Cloud Administration Authenticator Details API Version 1

The Cloud Administration Authenticator Details API (Version 1) enables Help Desk Administrators to retrieve user authenticators by providing a User ID.

Note: The API can retrieve all user authenticators for a single user per request. This API does not included SecurID 700 hardware token APIs, for more information, click here.

Authentication

Clients calling this API must authenticate themselves by including a JSON Web Token in a request. For instructions on using this token, see Authentication for the Cloud Administration REST APIs.

Administrative Roles

This API can use an API key that is associated with either the Super Administrator or Help Desk Administrator role. For more information, see Manage the Cloud Administration REST API Keys.

Software Developer Kit

You can download the API Software Developer Kit (SDK) from Cloud Administration REST API Download.

Request Requirements

Use the following information to retrieve information about a particular user's authenticator.

Method Request URL Response Content Type Response Body Response Codes
GET /AdminInterface/restapi/v1/users/<userId>/devices application/json User authenticator details with property 200, 400, 403, 404, 500

Resource Identifier

Resource ID Description Type
<userId> Unique user identifier that is sent in response to the Cloud Administration User Details API. Boolean

Request Parameter

The authenticator details API allows the following parameter:

Request Parameter Description Type
<includeBrowsers> Set to True to include the browser authenticator type, or False to exclude the browser authenticator type. When you omit this identifier, the browser authenticator type is included. Boolean

Example Request Data

The following example displays a request to retrieve all authenticator types other than browser authenticator type.

GET /AdminInterface/restapi/v1/users/<userId>/devices?includeBrowsers=false

Accept: application/json

Authorization: Bearer <JWT token>

The resource identifier <userId> is a unique user identifier that is sent in the response to the SecurID User Details API.

Example Response

The following example response shows the status of a single user's authenticator.

{

"id": "DrT4QEbDIwB2Z1yBUpoC0GSF8MY6GDSex5xlvwH6oOPBFLp-47om_rur3vZ_b52nexoy0SwRASN5zkT8X9-0zg",

"name": "john.doe%40rsa.com's%20FIDO%20token",

"userid": "e71d6d46-0113-495a-9445-b3f71b6e3f36",

"osType": "FIDO Token",

"capabilities": null,

"registeredDate": "2018-09-06T15:34:44.000Z",

"lastUsedDate": "2018-09-06T15:34:44.000Z"

}

Response Property Descriptions

The following table shows response property descriptions and data types.

Property Description Data Type
id Identifies the authenticator. String
name Authenticator name. String
userId Identifies the user associated with this authenticator. String
osType Operating system information related to the authenticator or browser. String

registeredDate

registeredDate (for FIDO authenticator)

Timestamp when the authenticator was registered.

See https://www.w3.org/TR/NOTE-datetime
for information on formatting timestamps in ISO 8601 format.

Timestamp when the FIDO authenticator was registered. For FIDO authenticators, the following fields are created:
_at
registration_time

String
lastUsedDate

Timestamp when the authenticator was last used. See https://www.w3.org/TR/NOTE-datetime
for information on formatting timestamps in ISO 8601 format.

Note: The lastUsedDate is deprecated and may be removed in a future version of the API. This property is retained for backwards compatibility. This value is not accurate and should not be relied upon.

String

Response Codes

The following table shows response codes and descriptions for the Authenticator Details API.

Code Description
200 User and authenticator are successfully found.
400 User ID is not provided as a request identifier.
403 Not authorized to perform the request.
404 User and/or authenticator is not found.
429 Too many requests.
500 Internal error occurred when processing the request.