. The default page size is 100, and the maximum is 500. Use the page token to request the next page; if no token is provided, the first page is returned. | | | input | [ListEndUserUpdatesInput](#listendusersinput-1) | Input data for end-user updates listing. | | | pageSize | Int | Number of items per page. Default pageSize is 100. Max pageSize is 500. | | | pageToken | String | Token for paginating through the result set. | ### Mutation | Field | Argument | Type | Description | | ---------------------------------------- | -------: | -------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | | **registerWebhookWithApiKey** | | ID! | Register a Webhook Notification Target with an API key as a target for Failed Check findings. See more at | | | input | [RegisterWebhookWithApiKey!](#registerwebhookwithapikey) | Input data for registering a webhook with an API key. | | **registerWebhookWithDuoSecurityClient** | | ID! | Register a Webhook Notification Target with Duo Security Client as a target for Failed Checks findings. | | | input | [RegisterWebhookWithDuoSecurityClient!](#timestamprange) | Input data for registering a webhook with an Duo Security Client. | | **unregisterWebhook** | | Boolean! | Unregister a Webhook Notification Target. | | | id | ID! | ID of the webhook to unregister. | ### Objects #### ConnectivityStatus | Field | Argument | Type | Description | | -------------- | -------: | ------ | ----------- | | **statusCode** | | Int! | | | **payload** | | String | | | **reason** | | String | | #### DailySchedule | Field | Argument | Type | Description | | ---------- | -------: | ---- | ----------- | | **hour** | | Int! | | | **minute** | | Int! | | #### EndUserRef Represents a reference to an end-user. | Field | Argument | Type | Description | | ---------------- | -------: | ------- | ----------------------------------------------- | | **id** | | ID! | The end-user ID in Cisco Identity Intelligence. | | **displayName** | | String! | The end-user's display name. | | **login** | | String! | End-user's email address. | | **referenceUrl** | | String | End-user's URL in Cisco Identity Intelligence. | #### EndUserState **Note: This endpoint is no longer being maintained.**** Please use** [**GetEndUser**](#getenduseroutput) Represents a concise summary of end-user information, including key fields and relevant details. | Field | Argument | Type | Description | | ----------------------------- | -------: | ----------------------------------------------------- | ------------------------------------------------------------------------------------------ | | **id** | | ID! | The end-user ID in Cisco Identity Intelligence. | | **displayName** | | String! | The end-user's display name. | | **login** | | String! | End-user's email address. | | **employeeId** | | \[String!] | List of employee IDs associated with the end-user in the Identity Provider and HR systems. | | **status** | | String! | The aggregated end-user status in the identity providers. | | **userTypeClassification** | | [UserTypeClassification](#usertypeclassification) | The end-user classification in Cisco Identity Intelligence. | | **managerLogin** | | String | End-user's manager email address. | | **ipAddresses** | | \[[IpAddressInfo](#ipaddressinfo)!] | List of IP Addresses used by the end-user. | | **phoneNumber** | | String | End-user's phone number. | | **unusedApplications** | | \[String!] | Names of applications the end-user has access and did not access in the past 30 days. | | **usedApplications** | | \[String!] | Names of applications the end-user has access and accessed in the past 30 days. | | **usedFactors** | | \[String!] | Authentication factors used by the end-user. | | **referenceUrl** | | String | End-user's URL in Cisco Identity Intelligence. | | **registeredLocationDetails** | | [GeoLocation](#geolocation) | The end-user's registered location | | **workingLocationDetails** | | \[[LocationWithPrevalence](#locationwithprevalence)!] | List of the locations the end-user works in. | #### FeatureExplainabilityItem | Field | Argument | Type | Description | | ------------- | -------: | --------------------------------- | ----------- | | **featureId** | | String! | | | **details** | | \[[KeyValuePair](#keyvaluepair)!] | | #### GeoCoordinates | Field | Argument | Type | Description | | ------------- | -------: | ----- | ----------- | | **latitude** | | Float | | | **longitude** | | Float | | #### GeoLocation IP Address geolocation information. | Field | Argument | Type | Description | | ----------- | -------: | ------ | ---------------------------------------------- | | **city** | | String | The city name. | | **state** | | String | The state name. | | **country** | | String | two-letter country code defined in ISO 3166-1. | #### GetEndUserOutput | Field | Argument | Type | Description | | -------------------------- | -------: | ------------------------------------------------------------------ | -------------------------------------------------- | | **endUserDetails** | | [PublicEndUserDetails](#publicenduserdetails)! | The unified end-user details across all providers. | | **providerEndUserDetails** | | \[[PublicProviderEndUserDetails](#publicproviderenduserdetails)!]! | The array of end-user details by provider. | #### GetEndUsersByIpConnection End-users associated with a specified IP address. | Field | Argument | Type | Description | | ------------- | -------: | ------------------------------ | ----------------------------------------------------------------------------------------------------------- | | **items** | | \[[EndUserRef](#enduserref)!]! | Itemized list of end-users associated with a specified IP address. | | **pageToken** | | String | Token for paginating through the result set. If pageToken is undefined, there are no more results to fetch. | #### **GroupExplainabilityItem**
FieldArgumentTypeDescription
groupIdTrustScoreGroupId!
weightTrustScoreWeightNormalized trust score weight
details[FeatureExplainabilityItem!]
#### IpAddressInfo IP Address information. | Field | Argument | Type | Description | | ------------- | -------: | --------------------------- | ----------------------------------- | | **ipAddress** | | String! | IP Address. | | **location** | | [GeoLocation](#geolocation) | IP Address geolocation information. | #### ItemList | Field | Argument | Type | Description | | ------------ | -------: | ---------------------- | ----------- | | **listType** | | [ListType](#listtype)! | | | **items** | | \[String!]! | | #### KeyValuePair | Field | Argument | Type | Description | | --------- | -------: | ------- | ----------- | | **key** | | String! | | | **value** | | String! | | #### LabelCount | Field | Argument | Type | Description | | --------- | -------: | ------- | ----------- | | **value** | | String! | | | **count** | | Int! | | #### ListEndUsersConnection End-users list. | Field | Argument | Type | Description | | ------------- | -------: | ------------------------------------ | ----------------------------------------------------------------------------------------------------------- | | **items** | | \[[PublicEndUser](#publicenduser)!]! | Itemized list of end-users. | | **pageToken** | | String | Token for paginating through the result set. If pageToken is undefined, there are no more results to fetch. | #### EndUserUpdatesConnection Changes for a predefined subset of end-user properties. | Field | Argument | Type | Description | | ------------- | -------: | ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------- | | **items** | | \[[PublicEndUserUpdate](#publicenduserdetails)!]! | Itemized list of end-user properties update | | **pageToken** | | String | Token for paginating through the result set. If pageToken is undefined, there are no more results to fetch. | #### LocationWithPrevalence | Field | Argument | Type | Description | | -------------------------- | -------: | ---------------------------- | ----------- | | **location** | | [GeoLocation](#geolocation)! | | | **userLocationPrevalence** | | Float! | | #### PublicEndUser Represents end-user basic data. | Field | Argument | Type | Description | | -------------------------- | -------: | ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------ | | **id** | | ID! | The end-user ID in Cisco Identity Intelligence. | | **displayName** | | String | The end-user's display name. | | **login** | | String! | End-user's email address. | | **emails** | | \[String!] | List of emails associated with the end-user in the IdP and HR system. | | **status** | | [EndUserStatus](#enduserstatus) | The unified status of the end-user across all providers. | | **company** | | String | The company the end-user belongs to. | | **department** | | String | The department the end-user belongs to. | | **title** | | String | The end-user's title. | | **userTypeClassification** | | [UserTypeClassification](#usertypeclassification) | The unified classification of the end-user type across all providers. | | **employeeIds** | | \[String!] | List of employee IDs associated with the end-user in the Identity Provider and HR systems. | | **userKeys** | | \[String!] | List of user keys associated with the end-user in the Identity Provide | | **linkedEndUserLogins** | | \[String!] | List of linked end-users' logins. | | **groupNames** | | \[String!] | List of names of the groups the end-user is a member of. Maximum 10 items. | | **hasMoreGroups** | | Boolean! | The indication if more groups exist for the end-user. | | **phoneNumbers** | | \[String!] | The end-user's phone numbers used for authentication. | | **managerLogin** | | String | The end-user's manager login. | | **devices** | | \[[PublicUserDevice](#publicuserdevice)\![\]](#publicuserdevice) | List of devices the end-user uses. | | **mfaEnabled** | | Boolean | Indicates if the MFA is enabled for the end-user. | | **lastSignIn** | | [PublicUserSignInInfo](#publicusersignininfo) | The last sign details for the end-user. | | **lastActive** | | [AWSDateTime](#awsdatetime) | The last active timestamp for the end-user. | | **failingChecks** | | \[String!] | The checks that the end-user has failed. | | **firstCreatedDate** | | [AWSDateTime](#awsdatetime) | The first created date of the account across all providers. | | **providers** | | \[[Provider](#provider)!]! | List of provider types for the integrations the end-user data is collected from. | | **referenceUrl** | | String! | End-user's URL in Cisco Identity Intelligence. | | **endUserTrustScore** | | [PublicEndUserTrustScore](#publicproviderenduserdetails) | | #### PublicEndUserUpdate | Field | Argument | Type | Description | | --------------------- | -------: | -------------------------------------------------------- | ---------------------------------------------------------------------- | | **id** | | ID! | The end-user ID in Cisco Identity Intelligence. | | **login** | | String! | End-user's email address. | | **userKeys** | | \[String!]! | List of user keys associated with the end-user in the Identity Provide | | **failingChecks** | | \[String!] | The checks that the end-user has failed. | | **endUserTrustScore** | | [PublicEndUserTrustScore](#publicproviderenduserdetails) | | #### PublicEndUserDetails Represents end-user data. | Field | Argument | Type | Description | | -------------------------- | -------: | -------------------------------------------------------- | ------------------------------------------------------------------------------------------ | | **id** | | ID! | The end-user ID in Cisco Identity Intelligence. | | **displayName** | | String! | The end-user's display name. | | **login** | | String! | End-user's email address. | | **emails** | | \[String]! | List of emails associated with the end-user in the IdP and HR system. | | **status** | | [EndUserStatus](#enduserstatus)! | The unified status of the end-user across all providers. | | **userIds** | | \[String!] | List of end-user IDs associated with the end-user in the Identity Provider and HR systems. | | **company** | | String | The company the end-user belongs to. | | **department** | | String | The department the end-user belongs to. | | **title** | | String | The end-user's title. | | **userTypeClassification** | | [UserTypeClassification](#usertypeclassification) | The unified classification of the end-user type across all providers. | | **employeeIds** | | \[String!] | List of employee IDs associated with the end-user in the Identity Provider and HR systems. | | **linkedEndUserLogins** | | \[String!] | List of linked end-users' logins. | | **groupNames** | | \[String!] | List of names of the groups the end-user is a member of. | | **phoneNumbers** | | \[String!] | The end-user's phone numbers used for authentication. | | **managerLogin** | | String | The end-user's manager login. | | **devices** | | \[[PublicUserDevice](#publicuserdevice)!] | List of devices the end-user uses. | | **mfaEnabled** | | Boolean | Indicates if the MFA is enabled for the end-user. | | **lastSignIn** | | [PublicUserSignInInfo](#publicusersignininfo) | The last sign details for the end-user. | | **lastActive** | | [AWSDateTime](#awsdatetime) | The last active timestamp for the end-user. | | **firstCreatedDate** | | [AWSDateTime](#awsdatetime) | The first created date of the account across all providers. | | **failingChecks** | | \[String!] | The checks that the end-user has failed. | | **referenceUrl** | | String! | End-user's URL in Cisco Identity Intelligence. | | **endUserTrustScore** | | [PublicEndUserTrustScore](#publicproviderenduserdetails) | | #### PublicEndUserTrustScore
FieldArgumentTypeDescription
levelOfTrustLevelOfTrust!
scoreExplainabilitySummaryPublicScoreExplainabilitySummary
meaningfulExplainability[String!]Human readable explainability of the score
lastUpdated#awsdatetimeThe last score evaluation timestamp
#### PublicProviderEndUserDetails | Field | Argument | Type | Description | | -------------------------- | -------: | ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **userId** | | String! | The end-user userId. | | **provider** | | [Provider](#provider)! | The type of the provider. | | **firstName** | | String | The end-user's first name. | | **lastName** | | String | The end-user's last name. | | **displayName** | | String | The end-user's display name. | | **login** | | String! | End-user's email address. | | **status** | | [EndUserStatus](#enduserstatus)! | The unified status of the end-user across all providers. | | **company** | | String | The company the end-user belongs to. | | **department** | | String | The department the end-user belongs to. | | **title** | | String | The end-user's title. | | **userTypeClassification** | | [UserTypeClassification](#usertypeclassification) | The unified classification of the end-user type across all providers. | | **employeeId** | | String | Employee ID associated with the end-user in the Identity Provider and HR systems. | | **managerLogin** | | String | The end-user's manager login. | | **mfaEnabled** | | Boolean | Indicates if the MFA is enabled for the end-user. | | **lastSignIn** | | [PublicUserSignInInfo](#publicusersignininfo) | The last sign details for the end-user. | | **creationDate** | | [AWSDateTime](#awsdatetime) | The creation date of the account across. | | **lastUpdated** | | [AWSDateTime](#awsdatetime) | The last updated date of the account. | | **isAdmin** | | Boolean | Indicates if the user is an admin in this provider. | | additionalDetails | | \[[KeyValuePair](#keyvaluepair)!] | A collection of provider-specific properties represented as key-value pairs. This field contains supplementary details that may vary depending on the provider. | #### PublicRiskyActivityCounts | Field | Argument | Type | Description | | ---------------- | -------: | ----------------------------- | ------------------------------------ | | **total** | | Int! | | | **levelOfTrust** | | \[[LabelCount](#labelcount)!] | counts grouped by the level of trust | #### PublicScoreExplainabilitySummary
FieldArgumentTypeDescription
riskyActivityCountsPublicRiskyActivityCounts!
combinedScoreExplainability[GroupExplainabilityItem!]
#### PublicUserDevice | Field | Argument | Type | Description | | --------------- | -------: | --------------------------- | ------------------------------------------- | | **deviceId** | | String! | The device ID. | | **displayName** | | String | The device display name. | | **os** | | OsType | The device OS type. | | **lastSeen** | | [AWSDateTime](#awsdatetime) | The last time the end-user used the device. | | **deviceType** | | [DeviceType](#devicetype) | The device type: access or authentication. | | **provider** | | [Provider](#provider)! | The provider type. | #### PublicUserSignInInfo | Field | Argument | Type | Description | | ------------- | -------: | ---------------------------- | -------------------------------------- | | **timestamp** | | [AWSDateTime](#awsdatetime)! | The end-user's sign-in timestamp. | | **result** | | String | The end-user's sign-in result. | | **reason** | | String | The end-user's sign-in failure reason. | | **ipAddress** | | String | The end-user's sign-in IP address. | | **location** | | [GeoLocation](#geolocation) | The end-user's sign-in location. | #### TotalHits | Field | Argument | Type | Description | | ------------ | -------: | ------- | ----------- | | **count** | | Int! | | | **relation** | | String! | | #### TotalWithMedian | Field | Argument | Type | Description | | ---------- | -------: | ------ | ----------- | | **total** | | Int! | | | **median** | | Float! | | #### TypedKeyValuePair | Field | Argument | Type | Description | | ------------ | -------: | ------- | ----------- | | **key** | | String! | | | **value** | | String! | | | **type** | | String | | | **minValue** | | Int | | | **maxValue** | | Int | | ### Inputs #### DailyScheduleInput | Field | Type | Description | | ---------- | ---- | ----------- | | **hour** | Int! | | | **minute** | Int! | | #### ItemListInput | Field | Type | Description | | ------------ | ----------- | ----------- | | **listType** | ListType! | | | **items** | \[String!]! | | #### KeyValuePairInput | Field | Type | Description | | --------- | ------- | ----------- | | **key** | String! | | | **value** | String! | | #### ListEndUsersInput | Field | Type | Description | | ----------- | ----------- | ----------- | | **orderBy** | \[OrderBy!] | | #### ListEndUserUpdatesInput | Field | Type | Description | | ----------- | ------------ | ---------------------------------------------------------------------------------- | | **orderBy** | \[OrderBy!] | | | **since** | AWSDateTime! | The date and time from which to start listing updates. Must be within last 7 days. | #### OrderBy | Field | Type | Description | | --------- | ------- | ----------- | | **name** | String! | | | **order** | Order | | #### RegisterWebhookWithApiKey Input for registering a webhook with an API key. | Field | Type | Description | | -------------- | ----------- | ------------------------------------------------------------------------------------------------------------------ | | **name** | String! | Part of the name of the webhook. The webhook name is a combination of the name and a random suffix for uniqueness. | | **endpoint** | String! | The URL of the webhook endpoint. | | **apiKeyName** | String! | The name of the API key to use for the webhook. Sent in the webhook payload headers as the header name. | | **apiKey** | String! | The value of the API secret key to use for the webhook. Sent in the webhook payload headers as the header value. | | **checkIds** | \[String!]! | The list of Cisco Identity Intelligence check IDs to subscribe to. | #### RegisterWebhookWithDuoSecurityClient | Field | Type | Description | | ---------------------------- | ----------- | --------------------------------------------------------------------------------------------------- | | **name** | String! | Part of the name of the webhook. The webhook name is a combination of the name and a Webhook prefix | | **duoIntegrationInstanceId** | String! | The ID of the existing Duo integration instance. | | **checkIds** | \[String!]! | The list of Cisco Identity Intelligence check IDs to subscribe to. | #### TimestampRange | Field | Type | Description | | ------------------ | ------- | ----------- | | **startTimestamp** | String! | | | **endTimestamp** | String | | ### Enums #### DataType | Value | Description | | ------------------------------- | ----------- | | **APPS** | | | **APPS\_TO\_GROUPS** | | | **APPS\_TO\_USERS** | | | **EVENT\_LOGS** | | | **AUDIT\_LOGS** | | | **ACTIVITY\_LOGS** | | | **ADDITIONAL\_LOGS** | | | **FACTORS\_TO\_USERS** | | | **GROUPS** | | | **GROUPS\_TO\_USERS** | | | **DIRECT\_REPORTS** | | | **DIRECTORY\_ROLES** | | | **IDP** | | | **USERS** | | | **DEVICES** | | | **RISKY\_USERS** | | | **RISKY\_USER\_EVENTS** | | | **NAMED\_LOCATIONS** | | | **IP\_CIDR\_LIST** | | | **IP\_THREAT\_INSIGHTS** | | | **POLICIES** | | | **POLICY\_RULES** | | | **SERVICE\_PRINCIPAL** | | | **API\_TOKEN** | | | **EVENT\_HUB** | | | **AUTHENTICATORS** | | | **AUTHENTICATORS\_TO\_USERS** | | | **SIGNIN\_LOGS** | | | **LOGIN\_HISTORY** | | | **LOGIN\_GEO** | | | **AUTH\_CONFIG** | | | **USER\_LOGIN** | | | **END\_USER\_LOGINS** | | | **PROFILES** | | | **CONDITIONAL\_ACCESS\_POLICY** | | | **PROVISIONING\_EVENTS** | | | **ORGANIZATIONS** | | | **USER\_EMAILS** | | | **USER\_ENTERPRISE\_EMAILS** | | | **COLLABORATORS** | | | **MEMBER\_INVITATIONS** | | | **COLLABORATOR\_INVITATIONS** | | | **PERMISSION\_SETS** | | | **USER\_SCHEMA** | | | **MAILBOX\_SETTINGS** | | | **MESSAGE\_RULES** | | | **DEVICE\_AUDIT\_EVENTS** | | | **AUTH\_API** | | | **ENDPOINTS** | | | **TOKENS** | | | **WEBAUTHNCREDENTIALS** | | | **BYPASS\_CODES** | | | **SIGNIN\_ACTIVITY** | | #### DeviceType | Value | Description | | ------------------ | ----------- | | **ACCESS** | | | **AUTHENTICATION** | | #### EndUserStatus | Value | Description | | --------------------- | ----------- | | **ACTIVE** | | | **INACTIVE** | | | **DEPROVISIONED** | | | **LOCKED\_OUT** | | | **PASSWORD\_EXPIRED** | | | **PROVISIONED** | | | **RECOVERY** | | | **STAGED** | | | **SUSPENDED** | | | **INCONSISTENT** | | | **DELETED** | | | **DISABLED** | | | **BLOCKED** | | | **TRANSIENT** | | | **UNKNOWN** | | #### HttpMethod | Value | Description | | ----------- | ----------- | | **GET** | | | **POST** | | | **PUT** | | | **HEAD** | | | **OPTIONS** | | | **PATCH** | | | **DELETE** | | #### LevelOfTrust | Value | Description | | ---------------- | ------------------------------------------------------------------------------ | | **TRUSTED** | Indicates exceptional safety | | **FAVORABLE** | Indicates a level of safety | | **NEUTRAL** | Displaying neither positive or negative behavior. However, has been evaluated. | | **QUESTIONABLE** | Displaying behavior that may indicate risk, or could be undesirable | | **UNTRUSTED** | Displaying behavior that is exceptionally bad, malicious, or undesirable | | **UNKNOWN** | Not previously evaluated, or lacking features to assert a threat level verdict | #### ListType | Value | Description | | ----------- | ----------- | | **allow** | | | **block** | | | **ignore** | | | **include** | | #### Order | Value | Description | | -------- | ----------- | | **asc** | | | **desc** | | #### OsType | Value | Description | | ------------------- | ----------- | | **WINDOWS** | | | **WINDOWS\_MOBILE** | | | **MACOS** | | | **IOS** | | | **ANDROID** | | | **LINUX** | | | **CHROME\_OS** | | | **UNKNOWN** | | #### Provider | Value | Description | | -------------- | ----------- | | **AUTH0** | | | **AWS** | | | **AZURE\_AD** | | | **OKTA** | | | **HRIS** | | | **SLACK** | | | **DUO** | | | **G\_SUITE** | | | **WORKDAY** | | | **SALESFORCE** | | | **GIT\_HUB** | | #### TrustScoreGroupId | Value | Description | | ---------------------------- | ----------- | | **ACCOUNT\_LOGIN\_BEHAVIOR** | | | **ACTIONS\_IN\_SESSION** | | | **APPLICATION** | | | **DEVICE** | | | **EXTERNAL\_THREAT** | | | **FIRST\_FACTOR** | | | **SECOND\_FACTOR** | | | **NETWORK** | | | **PERMISSION** | | | **SESSION** | | | **ACCOUNT\_VALIDITY** | | #### TrustScoreWeight | Value | Description | | ---------------- | ----------- | | **NO\_RISK** | | | **LOW\_RISK** | | | **MEDIUM\_RISK** | | | **HIGH\_RISK** | | #### UserTypeClassification | Value | Description | | ------------------------- | ----------- | | **INTERNAL** | | | **EXTERNAL** | | | **MISSING** | | | **UNCLASSIFIED** | | | **INCONSISTENT** | | | **SERVICE\_ACCOUNT** | | | **SHARED\_MAILBOX** | | | **LINKED\_USER\_ACCOUNT** | | | **CONFERENCE\_ROOM** | | | **EQUIPMENT\_MAILBOX** | | | **OTHER\_MAILBOX** | | #### WorkflowState | Value | Description | | ----------- | ----------- | | **SUCCESS** | | | **ERROR** | | | **UNKNOWN** | | | **RUNNING** | | ### Scalars #### AWSDate The AWSDate scalar type represents a valid extended ISO 8601 Date string. In other words, this scalar type accepts date strings of the form YYYY-MM-DD. This scalar type can also accept time zone offsets. For example, 1970-01-01Z, 1970-01-01-07:00 and 1970-01-01+05:30 are all valid dates. The time zone offset must either be Z (representing the UTC time zone) or be in the format ±hh:mm:ss. The seconds field in the timezone offset will be considered valid even though it is not part of the ISO 8601 standard. #### AWSDateTime The AWSDateTime scalar type represents a valid extended ISO 8601 DateTime string. In other words, this scalar type accepts datetime strings of the form YYYY-MM-DDThh:mm:ss.sssZ. The field after the seconds field is a nanoseconds field. It can accept between 1 and 9 digits. The seconds and nanoseconds fields are optional (the seconds field must be specified if the nanoseconds field is to be used). The time zone offset is compulsory for this scalar. The time zone offset must either be Z (representing the UTC time zone) or be in the format ±hh:mm:ss. The seconds field in the timezone offset will be considered valid even though it is not part of the ISO 8601 standard. #### AWSEmail The AWSEmail scalar type represents an Email address string that complies with RFC 822. For example, is a valid Email address. #### AWSIPAddress The AWSIPAddress scalar type represents a valid IPv4 or IPv6 address string. #### AWSJSON The AWSJSON scalar type represents a JSON string that complies with RFC 8259. Maps like {\\"upvotes\\": 10}, lists like \[1,2,3], and scalar values like \\"AWSJSON example string\\", 1, and true are accepted as valid JSON. They will automatically be parsed and loaded in the resolver mapping templates as Maps, Lists, or Scalar values rather than as the literal input strings. Invalid JSON strings like {a: 1}, {'a': 1} and Unquoted string will throw GraphQL validation errors. #### AWSPhone The AWSPhone scalar type represents a valid Phone Number. Phone numbers are serialized and deserialized as Strings. Phone numbers provided may be whitespace delimited or hyphenated. The number can specify a country code at the beginning but this is not required. #### AWSTime The AWSTime scalar type represents a valid extended ISO 8601 Time string. In other words, this scalar type accepts time strings of the form hh:mm:ss.sss. The field after the seconds field is a nanoseconds field. It can accept between 1 and 9 digits. The seconds and nanoseconds fields are optional (the seconds field must be specified if the nanoseconds field is to be used). This scalar type can also accept time zone offsets. For example, 12:30Z, 12:30:24-07:00 and 12:30:24.500+05:30 are all valid time strings. The time zone offset must either be Z (representing the UTC time zone) or be in the format hh:mm:ss. The seconds field in the timezone offset will be considered valid even though it is not part of the ISO 8601 standard. #### AWSTimestamp The AWSTimestamp scalar type represents the number of seconds that have elapsed since 1970-01-01T00:00Z. Timestamps are serialized and deserialized as numbers. Negative values are also accepted and these represent the number of seconds till 1970-01-01T00:00Z. #### AWSURL The AWSURL scalar type represents a valid URL string. The URL may use any scheme and may also be a local URL (Ex: ). URLs without schemes are considered invalid. URLs which contain double slashes are also considered invalid. #### Boolean The `Boolean` scalar type represents `true` or `false`. #### Float The `Float` scalar type represents signed double-precision fractional values as specified by [IEEE 754](https://en.wikipedia.org/wiki/IEEE_floating_point). #### ID The `ID` scalar type represents a unique identifier, often used to refetch an object or as key for a cache. The ID type appears in a JSON response as a String; however, it is not intended to be human-readable. When expected as an input type, any string (such as `"4"`) or integer (such as `4`) input value will be accepted as an ID. #### Int The `Int` scalar type represents non-fractional signed whole numeric values. Int can represent values between -(2^31) and 2^31 - 1. #### String The `String` scalar type represents textual data, represented as UTF-8 character sequences. The String type is most often used by GraphQL to represent free-form human-readable text.