Palo Alto Networks

Identity Security Posture Management API

A REST API within the SaaS Security Posture Management framework providing security-related metrics and configurations for user and service accounts across SaaS environments. The API enables security teams to monitor, analyze, and respond to identity-related risks by connecting users, permissions, activities, and security configurations.

Documentation GitHub OpenAPI

Documentation

https://pan.dev/sase/api/identity-sspm/

Specifications

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/openapi/palo-alto-identity-security-posture-management-api-openapi-original.yml

Examples

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-create-ticket-request-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-download-csv-request-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-feature-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-feature-state-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-idp-info-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-instant-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-list-response-idp-info-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-list-response-map-string-object-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-list-response-mfa-activity-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-list-response-saa-s-account-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-list-response-saa-s-activity-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-list-response-saa-s-instance-info-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-list-response-ticket-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-mfa-activity-count-by-app-type-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-mfa-activity-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-remediation-request-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-saa-s-account-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-saa-s-activity-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-saa-s-instance-info-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-ticket-example.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/examples/identity-security-posture-management-api-unlink-ticket-request-example.json

Schemas & Data

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-create-ticket-request-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-download-csv-request-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-feature-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-feature-state-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-idp-info-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-instant-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-list-response-idp-info-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-list-response-map-string-object-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-list-response-mfa-activity-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-list-response-saa-s-account-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-list-response-saa-s-activity-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-list-response-saa-s-instance-info-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-list-response-ticket-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-mfa-activity-count-by-app-type-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-mfa-activity-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-remediation-request-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-saa-s-account-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-saa-s-activity-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-saa-s-instance-info-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-ticket-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-schema/identity-security-posture-management-api-unlink-ticket-request-schema.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-create-ticket-request-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-download-csv-request-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-feature-state-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-feature-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-idp-info-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-instant-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-list-response-idp-info-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-list-response-map-string-object-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-list-response-mfa-activity-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-list-response-saa-s-account-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-list-response-saa-s-activity-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-list-response-saa-s-instance-info-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-list-response-ticket-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-mfa-activity-count-by-app-type-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-mfa-activity-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-remediation-request-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-saa-s-account-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-saa-s-activity-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-saa-s-instance-info-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-ticket-structure.json

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-structure/identity-security-posture-management-api-unlink-ticket-request-structure.json

Other Resources

https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/json-ld/palo-alto-identity-security-posture-management-api-context.jsonld

OpenAPI Specification

openapi: 3.0.3
info:
  title: Incident Security Service Posture Management API
  version: '1.0'
  description: "Endpoint to retrieve Identity Posture Security information This Open API spec file was created on July 01, 2025. © 2025 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark
    of Palo Alto Networks. A list of our trademarks can be found at [https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html). All other marks
    mentioned herein may be trademarks of their respective companies."
servers:
- url: https://api.sase.paloaltonetworks.com
- url: https://api.strata.paloaltonetworks.com
components:
  schemas:
    CreateTicketRequest:
      required:
      - resourceIds
      - feature
      - integrationId
      - type
      - issueTypeId
      - summary
      type: object
      properties:
        resourceIds:
          type: array
          items:
            type: string
          example: &id009
          - example-resourceIds_item
          - example-resourceIds_item
        feature:
          $ref: '#/components/schemas/Feature'
        integrationId:
          type: string
          example: '834310'
        type:
          type: string
          example: advanced
        issueTypeId:
          type: string
          example: '702842'
        summary:
          type: string
          example: Threat Security malware network rule threat on network threat policy.
        description:
          type: string
          example: Configured incident applied traffic endpoint monitoring rule.
        settings:
          type: object
          additionalProperties:
            type: string
          example: &id010 {}
    DownloadCsvRequest:
      required:
      - userFullName
      - userEmail
      - service
      type: object
      properties:
        userFullName:
          type: string
          example: soc-analyst
        userEmail:
          type: string
          example: example-userEmail
        service:
          type: string
          example: example-service
    Feature:
      enum:
      - ENROLLMENT
      - ACTIVITY
      - LOGOUT
      - IDENTITY_NHI
      - IDENTITY_ACTIVITY
      type: string
    FeatureState:
      type: object
      properties:
        status:
          type: string
          example: enabled
        lastScannedAt:
          $ref: '#/components/schemas/Instant'
    IdpInfo:
      type: object
      properties:
        displayName:
          type: string
          example: Branch Sensor 08
        idpId:
          type: string
          example: '800802'
        appType:
          type: string
          example: standard
    Instant:
      format: date-time
      type: string
      example: &id001 2022-03-10 16:15:50+00:00
    ListResponseIdpInfo:
      type: object
      properties:
        total:
          format: int64
          type: integer
          example: 620
        items:
          type: array
          items:
            $ref: '#/components/schemas/IdpInfo'
          example: &id002
          - displayName: Branch Sensor 08
            idpId: '800802'
            appType: standard
    ListResponseMapStringObject:
      type: object
      properties:
        total:
          format: int64
          type: integer
          example: 300
        items:
          type: array
          items:
            type: object
          example: &id012
          - {}
          - {}
    ListResponseMfaActivity:
      type: object
      properties:
        total:
          format: int64
          type: integer
          example: 724
        items:
          type: array
          items:
            $ref: '#/components/schemas/MfaActivity'
          example: &id004
          - id: example-id
            tenant: example-tenant
            userId: '820434'
            idpId: '389141'
            idpType: custom
            mfaStrength: example-mfaStrength
            admin: true
            appType: advanced
            appId: '226503'
            timestamp: *id001
            mfaFactors: example-mfaFactors
            saasProviderMfaType: custom
            fullName: Corporate Sensor 50
            email: [email protected]
            ipAddress: 10.129.29.50
            location: example-location
            ticketKey: example-ticketKey
            ticketUrl: example-ticketUrl
          - id: example-id
            tenant: example-tenant
            userId: '829660'
            idpId: '133263'
            idpType: standard
            mfaStrength: example-mfaStrength
            admin: true
            appType: advanced
            appId: '947066'
            timestamp: *id001
            mfaFactors: example-mfaFactors
            saasProviderMfaType: standard
            fullName: Corporate Firewall 28
            email: [email protected]
            ipAddress: 10.81.194.228
            location: example-location
            ticketKey: example-ticketKey
            ticketUrl: example-ticketUrl
    ListResponseSaaSAccount:
      type: object
      properties:
        total:
          format: int64
          type: integer
          example: 36
        items:
          type: array
          items:
            $ref: '#/components/schemas/SaaSAccount'
          example: &id006
          - id: example-id
            saasProviderId: '593378'
            tenant: example-tenant
            saasInstanceId: '357865'
            jobId: '954046'
            appId: '116192'
            appType: standard
            accountType: custom
            accountName: Primary Sensor 93
            email: [email protected]
            isLocal: true
            isOrphaned: false
            isElevated: true
            ticketKey: example-ticketKey
            ticketUrl: example-ticketUrl
            roles: example-roles
            creator: example-creator
            linkedHumanAccounts: example-linkedHumanAccounts
            saasProviderNhiName: Staging Policy 58
            lastModifiedTime: *id001
            lastLoginTime: *id001
            isNonHuman: false
            createdTime: *id001
            latestScanTime: *id001
            lastCredentialsRotated: *id001
            rotatedBy: example-rotatedBy
            githubOrgName: Corporate Sensor 58
            credentialsExpiresAt: *id001
          - id: example-id
            saasProviderId: '168374'
            tenant: example-tenant
            saasInstanceId: '608799'
            jobId: '926117'
            appId: '762667'
            appType: standard
            accountType: advanced
            accountName: Staging Agent 78
            email: [email protected]
            isLocal: true
            isOrphaned: false
            isElevated: false
            ticketKey: example-ticketKey
            ticketUrl: example-ticketUrl
            roles: example-roles
            creator: example-creator
            linkedHumanAccounts: example-linkedHumanAccounts
            saasProviderNhiName: Branch Sensor 45
            lastModifiedTime: *id001
            lastLoginTime: *id001
            isNonHuman: true
            createdTime: *id001
            latestScanTime: *id001
            lastCredentialsRotated: *id001
            rotatedBy: example-rotatedBy
            githubOrgName: Corporate Gateway 50
            credentialsExpiresAt: *id001
    ListResponseSaaSActivity:
      type: object
      properties:
        total:
          format: int64
          type: integer
          example: 758
        items:
          type: array
          items:
            $ref: '#/components/schemas/SaaSActivity'
          example: &id007
          - id: example-id
            userId: '561798'
            tenant: example-tenant
            saasInstanceId: '246211'
            appType: custom
            resourceType: advanced
            resourceName: Staging Agent 22
            activityType: standard
            clientIP: example-clientIP
            location: example-location
            userAgent: example-userAgent
            summary: Configured policy configured configured violation suspicious malware.
            rawData: example-rawData
            activityDateTime: *id001
            createdAt: *id001
          - id: example-id
            userId: '362728'
            tenant: example-tenant
            saasInstanceId: '778286'
            appType: custom
            resourceType: advanced
            resourceName: Primary Gateway 93
            activityType: advanced
            clientIP: example-clientIP
            location: example-location
            userAgent: example-userAgent
            summary: Network incident threat rule investigation endpoint.
            rawData: example-rawData
            activityDateTime: *id001
            createdAt: *id001
    ListResponseSaaSInstanceInfo:
      type: object
      properties:
        total:
          format: int64
          type: integer
          example: 345
        items:
          type: array
          items:
            $ref: '#/components/schemas/SaaSInstanceInfo'
          example: &id005
          - displayName: Production Agent 13
            saasInstanceId: '806450'
            appType: custom
    ListResponseTicket:
      type: object
      properties:
        total:
          format: int64
          type: integer
          example: 998
        items:
          type: array
          items:
            $ref: '#/components/schemas/Ticket'
          example: &id008
          - id: example-id
            tenant: example-tenant
            saasInstanceId: '788637'
            resourceIds: example-resourceIds
            feature: example-feature
            users: example-users
            integrationId: '917387'
            type: custom
            ticketKey: example-ticketKey
            ticketUrl: example-ticketUrl
            summary: Configured applied suspicious violation malware traffic endpoint on.
            createdAt: *id001
          - id: example-id
            tenant: example-tenant
            saasInstanceId: '430821'
            resourceIds: example-resourceIds
            feature: example-feature
            users: example-users
            integrationId: '571142'
            type: advanced
            ticketKey: example-ticketKey
            ticketUrl: example-ticketUrl
            summary: Applied rule investigation applied firewall incident network network Security blocked.
            createdAt: *id001
    MfaActivity:
      type: object
      properties:
        id:
          type: string
          example: example-id
        tenant:
          type: string
          example: example-tenant
        userId:
          type: string
          example: '988415'
        idpId:
          type: string
          example: '797020'
        idpType:
          type: string
          example: custom
        mfaStrength:
          type: string
          example: example-mfaStrength
        admin:
          type: boolean
          example: false
        appType:
          type: string
          example: advanced
        appId:
          type: string
          example: '282235'
        timestamp:
          $ref: '#/components/schemas/Instant'
        mfaFactors:
          type: string
          example: example-mfaFactors
        saasProviderMfaType:
          type: string
          example: advanced
        fullName:
          type: string
          example: Branch Policy 87
        email:
          type: string
          example: [email protected]
        ipAddress:
          type: string
          example: 10.152.115.236
        location:
          type: string
          example: example-location
        ticketKey:
          type: string
          example: example-ticketKey
        ticketUrl:
          type: string
          example: example-ticketUrl
    MfaActivityCountByAppType:
      type: object
      properties:
        appType:
          type: string
          example: advanced
        count:
          format: int64
          type: integer
          example: 967
        iconAppType:
          type: string
          example: standard
    RemediationRequest:
      type: object
      properties:
        users:
          type: array
          items:
            type: string
          example: &id003
          - example-users_item
    SaaSAccount:
      type: object
      properties:
        id:
          type: string
          example: example-id
        saasProviderId:
          type: string
          example: '703346'
        tenant:
          type: string
          example: example-tenant
        saasInstanceId:
          type: string
          example: '765566'
        jobId:
          type: string
          example: '560015'
        appId:
          type: string
          example: '648367'
        appType:
          type: string
          example: custom
        accountType:
          type: string
          example: advanced
        accountName:
          type: string
          example: Branch Policy 58
        email:
          type: string
          example: [email protected]
        isLocal:
          type: boolean
          example: false
        isOrphaned:
          type: boolean
          example: true
        isElevated:
          type: boolean
          example: true
        ticketKey:
          type: string
          example: example-ticketKey
        ticketUrl:
          type: string
          example: example-ticketUrl
        roles:
          type: string
          example: example-roles
        creator:
          type: string
          example: example-creator
        linkedHumanAccounts:
          type: string
          example: example-linkedHumanAccounts
        saasProviderNhiName:
          type: string
          example: Production Agent 14
        lastModifiedTime:
          $ref: '#/components/schemas/Instant'
        lastLoginTime:
          $ref: '#/components/schemas/Instant'
        isNonHuman:
          type: boolean
          example: false
        createdTime:
          $ref: '#/components/schemas/Instant'
        latestScanTime:
          $ref: '#/components/schemas/Instant'
        lastCredentialsRotated:
          $ref: '#/components/schemas/Instant'
        rotatedBy:
          type: string
          example: example-rotatedBy
        githubOrgName:
          type: string
          example: Staging Policy 17
        credentialsExpiresAt:
          $ref: '#/components/schemas/Instant'
    SaaSActivity:
      type: object
      properties:
        id:
          type: string
          example: example-id
        userId:
          type: string
          example: '558697'
        tenant:
          type: string
          example: example-tenant
        saasInstanceId:
          type: string
          example: '278773'
        appType:
          type: string
          example: standard
        resourceType:
          type: string
          example: custom
        resourceName:
          type: string
          example: Staging Agent 77
        activityType:
          type: string
          example: advanced
        clientIP:
          type: string
          example: example-clientIP
        location:
          type: string
          example: example-location
        userAgent:
          type: string
          example: example-userAgent
        summary:
          type: string
          example: Traffic network investigation policy applied activity incident incident monitoring suspicious incident.
        rawData:
          type: string
          example: example-rawData
        activityDateTime:
          $ref: '#/components/schemas/Instant'
        createdAt:
          $ref: '#/components/schemas/Instant'
    SaaSInstanceInfo:
      type: object
      properties:
        displayName:
          type: string
          example: Staging Policy 12
        saasInstanceId:
          type: string
          example: '949811'
        appType:
          type: string
          example: advanced
    Ticket:
      type: object
      properties:
        id:
          type: string
          example: example-id
        tenant:
          type: string
          example: example-tenant
        saasInstanceId:
          type: string
          example: '155449'
        resourceIds:
          type: string
          example: example-resourceIds
        feature:
          type: string
          example: example-feature
        users:
          type: string
          example: example-users
        integrationId:
          type: string
          example: '300696'
        type:
          type: string
          example: advanced
        ticketKey:
          type: string
          example: example-ticketKey
        ticketUrl:
          type: string
          example: example-ticketUrl
        summary:
          type: string
          example: Suspicious detected traffic alert investigation endpoint firewall traffic monitoring.
        createdAt:
          $ref: '#/components/schemas/Instant'
    UnlinkTicketRequest:
      required:
      - id
      - feature
      type: object
      properties:
        id:
          type: string
          example: example-id
        resourceIds:
          type: array
          items:
            type: string
          example: &id011
          - example-resourceIds_item
        feature:
          $ref: '#/components/schemas/Feature'
ExternalTags:
  Catalog:
    title: Catalog
    description: Application Catalog
    tags:
    - Catalog
  Identity:
    title: Identity
    description: Identity Provider related API
    tags:
    - Identity
  SaaS Instance:
    title: SaaS Instance
    description: SaaS Instance related API
    tags:
    - SaaS Instance
paths:
  /sspm/identity/v1/catalog/{appType}:
    get:
      summary: Palo Alto Networks Get Application Catalog
      description: "Retrieve application catalog details based on the specified application type. \nThis helps identify supported application types and their available features."
      operationId: catalog_get
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                additionalProperties: {}
              examples:
                CatalogGet200Example:
                  summary: Default catalog_get 200 response
                  x-microcks-default: true
                  value: {}
        '404':
          description: Not Found
      parameters:
      - name: appType
        in: path
        required: true
        schema:
          type: string
        example: standard
      - name: feature
        in: query
        schema:
          type: string
        example: example-feature
      tags:
      - Catalog
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /sspm/identity/v1/idps:
    get:
      summary: Palo Alto Networks Get All Identity Providers
      description: Retrieve a list of identity providers (Identity Providers) configured for the tenant. You can optionally filter the results to view only designated identity providers.
      operationId: idps_get
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponseIdpInfo'
              examples:
                IdpsGet200Example:
                  summary: Default idps_get 200 response
                  x-microcks-default: true
                  value:
                    total: 620
                    items: *id002
        '404':
          description: Not Found
      parameters:
      - name: designated
        in: query
        schema:
          type: boolean
        example: false
      - name: x-ps-tenant
        in: header
        schema:
          type: string
        example: example-x-ps-tenant
      tags:
      - IDP
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    post:
      summary: Palo Alto Networks Create Identity Provider
      description: Create a new identity provider (Identity Provider) entry for the tenant. You can specify the type, identifier, and whether it should be marked as designated.
      operationId: idps_post
      responses:
        '201':
          description: Created
        '400':
          description: Bad Request
      parameters:
      - name: designated
        in: query
        schema:
          type: boolean
        example: true
      - name: idpId
        in: query
        schema:
          type: string
        example: '101857'
      - name: idpType
        in: query
        schema:
          type: string
        example: advanced
      - name: x-ps-tenant
        in: header
        schema:
          type: string
        example: example-x-ps-tenant
      tags:
      - IDP
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /sspm/identity/v1/idps/{idpId}/accounts/logout:
    get:
      summary: Palo Alto Networks Get Logout Status
      description: Retrieve the logout status of user accounts associated with the specified identity provider (Identity Provider). This is useful for tracking the outcome of account logout actions in
        batch operations.
      operationId: idps_accounts_logout_get
      responses:
        '200':
          description: OK
        '404':
          description: Not Found
      parameters:
      - name: idpId
        in: path
        required: true
        schema:
          type: string
        example: '339256'
      - name: batch_id
        in: query
        schema:
          type: string
        example: '465701'
      - name: x-ps-tenant
        in: header
        schema:
          type: string
        example: example-x-ps-tenant
      tags:
      - IDP
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
    post:
      summary: Palo Alto Networks Trigger Account Logout
      description: Initiate a logout request for user accounts associated with the specified identity provider (Identity Provider). This action helps enforce session termination for compliance or 
        security purposes.
      operationId: idps_accounts_logout_post
      responses:
        '200':
          description: OK
        '404':
          description: Not Found
      parameters:
      - name: idpId
        in: path
        required: true
        schema:
          type: string
        example: '650260'
      - name: x-ps-tenant
        in: header
        schema:
          type: string
        example: example-x-ps-tenant
      tags:
      - IDP
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RemediationRequest'
            examples:
              IdpsAccountsLogoutPostRequestExample:
                summary: Default idps_accounts_logout_post request
                x-microcks-default: true
                value:
                  users: *id003
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /sspm/identity/v1/idps/{idpId}/feature_state:
    get:
      summary: Palo Alto Networks Get Identity Provider Feature State
      description: Retrieve the current status and last scan timestamp of a specific feature enabled for the identity provider (Identity Provider). This helps assess feature health and scan recency.
      operationId: idps_feature_state_get
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/FeatureState'
              examples:
                IdpsFeatureStateGet200Example:
                  summary: Default idps_feature_state_get 200 response
                  x-microcks-default: true
                  value:
                    status: enabled
                    lastScannedAt: *id001
        '404':
          description: Not Found
      parameters:
      - name: idpId
        in: path
        required: true
        schema:
          type: string
        example: '359166'
      - name: feature
        in: query
        schema:
          $ref: '#/components/schemas/Feature'
        example: ENROLLMENT
      - name: x-ps-tenant
        in: header
        schema:
          type: string
        example: example-x-ps-tenant
      tags:
      - IDP
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /sspm/identity/v1/idps/{idpId}/idp_accounts/count:
    get:
      summary: Palo Alto Networks Get Identity Provider Account Count
      description: Return the number of user accounts linked to the specified identity provider (Identity Provider). Filtering options can be applied to count specific types of accounts such as 
        orphaned or privileged users.
      operationId: idps_idp_accounts_count_get
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                additionalProperties:
                  format: int64
                  type: integer
              examples:
                IdpsIdpAccountsCountGet200Example:
                  summary: Default idps_idp_accounts_count_get 200 response
                  x-microcks-default: true
                  value: {}
        '404':
          description: Not Found
      parameters:
      - name: idpId
        in: path
        required: true
        schema:
          type: string
        example: '479701'
      - name: filter
        in: query
        schema:
          type: string
        example: example-filter
      - name: x-ps-tenant
        in: header
        schema:
          type: string
        example: example-x-ps-tenant
      tags:
      - IDP
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /sspm/identity/v1/idps/{idpId}/idp_accounts/csv_report:
    post:
      summary: Palo Alto Networks Generate Identity Provider Account CSV Report
      description: Generate a CSV report of accounts associated with the specified identity provider (Identity Provider). The report supports compliance audits and user access reviews.
      operationId: idps_idp_accounts_csv_report_get
      responses:
        '201':
          description: Created
        '400':
          description: Bad Request
      parameters:
      - name: idpId
        in: path
        required: true
        schema:
          type: string
        example: '489324'
      - name: filter
        in: query
        schema:
          type: string
        example: example-filter
      - name: sortBy
        in: query
        schema:
          type: string
        example: example-sortBy
      - name: x-ps-tenant
        in: header
        schema:
          type: string
        example: example-x-ps-tenant
      tags:
      - IDP
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/DownloadCsvRequest'
            examples:
              IdpsIdpAccountsCsvReportGetRequestExample:
                summary: Default idps_idp_accounts_csv_report_get request
                x-microcks-default: true
                value:
                  userFullName: soc-analyst
                  userEmail: example-userEmail
                  service: example-service
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /sspm/identity/v1/idps/{idpId}/mfa_activity:
    get:
      summary: Palo Alto Networks Get Multi-factor Authentication Activity Logs
      description: Retrieve a list of multi-factor authentication (Multi-factor authentication) activities for the specified identity provider (Identity Provider). The logs include user identities, 
        timestamps, IP Address addresses, and Multi-factor authentication methods used.
      operationId: idps_mfa_activity_get
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ListResponseMfaActivity'
              examples:
                IdpsMfaActivityGet200Example:
                  summary: Default idps_mfa_activity_get 200 response
                  x-microcks-default: true
                  value:
                    total: 724
                    items: *id004
        '404':
          description: Not Found
      parameters:
      - name: idpId
        in: path
        required: true
        schema:
          type: string
        example: '701548'
      - name: filter
        in: query
        schema:
          type: string
        example: example-filter
      - name: limit
        in: query
        schema:
          format: int32
          type: integer
        example: 896
      - name: page
        in: query
        schema:
          format: int32
          type: integer
        example: 778
      - name: sortBy
        in: query
        schema:
          type: string
        example: example-sortBy
      - name: x-ps-tenant
        in: header
        schema:
          type: string
        example: example-x-ps-tenant
      tags:
      - IDP
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /sspm/identity/v1/idps/{idpId}/mfa_activity/count:
    get:
      summary: Palo Alto Networks Get Multi-factor Authentication Activity Count
      description: Return the number of multi-factor authentication (Multi-factor authentication) activities recorded for the specified identity provider (Identity Provider). This count helps evaluate
        authentication volume and usage patterns.
      operationId: idps_mfa_activity_count_get
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                additionalProperties:
                  format: int64
                  type: integer
              examples:
                IdpsMfaActivityCountGet200Example:
                  summary: Default idps_mfa_activity_count_get 200 response
                  x-microcks-default: true
                  value: {}
        '404':
          description: Not Found
      parameters:
      - name: idpId
        in: path
        required: true
        schema:
          type: string
        example: '726859'
      - name: filter
        in: query
        schema:
          type: string
        example: example-filter
      - name: x-ps-tenant
        in: header
        schema:
          type: string
        example: example-x-ps-tenant
      tags:
      - IDP
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /sspm/identity/v1/idps/{idpId}/mfa_activity/count_by_app_type:
    get:
      summary: Palo Alto Networks Get Multi-factor Authentication Activity Count by App Type
      description: Return the number of multi-factor authentication (Multi-factor authentication) activities for the specified identity provider (Identity Provider), grouped by application type. This 
        helps analyze authentication trends across different SaaS applications.
      operationId: idps_mfa_activity_count_by_app_type_get
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: array
                items:
                  $ref: '#/components/schemas/MfaActivityCountByAppType'
              examples:
                IdpsMfaActivityCountByAppTypeGet200Example:
                  summary: Default idps_mfa_activity_count_by_app_type_get 200 response
                  x-microcks-default: true
                  value:
                  - appType: advanced
                    count: 967
                    iconAppType: standard
        '404':
          description: Not Found
      parameters:
      - name: idpId
        in: path
        required: true
        schema:
          type: string
        example: '826348'
      - name: filter
        in: query
        schema:
          type: string
        example: example-filter
      - name: limit
        in: query
        schema:
          format: int32
          type: integer
        example: 853
      - name: page
        in: query
        schema:
          format: int32
          type: integer
        example: 567
      - name: x-ps-tenant
        in: header
        schema:
          type: string
        example: example-x-ps-tenant
      tags:
      - IDP
      x-microcks-operation:
        delay: 0
        dispatcher: FALLBACK
  /sspm/identity/v1/idps/{idpId}/mfa_activity/csv_report:
    post:
      summary: Palo Alto Networks Generate Identity Provider Multi-factor Authentication Activity CSV Report
      description: Generate a comma-separated values (CSV) report of multi-factor authen

# --- truncated at 32 KB (48 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/palo-alto-networks/refs/heads/main/openapi/palo-alto-identity-security-posture-management-api-openapi-original.yml