package main
import(
"context"
"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
"log"
)
func main() {
ctx := context.Background()
s := conductoronesdkgo.New(
conductoronesdkgo.WithSecurity(shared.Security{
BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
Oauth: "<YOUR_OAUTH_HERE>",
}),
)
res, err := s.RoleMiningManagement.CreateAccessProfileFromCohort(ctx, nil)
if err != nil {
log.Fatal(err)
}
if res.CreateAccessProfileFromCohortResponse != nil {
// handle response
}
}import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript";
const conductoroneSDKTypescript = new ConductoroneSDKTypescript({
security: {
bearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
oauth: "<YOUR_OAUTH_HERE>",
},
});
async function run() {
const result = await conductoroneSDKTypescript.roleMiningManagement.createAccessProfileFromCohort();
console.log(result);
}
run();curl --request POST \
--url https://{tenantDomain}.conductor.one/api/v1/role-mining/access-profiles \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"celExpression": "<string>",
"createTasks": true,
"description": "<string>",
"displayName": "<string>",
"enableAutomation": true,
"entitlements": [
{
"appDisplayName": "<string>",
"appId": "<string>",
"appResourceDisplayName": "<string>",
"appResourceTypeDisplayName": "<string>",
"coverage": 123,
"entitlementDisplayName": "<string>",
"entitlementId": "<string>",
"grantedCount": 123,
"riskLevelValueId": "<string>"
}
],
"profileFilters": [
{
"attribute": "<string>",
"values": [
"<string>"
]
}
],
"suggestionId": "<string>"
}
'import requests
url = "https://{tenantDomain}.conductor.one/api/v1/role-mining/access-profiles"
payload = {
"celExpression": "<string>",
"createTasks": True,
"description": "<string>",
"displayName": "<string>",
"enableAutomation": True,
"entitlements": [
{
"appDisplayName": "<string>",
"appId": "<string>",
"appResourceDisplayName": "<string>",
"appResourceTypeDisplayName": "<string>",
"coverage": 123,
"entitlementDisplayName": "<string>",
"entitlementId": "<string>",
"grantedCount": 123,
"riskLevelValueId": "<string>"
}
],
"profileFilters": [
{
"attribute": "<string>",
"values": ["<string>"]
}
],
"suggestionId": "<string>"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
celExpression: '<string>',
createTasks: true,
description: '<string>',
displayName: '<string>',
enableAutomation: true,
entitlements: [
{
appDisplayName: '<string>',
appId: '<string>',
appResourceDisplayName: '<string>',
appResourceTypeDisplayName: '<string>',
coverage: 123,
entitlementDisplayName: '<string>',
entitlementId: '<string>',
grantedCount: 123,
riskLevelValueId: '<string>'
}
],
profileFilters: [{attribute: '<string>', values: ['<string>']}],
suggestionId: '<string>'
})
};
fetch('https://{tenantDomain}.conductor.one/api/v1/role-mining/access-profiles', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{tenantDomain}.conductor.one/api/v1/role-mining/access-profiles",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'celExpression' => '<string>',
'createTasks' => true,
'description' => '<string>',
'displayName' => '<string>',
'enableAutomation' => true,
'entitlements' => [
[
'appDisplayName' => '<string>',
'appId' => '<string>',
'appResourceDisplayName' => '<string>',
'appResourceTypeDisplayName' => '<string>',
'coverage' => 123,
'entitlementDisplayName' => '<string>',
'entitlementId' => '<string>',
'grantedCount' => 123,
'riskLevelValueId' => '<string>'
]
],
'profileFilters' => [
[
'attribute' => '<string>',
'values' => [
'<string>'
]
]
],
'suggestionId' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}HttpResponse<String> response = Unirest.post("https://{tenantDomain}.conductor.one/api/v1/role-mining/access-profiles")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"celExpression\": \"<string>\",\n \"createTasks\": true,\n \"description\": \"<string>\",\n \"displayName\": \"<string>\",\n \"enableAutomation\": true,\n \"entitlements\": [\n {\n \"appDisplayName\": \"<string>\",\n \"appId\": \"<string>\",\n \"appResourceDisplayName\": \"<string>\",\n \"appResourceTypeDisplayName\": \"<string>\",\n \"coverage\": 123,\n \"entitlementDisplayName\": \"<string>\",\n \"entitlementId\": \"<string>\",\n \"grantedCount\": 123,\n \"riskLevelValueId\": \"<string>\"\n }\n ],\n \"profileFilters\": [\n {\n \"attribute\": \"<string>\",\n \"values\": [\n \"<string>\"\n ]\n }\n ],\n \"suggestionId\": \"<string>\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://{tenantDomain}.conductor.one/api/v1/role-mining/access-profiles")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"celExpression\": \"<string>\",\n \"createTasks\": true,\n \"description\": \"<string>\",\n \"displayName\": \"<string>\",\n \"enableAutomation\": true,\n \"entitlements\": [\n {\n \"appDisplayName\": \"<string>\",\n \"appId\": \"<string>\",\n \"appResourceDisplayName\": \"<string>\",\n \"appResourceTypeDisplayName\": \"<string>\",\n \"coverage\": 123,\n \"entitlementDisplayName\": \"<string>\",\n \"entitlementId\": \"<string>\",\n \"grantedCount\": 123,\n \"riskLevelValueId\": \"<string>\"\n }\n ],\n \"profileFilters\": [\n {\n \"attribute\": \"<string>\",\n \"values\": [\n \"<string>\"\n ]\n }\n ],\n \"suggestionId\": \"<string>\"\n}"
response = http.request(request)
puts response.read_body{
"accessProfileId": "<string>",
"celExpression": "<string>"
}Create Access Profile From Cohort
CreateAccessProfileFromCohort creates an access profile from a cohort definition, adds the specified entitlements, and sets up dynamic membership automation using a CEL expression derived from the profile filters.
package main
import(
"context"
"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
"log"
)
func main() {
ctx := context.Background()
s := conductoronesdkgo.New(
conductoronesdkgo.WithSecurity(shared.Security{
BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
Oauth: "<YOUR_OAUTH_HERE>",
}),
)
res, err := s.RoleMiningManagement.CreateAccessProfileFromCohort(ctx, nil)
if err != nil {
log.Fatal(err)
}
if res.CreateAccessProfileFromCohortResponse != nil {
// handle response
}
}import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript";
const conductoroneSDKTypescript = new ConductoroneSDKTypescript({
security: {
bearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
oauth: "<YOUR_OAUTH_HERE>",
},
});
async function run() {
const result = await conductoroneSDKTypescript.roleMiningManagement.createAccessProfileFromCohort();
console.log(result);
}
run();curl --request POST \
--url https://{tenantDomain}.conductor.one/api/v1/role-mining/access-profiles \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"celExpression": "<string>",
"createTasks": true,
"description": "<string>",
"displayName": "<string>",
"enableAutomation": true,
"entitlements": [
{
"appDisplayName": "<string>",
"appId": "<string>",
"appResourceDisplayName": "<string>",
"appResourceTypeDisplayName": "<string>",
"coverage": 123,
"entitlementDisplayName": "<string>",
"entitlementId": "<string>",
"grantedCount": 123,
"riskLevelValueId": "<string>"
}
],
"profileFilters": [
{
"attribute": "<string>",
"values": [
"<string>"
]
}
],
"suggestionId": "<string>"
}
'import requests
url = "https://{tenantDomain}.conductor.one/api/v1/role-mining/access-profiles"
payload = {
"celExpression": "<string>",
"createTasks": True,
"description": "<string>",
"displayName": "<string>",
"enableAutomation": True,
"entitlements": [
{
"appDisplayName": "<string>",
"appId": "<string>",
"appResourceDisplayName": "<string>",
"appResourceTypeDisplayName": "<string>",
"coverage": 123,
"entitlementDisplayName": "<string>",
"entitlementId": "<string>",
"grantedCount": 123,
"riskLevelValueId": "<string>"
}
],
"profileFilters": [
{
"attribute": "<string>",
"values": ["<string>"]
}
],
"suggestionId": "<string>"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
celExpression: '<string>',
createTasks: true,
description: '<string>',
displayName: '<string>',
enableAutomation: true,
entitlements: [
{
appDisplayName: '<string>',
appId: '<string>',
appResourceDisplayName: '<string>',
appResourceTypeDisplayName: '<string>',
coverage: 123,
entitlementDisplayName: '<string>',
entitlementId: '<string>',
grantedCount: 123,
riskLevelValueId: '<string>'
}
],
profileFilters: [{attribute: '<string>', values: ['<string>']}],
suggestionId: '<string>'
})
};
fetch('https://{tenantDomain}.conductor.one/api/v1/role-mining/access-profiles', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://{tenantDomain}.conductor.one/api/v1/role-mining/access-profiles",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'celExpression' => '<string>',
'createTasks' => true,
'description' => '<string>',
'displayName' => '<string>',
'enableAutomation' => true,
'entitlements' => [
[
'appDisplayName' => '<string>',
'appId' => '<string>',
'appResourceDisplayName' => '<string>',
'appResourceTypeDisplayName' => '<string>',
'coverage' => 123,
'entitlementDisplayName' => '<string>',
'entitlementId' => '<string>',
'grantedCount' => 123,
'riskLevelValueId' => '<string>'
]
],
'profileFilters' => [
[
'attribute' => '<string>',
'values' => [
'<string>'
]
]
],
'suggestionId' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}HttpResponse<String> response = Unirest.post("https://{tenantDomain}.conductor.one/api/v1/role-mining/access-profiles")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"celExpression\": \"<string>\",\n \"createTasks\": true,\n \"description\": \"<string>\",\n \"displayName\": \"<string>\",\n \"enableAutomation\": true,\n \"entitlements\": [\n {\n \"appDisplayName\": \"<string>\",\n \"appId\": \"<string>\",\n \"appResourceDisplayName\": \"<string>\",\n \"appResourceTypeDisplayName\": \"<string>\",\n \"coverage\": 123,\n \"entitlementDisplayName\": \"<string>\",\n \"entitlementId\": \"<string>\",\n \"grantedCount\": 123,\n \"riskLevelValueId\": \"<string>\"\n }\n ],\n \"profileFilters\": [\n {\n \"attribute\": \"<string>\",\n \"values\": [\n \"<string>\"\n ]\n }\n ],\n \"suggestionId\": \"<string>\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://{tenantDomain}.conductor.one/api/v1/role-mining/access-profiles")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"celExpression\": \"<string>\",\n \"createTasks\": true,\n \"description\": \"<string>\",\n \"displayName\": \"<string>\",\n \"enableAutomation\": true,\n \"entitlements\": [\n {\n \"appDisplayName\": \"<string>\",\n \"appId\": \"<string>\",\n \"appResourceDisplayName\": \"<string>\",\n \"appResourceTypeDisplayName\": \"<string>\",\n \"coverage\": 123,\n \"entitlementDisplayName\": \"<string>\",\n \"entitlementId\": \"<string>\",\n \"grantedCount\": 123,\n \"riskLevelValueId\": \"<string>\"\n }\n ],\n \"profileFilters\": [\n {\n \"attribute\": \"<string>\",\n \"values\": [\n \"<string>\"\n ]\n }\n ],\n \"suggestionId\": \"<string>\"\n}"
response = http.request(request)
puts response.read_body{
"accessProfileId": "<string>",
"celExpression": "<string>"
}Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.
Body
The CreateAccessProfileFromCohortRequest message.
Optional CEL expression for dynamic membership. When non-empty, used instead of auto-generating from profile_filters.
If true, the automation will create JIT tasks for access changes. If false, users are synced to membership without creating tasks.
Description for the access profile.
Display name for the access profile.
If true, enable the dynamic membership automation immediately.
Entitlements to add to the access profile.
Show child attributes
Show child attributes
Profile filters defining the cohort for dynamic membership.
Show child attributes
Show child attributes
Optional suggestion ID to mark as accepted after creating the profile.
Was this page helpful?