Advanced Settings

Conditional Access Policy Advanced Settings API for ManageEngine ID360

Download Advanced Settings OpenAPI Document

End Points

GET

/protection/conditional-access-policies/{id}/advanced-settings

PATCH

/protection/conditional-access-policies/{id}/advanced-settings

Attribute

is_captcha_enabled

boolean

Indicates if CAPTCHA is enabled for the policy.

captcha_frequency_type

string

Type of CAPTCHA frequency.

Allowed Values:

always
after_failed_attempts

captcha_failed_attempts_threshold

integer

Number of failed attempts before CAPTCHA is triggered.

is_backup_codes_enabled

boolean

Indicates if backup codes are enabled for the policy.

emailaddress_selection_mode

string

Mode for selecting email addresses.

Allowed Values:

primary
select
input

mobileno_selection_mode

string

Mode for selecting SMS numbers.

Allowed Values:

primary
select
input

endpoint_settings

array

List of endpoint settings for the conditional access policy.

Show Sub-Attributes

endpoint

string

Endpoint for which the policy is applicable.

Allowed Values:

ComputerDevices
NPS
IIS
SSOApplications
IdentityServer

type

string

Type of the endpoint.

ComputerDevices :
- ComputerDevices
NPS :
- NPS_VPN
IIS :
- IIS
SSOApplications :
- SSOApplications
IdentityServer :
- Login
- SensitiveActions

advanced_settings

object

Advanced settings for the endpoint type.

Show Sub-Attributes

mfa_timeout

integer

Timeout for authentication completion in minutes.

mfa_unenrolled_action

string

Allow/Deny access partially enrolled users.

Allowed Values:

allow
deny

mfa_trust

object

Configuration for periodic MFA prompts.

Show Sub-Attributes

is_enabled

boolean

Indicates if periodic MFA prompts are enabled.

initiator_type

string

Type of initiator for the periodic MFA prompts.

Allowed Values:

user
admin

duration

object

Show Sub-Attributes

value

integer

Value of the trust duration.

unit

string

Unit of the trust duration.

Allowed Values:

minutes
hours
days

radius_response_config

object

Configuration for RADIUS response attributes. Only applicable for NPS.

Show Sub-Attributes

vendor_id

string

The unique number that denotes your VPN provider.
Note: In the case of Fortigate, the Vendor ID is 12356. Refer to your VPN provider's documentation to get the Vendor ID.

attributes_list

array

List of RADIUS attributes to be included in the response.

Show Sub-Attributes

type

string

Type of the RADIUS attribute (vendor or standard).

Allowed Values:

vendor
standard

number

integer

Number of the RADIUS attribute.

data_type

string

Data type of the RADIUS attribute.

Allowed Values:

string
integer
enum
ipv4address
ipv6address

value

string

Value of the RADIUS attribute.

notification_template_id

integer

Unique identifier for the notification template.

notification_template

object

Show Sub-Attributes

integer

Unique identifier for the notification template.

name

string

Name of the notification template.

{
    "is_captcha_enabled": true,
    "captcha_frequency_type": "always",
    "captcha_failed_attempts_threshold": 3,
    "is_backup_codes_enabled": false,
    "emailaddress_selection_mode": "primary",
    "mobileno_selection_mode": "select",
    "endpoint_settings": [
        {
            "endpoint": "ComputerDevices",
            "type": "ComputerDevices",
            "advanced_settings": {
                "mfa_timeout": 5,
                "mfa_unenrolled_action": "allow",
                "mfa_trust": {
                    "is_enabled": true,
                    "initiator_type": "user",
                    "duration": {
                        "value": 30,
                        "unit": "minutes"
                    }
                },
                "radius_response_config": {
                    "vendor_id": "12356",
                    "attributes_list": [
                        {
                            "type": "vendor",
                            "number": 12,
                            "data_type": "string",
                            "value": "12"
                        }
                    ]
                },
                "notification_template_id": 200000012544,
                "notification_template": {
                    "id": 200000012544,
                    "name": "Email Verification"
                }
            }
        }
    ]
}

Get Advanced Settings

Retrieve the advanced settings of a specific conditional access policy by ID.
Note: This API is currently internal
OAuth Scope : id360.conditional_access_policy.read,id360.conditional_access_policy.all

Request Example

headers_data = Map();
headers_data.put("Accept", "application/json");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/idp/v1/protection/conditional-access-policies/2000000000001/advanced-settings"
type: GET
headers: headers_data
connection: <connection_name>
];
info response;

OkHttpClient client = new OkHttpClient();

Request request = new Request.Builder()
  .url("https://id360.manageengine.com/idp/v1/protection/conditional-access-policies/2000000000001/advanced-settings")
  .get()
  .addHeader("Accept", "application/json")
  .addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
  .build();

Response response = client.newCall(request).execute();

const options = {
  method: 'GET',
  headers: {
    Accept: 'application/json',
    Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
  }
};

fetch('https://id360.manageengine.com/idp/v1/protection/conditional-access-policies/2000000000001/advanced-settings', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

import http.client

conn = http.client.HTTPSConnection("id360.manageengine.com")

headers = {
    'Accept': "application/json",
    'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
    }

conn.request("GET", "/idp/v1/protection/conditional-access-policies/2000000000001/advanced-settings", headers=headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

const http = require("https");

const options = {
  "method": "GET",
  "hostname": "id360.manageengine.com",
  "port": null,
  "path": "/idp/v1/protection/conditional-access-policies/2000000000001/advanced-settings",
  "headers": {
    "Accept": "application/json",
    "Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
  }
};

const req = http.request(options, function (res) {
  const chunks = [];

  res.on("data", function (chunk) {
    chunks.push(chunk);
  });

  res.on("end", function () {
    const body = Buffer.concat(chunks);
    console.log(body.toString());
  });
});

req.end();

curl --request GET \
  --url https://id360.manageengine.com/idp/v1/protection/conditional-access-policies/2000000000001/advanced-settings \
  --header 'Accept: application/json' \
  --header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'

{
    "is_captcha_enabled": true,
    "captcha_frequency_type": "always",
    "captcha_failed_attempts_threshold": 3,
    "is_backup_codes_enabled": false,
    "emailaddress_selection_mode": "primary",
    "mobileno_selection_mode": "select",
    "endpoint_settings": [
        {
            "endpoint": "ComputerDevices",
            "type": "ComputerDevices",
            "advanced_settings": {
                "mfa_timeout": 5,
                "mfa_unenrolled_action": "allow",
                "mfa_trust": {
                    "is_enabled": true,
                    "initiator_type": "user",
                    "duration": {
                        "value": 30,
                        "unit": "minutes"
                    }
                },
                "radius_response_config": {
                    "vendor_id": "12356",
                    "attributes_list": [
                        {
                            "type": "vendor",
                            "number": 12,
                            "data_type": "string",
                            "value": "12"
                        }
                    ]
                },
                "notification_template": {
                    "id": 200000012544,
                    "name": "Email Verification"
                }
            }
        }
    ]
}

{
    "error": {
        "code": "00000101",
        "title": "Unauthorized",
        "detail": "The OAuth token is invalid."
    }
}

{
    "error": {
        "code": "****",
        "title": "Policy Not Found",
        "detail": "The specified conditional access policy does not exist."
    }
}

{
    "error": {
        "code": "00000000",
        "title": "Internal Server Error",
        "detail": "An unexpected internal error has occurred on the server. Please try again later."
    }
}

Update Advanced Settings

Update the advanced settings of a specific conditional access policy by ID. Note: This API is currently internal
OAuth Scope : id360.conditional_access_policy.update,id360.conditional_access_policy.all'

Arguments

is_captcha_enabled

boolean

Indicates if CAPTCHA is enabled for the policy.

captcha_frequency_type

string

Type of CAPTCHA frequency.

Allowed Values:

always
after_failed_attempts

captcha_failed_attempts_threshold

integer

Number of failed attempts before CAPTCHA is triggered.

is_backup_codes_enabled

boolean

Indicates if backup codes are enabled for the policy.

emailaddress_selection_mode

string

Mode for selecting email addresses.

Allowed Values:

primary
select
input

mobileno_selection_mode

string

Mode for selecting SMS numbers.

Allowed Values:

primary
select
input

endpoint_settings

array

List of endpoint settings for the conditional access policy.

Show Sub-Attributes

endpoint

string

Endpoint for which the policy is applicable.

Allowed Values:

ComputerDevices
NPS
IIS
SSOApplications
IdentityServer

type

string

Type of the endpoint.

ComputerDevices :
- ComputerDevices
NPS :
- NPS_VPN
IIS :
- IIS
SSOApplications :
- SSOApplications
IdentityServer :
- Login
- SensitiveActions

advanced_settings

object

Advanced settings for the endpoint type.

Show Sub-Attributes

mfa_timeout

integer

Timeout for authentication completion in minutes.

mfa_unenrolled_action

string

Allow/Deny access partially enrolled users.

Allowed Values:

allow
deny

mfa_trust

object

Configuration for periodic MFA prompts.

Show Sub-Attributes

is_enabled

boolean

Indicates if periodic MFA prompts are enabled.

initiator_type

string

Type of initiator for the periodic MFA prompts.

Allowed Values:

user
admin

duration

object

Show Sub-Attributes

value

integer

Value of the trust duration.

unit

string

Unit of the trust duration.

Allowed Values:

minutes
hours
days

radius_response_config

object

Configuration for RADIUS response attributes. Only applicable for NPS.

Show Sub-Attributes

vendor_id

string

The unique number that denotes your VPN provider.
Note: In the case of Fortigate, the Vendor ID is 12356. Refer to your VPN provider's documentation to get the Vendor ID.

attributes_list

array

List of RADIUS attributes to be included in the response.

Show Sub-Attributes

type

string

Type of the RADIUS attribute (vendor or standard).

Allowed Values:

vendor
standard

number

integer

Number of the RADIUS attribute.

data_type

string

Data type of the RADIUS attribute.

Allowed Values:

string
integer
enum
ipv4address
ipv6address

value

string

Value of the RADIUS attribute.

notification_template_id

integer

Unique identifier for the notification template.

Request Example

parameters_data='{"is_captcha_enabled":true,"captcha_frequency_type":"always","captcha_failed_attempts_threshold":3,"is_backup_codes_enabled":false,"emailaddress_selection_mode":"primary","mobileno_selection_mode":"select","endpoint_settings":[{"endpoint":"ComputerDevices","type":"ComputerDevices","advanced_settings":{"mfa_timeout":5,"mfa_unenrolled_action":"allow","mfa_trust":{"is_enabled":true,"initiator_type":"user","duration":{"value":30,"unit":"minutes"}},"radius_response_config":{"vendor_id":"12356","attributes_list":[{"type":"vendor","number":12,"data_type":"string","value":"12"}]},"notification_template_id":200000012544}}]}';
headers_data = Map();
headers_data.put("Accept", "application/json");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/idp/v1/protection/conditional-access-policies/2000000000001/advanced-settings"
type: PATCH
headers: headers_data
content-type: application/json
parameters: parameters_data
connection: <connection_name>
];
info response;

OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"is_captcha_enabled\":true,\"captcha_frequency_type\":\"always\",\"captcha_failed_attempts_threshold\":3,\"is_backup_codes_enabled\":false,\"emailaddress_selection_mode\":\"primary\",\"mobileno_selection_mode\":\"select\",\"endpoint_settings\":[{\"endpoint\":\"ComputerDevices\",\"type\":\"ComputerDevices\",\"advanced_settings\":{\"mfa_timeout\":5,\"mfa_unenrolled_action\":\"allow\",\"mfa_trust\":{\"is_enabled\":true,\"initiator_type\":\"user\",\"duration\":{\"value\":30,\"unit\":\"minutes\"}},\"radius_response_config\":{\"vendor_id\":\"12356\",\"attributes_list\":[{\"type\":\"vendor\",\"number\":12,\"data_type\":\"string\",\"value\":\"12\"}]},\"notification_template_id\":200000012544}}]}");
Request request = new Request.Builder()
  .url("https://id360.manageengine.com/idp/v1/protection/conditional-access-policies/2000000000001/advanced-settings")
  .patch(body)
  .addHeader("Accept", "application/json")
  .addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
  .addHeader("content-type", "application/json")
  .build();

Response response = client.newCall(request).execute();

const options = {
  method: 'PATCH',
  headers: {
    Accept: 'application/json',
    Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f',
    'content-type': 'application/json'
  },
  body: '{"is_captcha_enabled":true,"captcha_frequency_type":"always","captcha_failed_attempts_threshold":3,"is_backup_codes_enabled":false,"emailaddress_selection_mode":"primary","mobileno_selection_mode":"select","endpoint_settings":[{"endpoint":"ComputerDevices","type":"ComputerDevices","advanced_settings":{"mfa_timeout":5,"mfa_unenrolled_action":"allow","mfa_trust":{"is_enabled":true,"initiator_type":"user","duration":{"value":30,"unit":"minutes"}},"radius_response_config":{"vendor_id":"12356","attributes_list":[{"type":"vendor","number":12,"data_type":"string","value":"12"}]},"notification_template_id":200000012544}}]}'
};

fetch('https://id360.manageengine.com/idp/v1/protection/conditional-access-policies/2000000000001/advanced-settings', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

import http.client

conn = http.client.HTTPSConnection("id360.manageengine.com")

payload = "{\"is_captcha_enabled\":true,\"captcha_frequency_type\":\"always\",\"captcha_failed_attempts_threshold\":3,\"is_backup_codes_enabled\":false,\"emailaddress_selection_mode\":\"primary\",\"mobileno_selection_mode\":\"select\",\"endpoint_settings\":[{\"endpoint\":\"ComputerDevices\",\"type\":\"ComputerDevices\",\"advanced_settings\":{\"mfa_timeout\":5,\"mfa_unenrolled_action\":\"allow\",\"mfa_trust\":{\"is_enabled\":true,\"initiator_type\":\"user\",\"duration\":{\"value\":30,\"unit\":\"minutes\"}},\"radius_response_config\":{\"vendor_id\":\"12356\",\"attributes_list\":[{\"type\":\"vendor\",\"number\":12,\"data_type\":\"string\",\"value\":\"12\"}]},\"notification_template_id\":200000012544}}]}"

headers = {
    'Accept': "application/json",
    'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
    'content-type': "application/json"
    }

conn.request("PATCH", "/idp/v1/protection/conditional-access-policies/2000000000001/advanced-settings", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

const http = require("https");

const options = {
  "method": "PATCH",
  "hostname": "id360.manageengine.com",
  "port": null,
  "path": "/idp/v1/protection/conditional-access-policies/2000000000001/advanced-settings",
  "headers": {
    "Accept": "application/json",
    "Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
    "content-type": "application/json"
  }
};

const req = http.request(options, function (res) {
  const chunks = [];

  res.on("data", function (chunk) {
    chunks.push(chunk);
  });

  res.on("end", function () {
    const body = Buffer.concat(chunks);
    console.log(body.toString());
  });
});

req.write(JSON.stringify({
  is_captcha_enabled: true,
  captcha_frequency_type: 'always',
  captcha_failed_attempts_threshold: 3,
  is_backup_codes_enabled: false,
  emailaddress_selection_mode: 'primary',
  mobileno_selection_mode: 'select',
  endpoint_settings: [
    {
      endpoint: 'ComputerDevices',
      type: 'ComputerDevices',
      advanced_settings: {
        mfa_timeout: 5,
        mfa_unenrolled_action: 'allow',
        mfa_trust: {
          is_enabled: true,
          initiator_type: 'user',
          duration: {value: 30, unit: 'minutes'}
        },
        radius_response_config: {
          vendor_id: '12356',
          attributes_list: [{type: 'vendor', number: 12, data_type: 'string', value: '12'}]
        },
        notification_template_id: 200000012544
      }
    }
  ]
}));
req.end();

curl --request PATCH \
  --url https://id360.manageengine.com/idp/v1/protection/conditional-access-policies/2000000000001/advanced-settings \
  --header 'Accept: application/json' \
  --header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
  --header 'content-type: application/json' \
  --data '{"is_captcha_enabled":true,"captcha_frequency_type":"always","captcha_failed_attempts_threshold":3,"is_backup_codes_enabled":false,"emailaddress_selection_mode":"primary","mobileno_selection_mode":"select","endpoint_settings":[{"endpoint":"ComputerDevices","type":"ComputerDevices","advanced_settings":{"mfa_timeout":5,"mfa_unenrolled_action":"allow","mfa_trust":{"is_enabled":true,"initiator_type":"user","duration":{"value":30,"unit":"minutes"}},"radius_response_config":{"vendor_id":"12356","attributes_list":[{"type":"vendor","number":12,"data_type":"string","value":"12"}]},"notification_template_id":200000012544}}]}'

{
    "is_captcha_enabled": true,
    "captcha_frequency_type": "always",
    "captcha_failed_attempts_threshold": 3,
    "is_backup_codes_enabled": false,
    "emailaddress_selection_mode": "primary",
    "mobileno_selection_mode": "select",
    "endpoint_settings": [
        {
            "endpoint": "ComputerDevices",
            "type": "ComputerDevices",
            "advanced_settings": {
                "mfa_timeout": 5,
                "mfa_unenrolled_action": "allow",
                "mfa_trust": {
                    "is_enabled": true,
                    "initiator_type": "user",
                    "duration": {
                        "value": 30,
                        "unit": "minutes"
                    }
                },
                "radius_response_config": {
                    "vendor_id": "12356",
                    "attributes_list": [
                        {
                            "type": "vendor",
                            "number": 12,
                            "data_type": "string",
                            "value": "12"
                        }
                    ]
                },
                "notification_template_id": 200000012544
            }
        }
    ]
}

{
    "is_captcha_enabled": true,
    "captcha_frequency_type": "always",
    "captcha_failed_attempts_threshold": 3,
    "is_backup_codes_enabled": false,
    "emailaddress_selection_mode": "primary",
    "mobileno_selection_mode": "select",
    "endpoint_settings": [
        {
            "endpoint": "ComputerDevices",
            "type": "ComputerDevices",
            "advanced_settings": {
                "mfa_timeout": 5,
                "mfa_unenrolled_action": "allow",
                "mfa_trust": {
                    "is_enabled": true,
                    "initiator_type": "user",
                    "duration": {
                        "value": 30,
                        "unit": "minutes"
                    }
                },
                "radius_response_config": {
                    "vendor_id": "12356",
                    "attributes_list": [
                        {
                            "type": "vendor",
                            "number": 12,
                            "data_type": "string",
                            "value": "12"
                        }
                    ]
                },
                "notification_template": {
                    "id": 200000012544,
                    "name": "Email Verification"
                }
            }
        }
    ]
}

{
    "error": {
        "code": "00000101",
        "title": "Unauthorized",
        "detail": "The OAuth token is invalid."
    }
}

{
    "error": {
        "code": "****",
        "title": "Policy Not Found",
        "detail": "The specified conditional access policy does not exist."
    }
}

{
    "error": {
        "code": "00000000",
        "title": "Internal Server Error",
        "detail": "An unexpected internal error has occurred on the server. Please try again later."
    }
}