Use a Postman collection for application management

This topic helps you to test the APIs related to CyberArk Identity application management using Postman collection. Postman is an HTTP-testing API application that enables you to monitor requests and responses.

Before you begin

  1. Install Postman from https://www.postman.com/downloads/

  2. Get access to CyberArk Identity tenant

  3. Create a user that has application management administrative rights.

Import the Postman collection

Get started with the Postman collection

Once the Postman collection is imported, pre-fill the following variables to run the collection based on the functionality you want to try out.

Authentication is required to access the APIs related to application management. The authenticated user should contain application management administrative rights to access the APIs.

Variable name Description

tenant_url

 

The URL of the CyberArk Identity tenant. For example:

https://example.my.idaptive.app

https://example.id.cyberark.cloud

The URL will be used for all API requests to CyberArk Identity.

username

The username of the CyberArk Identity directory user

password

The password of the CyberArk Identity directory user

app_key

The application key of the app

The app key can be retrieved from the settings tab of the app once the app is created.

admin_tag

Tags for the applications

description

Description of the application

icon

Icon URL for the application

icon_uri

Icon URL for the application

name

Name for the application

organization_id

The organization ID to which the application should be added

service_name

The application ID for the application

show_in_user_portal

A Boolean value that specifies whether the application should be displayed in the user portal

app_names

The names of the applications that are to be imported from the templates

rights

The rights granted to the user for applications: Grant, View, Manage, Run, and so on

directory_service_uuid

The UUID of the directory service to which the user belongs

tag_names

The tags that need to be added to the applications

Pre-fill the following variables to create or update OpenID Connect applications:

Variable name Description

oidc_allow_login_by

Whether the RP or CyberArk Identity initiates the login

oidc_allow_refresh

A Boolean value to enable/disable refresh tokens

oidc_allow_scope_select

A Boolean value to enable/disable scope selection on the consent pop-up

oidc_client_secret

A unique code that an authorization service issues when the service registers the application

You can think of it as the password for the client application.

oidc_confirm_consent

A Boolean flag to enable/disable OIDC consent

oidc_scope_name

The name of the scope to be added

oidc_scope_type

The type of scope: API/Custom Claims

oidc_allowed_rest_APIs

A list of regexes of the allowed rest APIs

oidc_post_logout_URIs

A list of authorized post-logout URIs

oidc_redirects

A list of authorized redirect URIs

oidc_refresh_token_lifetime

The refresh token lifetime

oidc_token_lifetime

The lifetime of the access and ID tokens

oidc_script

The script to add custom claims

oidc_relying_party_url

The URL of the relying party application

Prefill the following variables to create or update SAML applications:

Variable name Description

saml_spconfig_method

An integer value that takes the SP configuration method

It can either be: 1 - Metadata or 2 - Manual Configuration

saml_spmetadata_url

The SP metadata URL

saml_spmetadata_xml

The SP metadata XML

saml_audience

The SP Entity ID, also known as SP Issuer or Audience

saml_acs_url

The ACS URL

saml_recipient_SameAsAcsUrl

A Boolean value that specifies if the recipient value is the same as the ACS URL

saml_sign_method

The SAML sign method: Either Response, Assertion, or both.

saml_name_id_format

The Format attribute value in the element in the SAML response

Select the NameID format that your service provider specifies to use. If the SP does not specify one, select unspecified.

saml_sp_slo_url

The SP single logout URL

saml_encrypt_assertion

A Boolean value that specifies whether the SAML assertion should be encrypted

saml_encryption_thumbprint

The encryption certificate thumbprint

saml_relay_state

The relay state specified by the SP

saml_authn_context_class

Select the authentication context class that your service provider specifies to use. If the SP does not specify one, select unspecified.

saml_attributes

The SAML attributes that have to be sent in the SAML assertion

saml_script

The script required for more complex logic for attribute mappings for your SAML response

Pre-fill these additional variables to create or update OAuth 2.0 applications along with OIDC applications:

Variable name Description

oauth_allow_public

A Boolean flag that specifies whether public clients should be allowed

This is required for an authorization code with a PKCE flow.

oauth_allowed_auth

The list of allowed grant types

oauth_client_id_type

The type of the client ID: Anything, List, or Confidential Client

oauth_client

A Boolean flag that specifies whether it is an OAuth client

oauth_token_type

 

The type of the OAuth token

There are two types of tokens: JwtRS256 and Opaque.