| title | accessPackageAssignmentRequest: resume |
|---|---|
| description | Resume a user's access package request after waiting for a callback from a custom extension. |
| ms.localizationpriority | medium |
| author | vikama-microsoft |
| ms.subservice | entra-id-governance |
| doc_type | apiPageType |
| ms.date | 11/05/2024 |
Namespace: microsoft.graph
[!INCLUDE beta-disclaimer]
Resume a user's access package request after waiting for a callback from a custom extension.
In Microsoft Entra entitlement management, when an access package policy has been enabled to call out a custom extension and the request processing is waiting for the callback from the customer, the customer can initiate a resume action. It's performed on an accessPackageAssignmentRequest object whose requestStatus is in a WaitingForCallback state.
[!INCLUDE national-cloud-support]
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
[!INCLUDE permissions-table]
[!INCLUDE rbac-entitlement-access-package-assignment-manager-write]
Note
The /accessPackageAssignmentRequests path will be retired soon. Use the /assignmentRequests path instead.
POST /identityGovernance/entitlementManagement/assignmentRequests/{accessPackageAssignmentRequestId}/resume
POST /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/{accessPackageAssignmentRequestId}/resume| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
| Content-Type | application/json. Required. |
In the request body, supply a JSON representation of the parameters.
The following table shows the parameters that can be used with this action.
| Parameter | Type | Description |
|---|---|---|
| source | String | Source from where customer is trying to resume the request, which can be stored in service and will be helpful for auditing. |
| type | String | Indicate at which stage the custom callout extension was executed. The possible values are: microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated, microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestApproved, microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestGranted, microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestRemoved |
| data | accessPackageAssignmentRequestCallbackData | Contains information about the instance of the callout that was made to the customer endpoint. |
If successful, this action returns a 204 No Content response code.
The following example shows a request of a call to resume an access package assignment request that's waiting for a callback.
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests/0e60f18c-b2a0-4887-9da8-da2e30a39d99/resume
Content-Type: application/json
{
"source": "Contoso.SodCheckProcess",
"type": "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",
"data": {
"@odata.type": "microsoft.graph.accessPackageAssignmentRequestCallbackData",
"stage": "assignmentRequestCreated",
"customExtensionStageInstanceId": "957d0c50-466b-4840-bb5b-c92cea7141ff",
"customExtensionStageInstanceDetail": "This user is all verified"
}
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
The following example shows the response.
HTTP/1.1 204 No ContentThe following example shows a request to resume the processing of an access package assignment request by denying the request that's waiting for a callback. A request cannot be denied at the assignmentRequestCreated stage of the callout.
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests/9e60f18c-b2a0-4887-9da8-da2e30a39d99/resume
Content-Type: application/json
{
"source": "Contoso.SodCheckProcess",
"type": "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",
"data": {
"@odata.type": "microsoft.graph.accessPackageAssignmentRequestCallbackData",
"stage": "AssignmentRequestCreated",
"customExtensionStageInstanceId": "857d0c50-466b-4840-bb5b-c92cea7141ff",
"state": "denied",
"customExtensionStageInstanceDetail": "Potential risk user based on the SOD check"
}
}The following example shows the response.
HTTP/1.1 204 No ContentThe following example shows a request of a call to resume an access package assignment request that's waiting for a callback.
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests/0e60f18c-b2a0-4887-9da8-da2e30a39d99/resume
Content-Type: application/json
{
"source": "Contoso.AADProcess",
"type": "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",
"data": {
"@odata.type": "microsoft.graph.accessPackageRequestApprovalStageCallbackConfiguration",
"stage": "assignmentRequestCreated",
"customExtensionStageInstanceId": "7bf58d34-b3f9-4bae-8deb-abcd25cddea1",
"customExtensionStageInstanceDetail": "Completed."
}
}[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
The following example shows the response.
HTTP/1.1 204 No ContentThe following example shows a request of a call to resume an access package assignment request that's waiting for a callback from a custom extension to determine the approver of the access package assignment.
POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentRequests/0e60f18c-b2a0-4887-9da8-da2e30a39d99/resume
Content-Type: application/json
{
"source": "Contoso.CustoEXT",
"type": "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated",
"data": {
"@odata.type": "microsoft.graph.microsoft.graph.assignmentRequestApprovalStageCallbackData",
"approvalStage": {
"durationBeforeAutomaticDenial": "P2D",
"escalationApprovers": [],
"fallbackEscalationApprovers": [],
"fallbackPrimaryApprovers": [],
"isApproverJustificationRequired": false,
"isEscalationEnabled": false,
"primaryApprovers": [
{
"@@odata.type": "#microsoft.graph.singleUser",
"description": "Primary approver of access package assignment.",
"id": "",
"isBackup": false
}
]
},
"customExtensionStageInstanceDetail": "A approval stage from Logic Apps",
"customExtensionStageInstanceId": "@{triggerBody()?['CustomExtensionStageInstanceId']}",
"stage": "assignmentRequestDeterminingApprovalRequirements"
},
"source": "LogicApps",
"type": "microsoft.graph.accessPackageCustomExtensionStage.assignmentRequestCreated"
}
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE snippet-not-available] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
[!INCLUDE sample-code] [!INCLUDE sdk-documentation]
The following example shows the response.
HTTP/1.1 204 No Content