Cloud Administration Generate Enrollment Code API
a month ago

Cloud Administration Generate Enrollment Code API

Use the Cloud Administration Generate Enrollment Code API to generate the verification code for admin-assisted secure enrollment for a list of users.

For information about managing access to this API, see Accessing the Cloud Administration APIs.

Authentication

Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For instructions on using this token, see Authentication for the Cloud Administration APIs.

Software Developer Kit

You can download the API Software Developer Kit (SDK) from Cloud Administration REST API Download.

Request Requirements

Use the following information to generate a verification code for a user.

ActionMethodRequest URLResponse Content TypeResponse BodyResponse Codes
Code Generation for Secure Enrollment POSTAdminInterface/restapi/v1/users/generateVerifyCode/enroll application/json json 1000, 1001, 1002, 1003, 1004, 1005, 1006

Example Request Data

The following example displays a request.

POST /AdminInterface/restapi/v1/users/generateVerifyCode/enroll

Accept: application/json

Authorization: Bearer <JWT token>

Request Body Parameters

The following table describes the request body parameters.

Request ParameterDescriptionRequired?Default ValueData Type
emailUser's email address.Yes String
custom_emailEmail address to which the code will be sent. If left blank and "code_send_to" is set to EMAIL, the generated code will be sent to the user's email address associated with their account.OPTIONAL nullString
code_validityValidity duration of the generated code (minimum 10 minutes, maximum 24 hours). Must be provided along with "validity_time_duration_unit."OPTIONAL"10" String
validity_time_duration_unit Time unit for the validity duration, unit must be MIN for minutes or HOUR for hours. Must be provided along with "code_validity".OPTIONAL"MIN"String
code_send_to

Mode that determines how the code will be sent. If the value is 'DISPLAY' or 'EMAIL', the following describes the mode:

  • DISPLAY: The code will be included in the response.

  • EMAIL: The code will be sent through email. if 'custom_email' is not specified, the code will be sent to the user's email address associated with their account.

OPTIONAL"DISPLAY" String

Example Request Body

The following example request body

[{
        "email": "local_rsa_unified@example.com"
    }, {
        "email": "administrator@example.com",
        "custom_email": "administrator.admin@example.com",
        "code_send_to": "EMAIL"
    }, {
        "email": "ADUser@example.com",
        "code_send_to": "DISPLAY"
    }, {
        "email": "alice@example.com",
        "code_send_to": "DISPLAY"
    }, {
        "email": "amuser@example.com",
        "code_send_to": "DISPLAY"
    }, {
        "email": "AMViaPref0@example.com",
        "code_send_to": "DISPLAY"
    }
]

Example Response Body

The following example response shows verification code for all users when generated successfully.

[{
        "status": 1006,
        "errorMessage": "Code generation is not allowed, please check the configuration settings.",
        "userDetailsRequestForVerifyCodeGeneration": {
            "email": "local_rsa_unified@example.com",
            "code_validity": "10",
            "validity_time_duration_unit": "MIN",
            "code_send_to": "DISPLAY"
        }
    }, {
        "status": 1005,
        "errorMessage": "Unable to send Email, please check \"Company Settings\".",
        "userDetailsRequestForVerifyCodeGeneration": {
            "email": "administrator@example.com",
            "custom_email": "administrator.admin@example.com",
            "code_validity": "10",
            "validity_time_duration_unit": "MIN",
            "code_send_to": "EMAIL"
        }
    }, {
        "status": 1000,
        "errorMessage": "Code Successfully generated. ",
        "userDetailsRequestForVerifyCodeGeneration": {
            "email": "ADUser@example.com",
            "code_validity": "10",
            "validity_time_duration_unit": "MIN",
            "code_send_to": "DISPLAY"
        },
        "verify_code": "629211156",
        "verify_code_validity_time": "2023-07-25 05:55:23 UTC",
        "verify_code_generation_mode": "ENROLLMENT",
        "verification_Link": "https://thr-qd4-ngx-00.auth-dev.securid.com/enroll/admin"
    }, {
        "status": 1000,
        "errorMessage": "Code Successfully generated. ",
        "userDetailsRequestForVerifyCodeGeneration": {
            "email": "alice@example.com",
            "code_validity": "10",
            "validity_time_duration_unit": "MIN",
            "code_send_to": "DISPLAY"
        },
        "verify_code": "628078239",
        "verify_code_validity_time": "2023-07-25 05:55:23 UTC",
        "verify_code_generation_mode": "ENROLLMENT",
        "verification_Link": "https://thr-qd4-ngx-00.auth-dev.securid.com/enroll/admin"
    }, {
        "status": 1000,
        "errorMessage": "Code Successfully generated. ",
        "userDetailsRequestForVerifyCodeGeneration": {
            "email": "amuser@example.com",
            "code_validity": "10",
            "validity_time_duration_unit": "MIN",
            "code_send_to": "DISPLAY"
        },
        "verify_code": "977790778",
        "verify_code_validity_time": "2023-07-25 05:55:23 UTC",
        "verify_code_generation_mode": "ENROLLMENT",
        "verification_Link": "https://thr-qd4-ngx-00.auth-dev.securid.com/enroll/admin"
    }, {
        "status": 1000,
        "errorMessage": "Code Successfully generated. ",
        "userDetailsRequestForVerifyCodeGeneration": {
            "email": "AMViaPref0@example.com",
            "code_validity": "10",
            "validity_time_duration_unit": "MIN",
            "code_send_to": "DISPLAY"
        },
        "verify_code": "318206185",
        "verify_code_validity_time": "2023-07-25 05:55:23 UTC",
        "verify_code_generation_mode": "ENROLLMENT",
        "verification_Link": "https://thr-qd4-ngx-00.auth-dev.securid.com/enroll/admin"
    }
]

Note:  If the request contains any duplicate user information, the duplicates will be filtered and the code will be generated only once in the response.

Example Request Body with Duplicate Entries

[{
        "email": "administrator@example.com",
        "custom_email": "administrator.admin@example.com",
        "code_send_to": "EMAIL"
    }, {
        "email": "administrator@example.com",
        "custom_email": "administrator.admin@example.com",
        "code_send_to": "EMAIL"
    }, {
        "email": "dummyUser@example.com",
        "custom_email": "noemail@example.com",
        "code_send_to": "EMAIL"
    },
]

Example Response Body After Filtering Duplicate Entries

[{
        "status": 1000,
        "errorMessage": "Code Successfully generated. ",
        "userDetailsRequestForVerifyCodeGeneration": {
            "email": "administrator@example.com",
            "custom_email": "administrator.admin@example.com",
            "code_validity": "10",
            "validity_time_duration_unit": "MIN",
            "code_send_to": "EMAIL"
        }
    }, {
        "status": 1000,
        "errorMessage": "Code Successfully generated. ",
        "userDetailsRequestForVerifyCodeGeneration": {
            "email": "dummyUser@example.com",
            "custom_email": "noemail@example.com",
            "code_validity": "10",
            "validity_time_duration_unit": "MIN",
            "code_send_to": "EMAIL"
        }
    }
]

Response Property Descriptions

The following table shows response property descriptions and the associated data types.

PropertyDescriptionData Type
statusStatus of the Response.Number
userDetailsRequestForVerifyCodeGeneration Users Details used for generating the code.Array
verify_codeCode generated for the specified mode.String
verify_code_validity_timeExpiration time of the code generated.String
verify_code_generation_mode Mode of the code generation used.String
verification_LinkLink to authenticate the user with the generated code.String

Response Codes

The following table shows response codes and descriptions for this API.

CodeDescription
400Bad request caused by the following:
Number of users exceeds maximum allowed value of 100.
{ "code": "400 BAD_REQUEST", "description": "Number of user details (178) in request exceeds maximum allowed (100)" }
429Too many requests.
1000Successfully generated the code (Secure Enrollment).
1001Some unexpected internal error. Cannot generate the code.
1002

User is not found /valid for the following reasons:

  • User is present in Identity Sources but not synced with Cloud Access Service (CAS).

  • User is not present in Identity Sources.

1003 Invalid format of email address.
1004

Request validation error caused by:

  • Validity duration is less than 0 seconds or greater than 86400 seconds.

  • Time unit of the Validity is not valid. It must be MIN or HOUR.

  • Validity duration is not in valid format.

1005

Not able to send the code via Email if the specific option to send the email is not configured properly on the My Account > Company Settings page.

1006

Code Generation for secure enrollment is not possible for the following reasons:

  • My Page is disabled.

  • The "Enroll" option is disabled.

  • The user is disabled.

  • User has at least a device enrolled, and then the enrollment code cannot be generated.

Don't see what you're looking for?