Manage IAMs
BIM API reference guide
Last updated
Was this helpful?
BIM API reference guide
Last updated
Was this helpful?
This page details the bim
API, which allows users to programmatically access information about users, their group memberships, and authentications. Most of the actions described here require ADMIN permissions.
Because the BIM endpoint encompasses groups, users, and authentications, there are three workflows.
.
.
.
.
.
.
.
.
POST
/bim/iam/bim/user
Create a new BIM user.
Required Immuta permission: USER_ADMIN
iamid
string
The IAM ID.
Yes
userid
string
The new user's username.
Yes
password
string
The new user's password.
No
profile
array
Information on the new user's name and email.
No
permissions
No
id
integer
The user ID.
iamid
string
The IAM ID.
userid
string
The user's username.
bimAuthorizations
array
The attributes and groups given to the user's BIM profile.
iamAuthorizations
array
The attributes and groups given to the user's external IAM profile.
authorizations
array
The user's groups and attributes.
permissions
array
The user's permissions.
profile
array
Details on the user, including name
, email
, phone
, about
, location
, organization
, position
, preferences
, externalUserIds
, scim
, systemGenerated
, id
, createdAt
, and updatedAt
values.
lastLogin
timestamp
The date the user most recently logged into Immuta.
disabled
boolean
If true
, the user is disabled.
createdAt
timestamp
The date the user was created.
updatedAt
timestamp
The date the user was last updated.
newUserLink
string
A link for the new user to log in and create a password.
emailFailed
boolean
If true
, the login email was unable to be sent to the user's provided email address.
emailSent
boolean
If true
, a login email was sent to the new user.
This example request with the payload below will create a new BIM user with the username charlie.doe@immuta.com
.
GET
/bim/iam/{iamid}/user/authenticate
POST
/bim/iam/{iamid}/user/authenticate
PUT
/bim/iam/{iamid}/user/{userid}/profile
DELETE
/bim/iam/{iamid}/user/{userid}/permissions/{permission}
PUT
/bim/iam/{iamid}/user/{userid}/permissions
PUT
/bim/iam/{iamid}/user/{userid}/password
PUT
/bim/iam/{iamid}/user/{userid}/disable/{disable}
POST
/bim/syncUsers
POST
/iam/{iamId}/sync
PUT
/bim/iam/{iamid}/{modelType}/{modelId}/authorizations/{attributeName}/{attributeValue}
DELETE
/bim/iam/{iamid}/{modelType}/{modelId}/authorizations/{key}/{value}
POST
/bim/iam/bim/user/{userid}/clone
GET
/bim/iam/{iamid}/user/authenticate
Authenticate a user from a 3rd-party identity provider.
iamid
string
The IAM ID.
Yes
This example request
POST
/bim/iam/{iamid}/user/authenticate
Authenticate a user using their username and password and proxying it to the specified IAM service.
iamid
string
The IAM ID.
Yes
username
string
The user's username for the IAM dictated in the request.
Yes
password
string
The user's password for the IAM dictated in the request.
Yes
authenticated
boolean
If true
, the user has been successfully authenticated.
token
string
The user's access token.
tokenExpiration
timestamp
The date the token will expire.
profileId
integer
The user ID.
This example request with the payload below will authenticate the user using the bim
IAM.
Payload example
PUT
/bim/iam/{iamid}/user/{userid}/profile
Update a specified user's profile.
Requirement: USER_ADMIN
Immuta permission or it must be your user profile.
iamid
string
The IAM ID.
Yes
userId
string
The user's username.
Yes
iamid
string
The IAM ID.
No
userid
string
The user's username.
No
string
The user email.
No
phone
string
The user phone number.
No
sqlUser
string
The user's SQL username.
No
about
string
Details about the user to be displayed on their profile.
No
location
string
The user's location.
No
organization
string
The user's organization.
No
position
string
The user's position.
No
externalUserIds
array
A list of the user's external usernames for hdfsUser
, databricksUser
, snowflakeUser
, prestoUser
, asaUser
, and redshiftUser
.
No
preferences
array
No
scim
array
No
profile
array
Details information about the user, including name
, email
, phone
, about
, location
, organization
, position
, preferences
, externalUserIds
, scim
, id
, and the date of creation.
permissions
array
A list of the user's permissions.
iamid
string
The IAM ID.
userid
string
The user's username.
authorizations
array
The user's attributes and groups.
updatedAt
timestamp
The date the user was last updated.
disabled
boolean
If true
, the user is disabled.
lastLogin
timestamp
The date the user last logged in.
bimAuthorizations
array
The attributes and groups given to the user's BIM profile.
iamAuthorizations
array
The attributes and groups given to the user's external IAM profile.
hasLogin
boolean
If true
, the user has logged into Immuta.
This example request will change the location to Boston, MA
for the user with the username jane.doe@immuta.com
.
Payload example
DELETE
/bim/iam/{iamid}/user/{userid}/permissions/{permission}
Remove the specified user's permission.
Required Immuta permission: USER_ADMIN
iamid
string
The IAM ID.
Yes
userid
string
The user's username.
Yes
permission
Yes
id
integer
The user's ID.
iamid
string
The IAM ID.
userid
string
The user's username.
bimAuthorizations
array
The attributes and groups given to the user's BIM profile.
iamAuthorizations
array
The attributes and groups given to the user's external IAM profile.
authorizations
array
Details on the user's groups and attributes.
permissions
array[string]
A list of the user's permissions.
profile
integer
The user's profile ID.
lastLogin
timestamp
The date the user last logged into Immuta.
disabled
boolean
If true
, the user is disabled.
createdAt
timestamp
The date the user was created.
updatedAt
timestamp
The date the user was last updated.
This example request will delete the permission CREATE_DATA_SOURCE_IN_PROJECT
from the user with the username john.doe@immuta.com
.
PUT
/bim/iam/{iamid}/user/{userid}/permissions
Update the specified user's permission.
Required Immuta permission: USER_ADMIN
iamid
string
The IAM ID.
Yes
userid
string
The user's username.
Yes
permissions
Yes
id
integer
The user's ID.
iamid
string
The IAM ID.
userid
string
The user's username.
bimAuthorizations
array
The attributes and groups given to the user's BIM profile.
iamAuthorizations
array
The attributes and groups given to the user's external IAM profile.
authorizations
array
Details on the user's groups and attributes.
permissions
array
A list of the user's permissions.
profile
integer
The user's profile ID.
lastLogin
timestamp
The date the user last logged into Immuta.
disabled
boolean
If true
, the user is disabled.
createdAt
timestamp
The date the user was created.
updatedAt
timestamp
The date the user was last updated.
This example request with the payload below will change to permissions of the user with the username charlie.doe@immuta.com
to CREATE_DATA_SOURCE_IN_PROJECT
, CREATE_PROJECT
, and CREATE_DATA_SOURCE
.
Payload example
PUT
/bim/iam/{iamid}/user/{userid}/password
Update the specified user's password.
Requirement: USER_ADMIN
Immuta permission or it must be your profile.
iamid
string
The IAM ID.
Yes
userid
string
The user's username.
Yes
originalPassword
string
The user's old password.
Yes
password
string
The user's new password.
Yes
success
boolean
If true
, the user's password has been successfully changed to the new password.
This example request with the payload below will change the password of the user with the ID jane.doe@immuta.com
.
Payload example
PUT
/bim/iam/{iamid}/user/{userid}/disable/{disable}
Disable / enable the specified BIM user.
Required Immuta permission: USER_ADMIN
iamid
string
The IAM ID.
Yes
userid
string
The user's username.
Yes
disable
boolean
If true
, the user will be disabled.
Yes
userid
string
The user's username.
disabled
boolean
If true
, the user is disabled.
This example request will disabled the user with the username jane.doe@immuta.com
.
POST
/bim/syncUsers
Sync users from an external IAM.
Required Immuta permission: USER_ADMIN
iamid
string
The external IAM ID.
Yes
This example request will sync the users from the specified external IAM with Immuta.
Payload example
POST
/iam/{iamId}/sync
Sync LDAP users with Immuta.
Required Immuta permission: USER_ADMIN
iamId
string
The external IAM ID.
Yes
dryRun
boolean
If true
, no updates will actually be made.
Yes
iamConfig
array
Details about the IAM configuration, including authenticationOnly
, credentials
, defaultPermissions
, displayName
, id
, ldapSync
, and options
.
No
plugin
string
The type of plugin the IAM uses, ldap
.
No
schema
array
Details about the IAM schema, including group
, profile
, authorizations
, and externalUserIds
.
No
supportedActions
string
No
type