Skip to end of banner
Go to start of banner

Search for Accounts

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Post /GetAllSearchAdvanced

Send a POST request to the GetAllSearchAdvanced() method on the AccountView object to return information about one or more accounts. The information included in the response depends on the range of account properties and parameter values included in the request.

A valid OAuth 2.0 Bearer token is required.

URL

POST https://<FQDN_Of_Your_EmpowerID_Web_Server>/api/webui/v1/AccountView/GetAllSearchAdvanced

Header Key/Value Pairs

Key

Value

Authorization

Bearer <access_token>

X-EmpowerID-API-Key

The API key from the registered OAuth application

Content-Type

application/json

Request Body

The body of the request must include all parameters required by the method and the IncludedProperties object with at least one account property.

Included Properties

Use IncludedProperties to return one or more account properties. Example properties include PersonID, LastName, FirstName, and login. See Person Properties below for a fuller list of properties that can be returned.

Body Parameters

The GetAllSearchAdvanced() method includes a number of parameters that must be included in the body or the request. Use parameters to filter the number of accounts returned by the endpoint.

 View Parameters

AccountStoreID

int

  • Return all accounts with a matching account store ID

  • Set to null to ignore

  • Required

SecurityBoundaryID

int

  • Set to the ID of the Security Boundary to return accounts with a matching Security Boundary ID

  • Set to null to ignore

  • Required

SecurityBoundaryTypeID

int

  • Set to the ID of the Security Boundary Type to return accounts with a matching Security Boundary Type ID

  • Set to null to ignore

  • Required

 View Security Boundary Type IDs

Security Boundary Type ID

Name

0

EmpowerID

1

Active Directory

2

ADAM

3

SUN

4

NOVELL

5

ORACLE

6

OpenLDAP

7

IBM

8

OpenDS

9

SalesForce

10

OpenID

11

Google Apps Domain

12

SAML Application

14

Office 365 Exchange

15

AS400

16

SharePoint

17

LotusNotes

18

Tracking Only System

19

UltiPro

20

Standard Connector

21

Office 365 (MSOL)

22

DAXUser

23

DAXWorker

24

WebExEnterprise

25

Amazon AWS

27

Microsoft Azure

28

Local Windows User

30

Box

32

Oracle Users

33

Linux

34

ServiceNow

35

VMWare

36

Zendesk

40

Radiant Logic

41

SAP-HR

42

SAP-S/4HANA

43

GoogleOAuth

44

LinkedInOAuth

45

GitHubOAuth

46

PaypalOAuth

47

SalesforceOAuth

48

BoxOAuth

49

YahooOAuth

50

YammerOAuth

51

MicrosoftLiveOAuth

52

TwitterOAuth

53

FacebookOAuth

54

ESXI

55

SAPAriba

56

Adobe Experience Cloud

57

Slack

58

RACF (LDAP)

59

IBMDB2

60

SAP HANA DB

61

Azure AD SCIM

62

SCIM Connector

63

Microsoft SQL Server

64

SAP NetWeaver

65

SAP Business Objects

66

SAP Business Partners

67

AzureAD OAuth

68

Workday

69

SPO User Profiles

70

IBM Security Verify Access

72

Salesforce SCIM

AccountTypeID

int

  • Return all accounts with the same Account Type

  • Set to null to ignore

  • Required

ShowSystemAccountsOnly

Boolean

  • Return system accounts only

  • Set to null to ignore

  • Required

ShowSystemBuiltinAccountsOnly

Boolean

  • Return system builtin accounts only

  • Set to null to ignore

  • Required

AccountUsageTypeID

int

  • Return all accounts with the same Account Usage Type

  • Set to null to ignore

  • Required

 View Account Usage Type IDs

Account Usage Type ID

Name

Description

1

Personal Standard

Account that is owned by a person that is not privileged

2

Personal Privileged

Highly privileged account owned by one person

3

Shared Privileged

Non-personal privileged accounts shared by administrators

4

Service

Used by services and processes

5

Application

Used by applications to access databases and other applications

6

Shared Mailbox

Disabled user required for room, equipment, or shared mailboxes

7

Emergency

Emergency or break glass usage accounts

8

Test User

User accounts used for testing purposes

9

Contact

User account used as an email contact

10

Guest

External guest account

11

Computer Administrator

Local Computer Administrator

12

Bot

Bot or non-human agent identity

IsOrphan

Boolean

  • Return accounts without an EmpowerID Person

  • Set to null to ignore

  • Required

Disabled

Boolean

  • Return disabled accounts

  • Set to null to ignore

  • Required

LockedOut

Boolean

  • Return locked out accounts

  • Set to null to ignore

  • Required

NeverLoggedInOnly

Boolean

  • Return accounts that have never logged in to the system

  • Set to null to ignore

  • Required

HideInEmpowerID

Boolean

  • Return accounts that are hidden in EmpowerID

  • Set to null to ingore

OrgZoneID

int

  • Return accounts with a matching OrgZone ID

  • Set to null to ignore

  • Required

PersonID

int

  • Return accounts owned by the person with the specified ID

  • Set to null to ignore

  • Required

ManagerPersonID

int

  • Return accounts whose manager matches the specified ID

  • Set to null to ignore

  • Required

MemberOfGroupID

int

  • Return accounts with membership in the specified group

  • Set to null to ignore

  • Required

columnsToSearch

string

  • Specifies one or more search conditions. Formatted as follows:
    "%[[][[]%<Conditions><Condition PropertyName="\Name of the property to search\" SearchValue="\Value of the property\" Operator=\"Equality\" QuerySuffix=\" Suffix Value \"StartGroupString=\"\" EndGroupString=\"\" /></Conditions>"

  • Required

pageLength

int

  • Specifies the number of accounts to return in the list of accounts

  • Required

resourceTags

String

  • Return accounts with a matching resource tag

  • Required

start

int

  • Specifies the first account in the list of accounts returned by the API; set to 0 to return the first account

  • Required

textToSearch

string

  • Set to AdvancedSearch

  • Required

totalCount

int

  • This is an output parameters that returns the number of accounts matching the search conditions and parameter values.

  • Required

columnsToSearch

The columnsToSearch body parameter is used to return accounts meeting one or more conditions. Each condition specifies a property with a specific value to search and there can be more than one condition. For example, to return a list of accounts with belonging to the “DevDomain1” domain that are currently locked out, the value for columnsToSearch would be set to that shown below.

"%[[][[]%<Conditions><Condition PropertyName=\"NetBiosName\" SearchValue=\"Docs-tracking\" Operator=\"EqualTo\" QuerySuffix=\" AND \" StartGroupString=\"\" EndGroupString=\"\" Index=\"0\" SearchType=\"String\"/><Condition PropertyName=\"LockedOut\" SearchValue=\"true\" Operator=\"EqualTo\" QuerySuffix=\"\" StartGroupString=\"\" EndGroupString=\"\" Index=\"1\" SearchType=\"Boolean\"/></Conditions>"

Remarks

In the above example, columnsToSearch contains two search conditions. The API returns accounts matching both conditions. Each condition includes the PropertyName to search, the SearchValue to search for, an Equality Operator, a QuerySuffix and a SearchType for the relevant data type.

Search Examples

The below examples demonstrate how to use IncludedProperties, parameters, and conditions in columnsToSearch to query the API for a list of accounts matching the search conditions. Attributes returned for each record are set by the properties specified in IncludedProperties.

1️⃣ Set the ShowSystemAccountsOnly parameter to 1 to return a list of system accounts.

{
    "IncludedProperties": [        
        "LogonName",
        "NetBiosName",
        "FriendlyName",      
        "AccountOrganizationStatusFriendlyName",
        "AccountUsageTypeFriendlyName",       
        "ResourceID",
        "AccountID",
        "Name",
        "Description",
        "CreatedDate",
        "ExpiresOn",       
        "AccountStoreFriendlyName",       
    ],
    "Parameters": {
        "AccountTypeID": null,
        "AccountUsageTypeID": null,
        "Disabled": null,
        "HideInEmpowerID": null,
        "IsOrphan": null,
        "LockedOut": null,
        "NeverLoggedInOnly": null,        
        "OrgZoneID": null,
        "SecurityBoundaryID": null,
        "SecurityBoundaryTypeID": null,
        "ShowSystemAccountsOnly": 1,
        "ShowSystemBuiltInAccountsOnly": null,
        "accountStoreID": null,        
        "textToSearch": null,
        "columnsToSearch": "%[[][[]%<Conditions/>",
        "pageLength": 5,
        "resourceTags": null,
        "start": 0,
        "totalCount": null
    }
}

2️⃣ Set the AccountUsageTypeID parameter to 2 and the NeverLoggedInOnly parameter to 1 to return Personal Privileged accounts that have never logged in to the system. 

{
    "IncludedProperties": [        
        "LogonName",
        "NetBiosName",
        "FriendlyName",
        "PersonID",
        "EmpowerIDLogon",
        "AccountOrganizationStatusFriendlyName",
        "AccountUsageTypeFriendlyName",
        "DistinguishedName",
        "LastLogonTime",
        "ValidUntil",
        "ResourceID",
        "AccountID",
        "Name",
        "Description",
        "CreatedDate",
        "ExpiresOn",
        "MustChangePasswordAtNextLogin",
        "LockedOut",
        "CannotChangePassword",
        "PasswordExpires",
        "PasswordLastChanged",
        "PasswordNeverExpires",
        "FirstName",
        "LastName",
        "Officelocation",
        "Location",
        "AccountStoreFriendlyName",
        "Email",
        "StreetAddress",
        "City",
        "State",
        "ZipCode",
        "Country",
        "Company",
        "JobTitle",
        "Department",
        "Telephone",
        "MobileNumber",
        "AccountManagerFriendlyName",
        "PersonOwnerLastAttestationDate",
        "PersonOwnerLastResourceAttestationSnapshotID"
    ],
    "Parameters": {
      "AccountStoreID": null,
        "SecurityBoundaryID": null,
        "SecurityBoundaryTypeID": null,         
        "AccountTypeID": null,
        "ShowSystemAccountsOnly": null,
        "ShowSystemBuiltInAccountsOnly": null,
        "AccountUsageTypeID": 2,
        "IsOrphan": null,
        "Disabled": null,        
        "LockedOut": null,
        "NeverLoggedInOnly": 1, 
        "HideInEmpowerID": null,
        "OrgZoneID": null,
        "PersonID": null,
        "ManagerPersonID": null,
        "MemberOfGroupID": null,
        "columnsToSearch": "%[[][[]%<Conditions/>",
        "textToSearch":"AdvancedSearch",
        "pageLength": 5,
        "resourceTags": null,
        "start": 0,
        "totalCount": null,
    }
}

3️⃣ Use columnsToSearch to return all locked out accounts. Note the PropertyName for the search condition is set to LockedOut, SearchValue is set to True, the Operator is set to EqualTo and the SearchType is Boolean. 

{
    "IncludedProperties": [        
        "LogonName",
        "NetBiosName",
        "FriendlyName",      
        "AccountOrganizationStatusFriendlyName",
        "AccountUsageTypeFriendlyName",       
        "ResourceID",
        "AccountID",
        "Name",
        "Description",
        "CreatedDate",
        "ExpiresOn",       
        "AccountStoreFriendlyName",       
    ],
    "Parameters": {
        "AccountStoreID": null,
        "SecurityBoundaryID": null,
        "SecurityBoundaryTypeID": null,         
        "AccountTypeID": null,
        "ShowSystemAccountsOnly": null,
        "ShowSystemBuiltInAccountsOnly": null,
        "AccountUsageTypeID": null,
        "IsOrphan": null,
        "Disabled": null,        
        "LockedOut": null,
        "NeverLoggedInOnly": null, 
        "HideInEmpowerID": null,
        "OrgZoneID": null,
        "PersonID": null,
        "ManagerPersonID": null,
        "MemberOfGroupID": null,
        "textToSearch":"AdvancedSearch",
        "pageLength": 5,
        "resourceTags": null,
        "start": 0,
        "totalCount": null,
        "columnsToSearch": "%[[][[]%<Conditions><Condition PropertyName=\"LockedOut\" SearchValue=\"true\" Operator=\"EqualTo\" 
                            QuerySuffix=\"\" StartGroupString=\"\" EndGroupString=\"\" Index=\"0\" SearchType=\"Boolean\"/></Conditions>"
    }
}

4️⃣ Set the MemberOfGroupID parameter to the GUID of a specific group to return accounts that are members of the group

{
    "IncludedProperties": [        
        "LogonName",
        "NetBiosName",
        "FriendlyName",      
        "AccountOrganizationStatusFriendlyName",
        "AccountUsageTypeFriendlyName",       
        "ResourceID",
        "AccountID",
        "Name",
        "Description",
        "CreatedDate",
        "ExpiresOn",       
        "AccountStoreFriendlyName",       
    ],
    "Parameters": {
       "AccountStoreID": null,
        "SecurityBoundaryID": null,
        "SecurityBoundaryTypeID": null,         
        "AccountTypeID": null,
        "ShowSystemAccountsOnly": null,
        "ShowSystemBuiltInAccountsOnly": null,
        "AccountUsageTypeID": null,
        "IsOrphan": null,
        "Disabled": null,        
        "LockedOut": null,
        "NeverLoggedInOnly": null, 
        "HideInEmpowerID": null,
        "OrgZoneID": null,
        "PersonID": null,
        "ManagerPersonID": null,
        "MemberOfGroupID": "4E375004-5E6F-415D-B049-4A112C100D12",      
        "textToSearch": null,
        "pageLength": 5,
        "resourceTags": null,
        "start": 0,
        "totalCount": null
        "columnsToSearch": "%[[][[]%<Conditions/>"
    }
}

SearchTerms

Each identity object in the EmpowerID Identity Warehouse has a SearchTerms property with a specific set of search values that can used to return all objects matching those values. For accounts, SearchTerms encompass the Name, FriendlyName, Email, FirstName, LastName, LogonName, and UserPrincipalName properties. When used, the API returns all accounts where the specified search value finds a match in any of those properties. For example, if the search value is set to “Rogers”, the API would return all the following accounts

  • Any account with a match in the name

  • Any account with a match in the friendly name

  • Any account with a match in the first name

  • Any account with a match in the last name

  • Any account with a match in the logon name

  • Any account with a match in the email address

  • Any account with a match in the User Principal Name

The following examples illustrate how to use SearchTerms to return a subset of accounts:

1️⃣ Use SearchTerms to return the Account ID, friendly name, first name, last name, Logon name, EmpowerID Logon, NetBiosName, email address and account manager friendly name for all accounts where the search value is set to "rogers"

{    
    "IncludedProperties": [
        "AccountID",
        "FriendlyName",
        "FirstName",
        "LastName",
        "LogonName",
        "EmpowerIDLogon",
        "NetBiosName",
        "Email",
       "AccountManagerFriendlyName"       
    ],
     "Parameters": {
        "AccountTypeID": null,
        "AccountUsageTypeID": null,
        "Disabled": null,
        "HideInEmpowerID": null,
        "IsOrphan": null,
        "LockedOut": null,
        "NeverLoggedInOnly": null,        
        "OrgZoneID": null,
        "SecurityBoundaryID": null,
        "SecurityBoundaryTypeID": null,
        "ShowSystemAccountsOnly": null,
        "ShowSystemBuiltInAccountsOnly": null,
        "accountStoreID": null,        
        "textToSearch":"AdvancedSearch",
        "pageLength": 5,
        "resourceTags": null,
        "start": 0,
        "totalCount": null,
        "columnsToSearch":"%[[][[]%<Conditions><Condition PropertyName=\"SearchTerms\" SearchValue=\"rogers\" Operator=\"EqualTo\" 
                          QuerySuffix=\"\" StartGroupString=\"\" EndGroupString=\"\" Index=\"0\" SearchType=\"String\"/></Conditions>"
    }
}

The response includes all people matching the search value. Note the properties where the match occurs.

{
    "Tags": [],
    "Data": [
        {
            "AccountID": 7598177,
            "FriendlyName": "Steve Rogers",
            "FirstName": null,
            "LastName": null,
            "LogonName": "steve.rogers",
            "EmpowerIDLogon": null,
            "NetBiosName": "CALDAP-NEW2",
            "Email": null,
            "AccountManagerFriendlyName": null
        },
        {
            "AccountID": 474585,
            "FriendlyName": "RDice",
            "FirstName": "Robert",
            "LastName": "Dice",
            "LogonName": "0xbb25b643614a1b40b1d63f935aa08c62",
            "EmpowerIDLogon": null,
            "NetBiosName": "DEVDOMAIN1",
            "Email": "bdice@rogers.com",
            "AccountManagerFriendlyName": null
        },
        {
            "AccountID": 478601,
            "FriendlyName": "RDice",
            "FirstName": "Robert",
            "LastName": "Dice",
            "LogonName": "0xe419fc6d9da1b24a98d112175396ac6b",
            "EmpowerIDLogon": null,
            "NetBiosName": "DEVDOMAIN1",
            "Email": "bdice@rogers.com",
            "AccountManagerFriendlyName": null
        },
        {
            "AccountID": 490102,
            "FriendlyName": "RDice",
            "FirstName": "Robert",
            "LastName": "Dice",
            "LogonName": "0x658a5369fba3d249ace199425fd428e9",
            "EmpowerIDLogon": null,
            "NetBiosName": "DEVDOMAIN1",
            "Email": "bdice@rogers.com",
            "AccountManagerFriendlyName": null
        },
        {
            "AccountID": 484459,
            "FriendlyName": "Mindi Idell Rogers",
            "FirstName": "atinder",
            "LastName": "IdellRogers",
            "LogonName": "Mindi.IdellRogers",
            "EmpowerIDLogon": "Mindi.IdellRogers",
            "NetBiosName": "DEVDOMAIN1",
            "Email": "Mindi.IdellRogers@omd.com",
            "AccountManagerFriendlyName": null
        }
    ],
    "OutParameters": [
        {
            "Name": "totalCount",
            "Value": 1150
        }
    ]
}

2️⃣ Return all people belonging to the “CALDAP-NEW2” domain with a SearchTerm match equal to "Steve."

{    
    "IncludedProperties": [
        "AccountID",
        "FriendlyName",
        "FirstName",
        "LastName",
        "LogonName",
        "EmpowerIDLogon",
        "NetBiosName",
        "Email",
       "AccountManagerFriendlyName"       
    ],
     "Parameters": {
        "AccountTypeID": null,
        "AccountUsageTypeID": null,
        "Disabled": null,
        "HideInEmpowerID": null,
        "IsOrphan": null,
        "LockedOut": null,
        "NeverLoggedInOnly": null,        
        "OrgZoneID": null,
        "SecurityBoundaryID": null,
        "SecurityBoundaryTypeID": null,
        "ShowSystemAccountsOnly": null,
        "ShowSystemBuiltInAccountsOnly": null,
        "accountStoreID": null,        
        "textToSearch":"AdvancedSearch",
        "pageLength": 5,
        "resourceTags": null,
        "start": 0,
        "totalCount": null,
        "columnsToSearch":"%[[][[]%<Conditions><Condition PropertyName=\"SearchTerms\" SearchValue=\"rogers\" Operator=\"EqualTo\" 
                          QuerySuffix=\" AND \" StartGroupString=\"\" EndGroupString=\"\" Index=\"0\" SearchType=\"String\"/>
                          <Condition PropertyName=\"NetBiosName\" SearchValue=\"CALDAP-NEW2\" Operator=\"EqualTo\" QuerySuffix=\"\" 
                          StartGroupString=\"\" EndGroupString=\"\" Index=\"0\" SearchType=\"String\"/></Conditions>"
    }
}

Sample Responses

  • No labels