Conditional Access Policy
Conditional Access Policy API for ManageEngine ID360
Download Conditional Access Policy OpenAPI Document
End Points
List Conditional Access Policies
Create a Conditional Access Policy
Bulk Delete Conditional Access Policies
Get a Conditional Access Policy
Update a Conditional Access Policy
Delete a Conditional Access Policy
Get Conditional Access Policies Priority
Update Conditional Access Policies Priority
Enable a Conditional Access Policy
Disable a Conditional Access Policy
Bulk Enable Conditional Access Policies
Bulk Disable Conditional Access Policies
Attribute
id
string
Unique identifier for the conditional access policy.
name
string
Name of the conditional access policy.
description
string
Description of the conditional access policy.
is_enabled
boolean
Indicates whether the policy is enabled.
user_assignments
object
user_ids
array
List of user IDs assigned to the policy.
group_ids
array
List of group IDs assigned to the policy.
users_count
integer
Total number of users assigned to the policy.
groups_count
integer
Total number of groups assigned to the policy.
access_conditions
object
criteria_expression
string
Expression defining the criteria for the policy.
eg: ((3 and 2) and 1)
eg: ((3 and 2) and 1)
conditions
array
sequence_number
integer
Sequence number of the condition.
factor_type
string
Type of conditional factor.
Allowed Values:
- ipaddress
- geolocation
- time
comparator
string
Comparator for the condition.
Allowed Values:
- in
- not_in
factor_configs
array
List of factor configuration IDs for the condition.
include_all_trusted_sources
boolean
Indicates if all trusted sources are included (applicable only for ipaddress).
access_type
string
Type of access granted by the policy.
Allowed Values:
- allow
- deny
endpoints
array
List of endpoints associated with the policy.
endpoints_settings
array
List of endpoint settings for the conditional access policy.
endpoint
string
Endpoint for which the policy is applicable.
Allowed Values:
- ComputerDevices
- NPS
- IIS
- SSOApplications
- IdentityServer
type
string
Type of the endpoint.
-
ComputerDevices :
- ComputerDevices
-
NPS :
- NPS_VPN
-
IIS :
- IIS
-
SSOApplications :
- SSOApplications
-
IdentityServer :
- Login
- SensitiveActions
device_assignment
object
Configuration for device assignment in the policy. Only applicable for ComputerDevices.
device_ids
array
List of device IDs assigned to the policy.
group_ids
array
List of group IDs assigned to the policy.
all_devices_group_selected
boolean
Indicates if all devices group is selected for the policy.
app_assignment
object
Configuration for application assignment in the policy. Only applicable for SSOApplications.
app_ids
array
List of application IDs assigned to the module.
actions
array
List of actions allowed. Only applicable for ComputerDevices and IdentityServer-SensitiveActions.
Available actions for ComputerDevices:
Available actions for ComputerDevices:
- InteractiveLogon
- MachineUnlock
- RDP
- SSH
- UAC
- Sudo
- delete_users
- delete_groups
- delete_directories
- delete_applications
- admin_dashboard_enrollment
primary_authentication
object
Configuration for primary factors required for the action. Available only for ComputerDevices and IdentityServer-Login.
is_passwordless_enabled
boolean
Indicates if passwordless authentication is enabled.
factor_configs
array
List of factor configurations for primary authentication.
authn_factor_config_id
integer
Unique identifier for the authentication factor configuration.
verification_order
integer
Order of verification for the authentication factor.
secondary_authentication
object
Configuration for secondary factors required for the action. Available for all endpoints.
is_mfa_enabled
boolean
Indicates if multi-factor authentication is enabled for the action.
no_of_required_factors
integer
Minimum number of secondary factors required for the action.
authn_mode
string
Mode of verification for the secondary factor. Available only for NPS.
Allowed Values:
- native
- secure_link
factor_configs
array
List of factor configurations for secondary authentication.
authn_factor_config_id
integer
Unique identifier for the authentication factor configuration.
verification_order
integer
Order of verification for the authentication factor.
is_mandatory
boolean
Indicates if the authentication factor is mandatory.
advanced_settings
object
Advanced settings for the endpoint type.
mfa_timeout
integer
Timeout for authentication completion in minutes.
mfa_unenrolled_action
string
Allow/Deny access partially enrolled users.
Allowed Values:
- allow
- deny
mfa_trust
object
Configuration for periodic MFA prompts.
is_enabled
boolean
Indicates if periodic MFA prompts are enabled.
initiator_type
string
Type of initiator for the periodic MFA prompts.
Allowed Values:
- user
- admin
duration
object
value
integer
Value of the trust duration.
unit
string
Unit of the trust duration.
Allowed Values:
- minutes
- hours
- days
radius_response_config
object
Configuration for RADIUS response attributes. Only applicable for NPS.
vendor_id
string
The unique number that denotes your VPN provider.
Note: In the case of Fortigate, the Vendor ID is 12356. Refer to your VPN provider's documentation to get the Vendor ID.
Note: In the case of Fortigate, the Vendor ID is 12356. Refer to your VPN provider's documentation to get the Vendor ID.
attributes_list
array
List of RADIUS attributes to be included in the response.
type
string
Type of the RADIUS attribute (vendor or standard).
Allowed Values:
- vendor
- standard
number
integer
Number of the RADIUS attribute.
data_type
string
Data type of the RADIUS attribute.
Allowed Values:
- string
- integer
- enum
- ipv4address
- ipv6address
value
string
Value of the RADIUS attribute.
notification_template_id
integer
Unique identifier for the notification template.
notification_template
object
id
integer
Unique identifier for the notification template.
name
string
Name of the notification template.
advanced_settings
object
Advanced settings for conditional access policies.
is_captcha_enabled
boolean
Indicates if CAPTCHA is enabled for the policy.
captcha_frequency_type
string
Type of CAPTCHA frequency.
Allowed Values:
- always
- after_failed_attempts
captcha_failed_attempts_threshold
integer
Number of failed attempts before CAPTCHA is triggered.
is_backup_codes_enabled
boolean
Indicates if backup codes are enabled for the policy.
emailaddress_selection_mode
string
Mode for selecting email addresses.
Allowed Values:
- primary
- select
- input
mobileno_selection_mode
string
Mode for selecting SMS numbers.
Allowed Values:
- primary
- select
- input
{
"id": "2000000000001",
"name": "Policy 01",
"description": "Test Policy",
"is_enabled": true,
"user_assignments": {
"user_ids": [
"2000000092642",
"2000000092643"
],
"group_ids": [
"2000000092616"
],
"users_count": 2,
"groups_count": 1
},
"access_conditions": {
"criteria_expression": "((3 and 2) and 1)",
"conditions": [
{
"sequence_number": 1,
"factor_type": "ipaddress",
"comparator": "in",
"factor_configs": [
"2000000092642",
"2000000092643"
],
"include_all_trusted_sources": true
}
]
},
"access_type": "allow",
"endpoints": [
"ComputerDevices",
"NPS",
"IIS",
"IdentityServer"
],
"endpoints_settings": [
{
"endpoint": "ComputerDevices",
"type": "ComputerDevices",
"device_assignment": {
"device_ids": [
"2000000092642",
"2000000092643"
],
"group_ids": [
"2000000092616",
"2000000092617"
],
"all_devices_group_selected": false
},
"app_assignment": {
"app_ids": [
"2000000092642"
]
},
"actions": [
"InteractiveLogon",
"RDP"
],
"primary_authentication": {
"is_passwordless_enabled": true,
"factor_configs": [
{
"authn_factor_config_id": 200000012544,
"verification_order": 1
}
]
},
"secondary_authentication": {
"is_mfa_enabled": true,
"no_of_required_factors": 1,
"authn_mode": "native",
"factor_configs": [
{
"authn_factor_config_id": 200000012544,
"verification_order": 1,
"is_mandatory": true
}
]
},
"advanced_settings": {
"mfa_timeout": 5,
"mfa_unenrolled_action": "allow",
"mfa_trust": {
"is_enabled": true,
"initiator_type": "user",
"duration": {
"value": 30,
"unit": "minutes"
}
},
"radius_response_config": {
"vendor_id": "12356",
"attributes_list": [
{
"type": "vendor",
"number": 12,
"data_type": "string",
"value": "12"
}
]
},
"notification_template_id": 200000012544,
"notification_template": {
"id": 200000012544,
"name": "Email Verification"
}
}
}
],
"advanced_settings": {
"is_captcha_enabled": true,
"captcha_frequency_type": "always",
"captcha_failed_attempts_threshold": 3,
"is_backup_codes_enabled": false,
"emailaddress_selection_mode": "primary",
"mobileno_selection_mode": "select"
}
}
List Conditional Access Policies
Retrieves a list of conditional access policies.
OAuth Scope : id360.notification_template.read,id360.notification_template.all
Query Parameters
fields
Comma-separated list of fields to include in the response.
eg: id,name,description,is_enabled,assignment,access_type,endpoint_settings,advanced_settings
eg: id,name,description,is_enabled,assignment,access_type,endpoint_settings,advanced_settings
from
Start index for pagination.
limit
Maximum number of records to return in the response.
eg: 50
eg: 50
filter
Filter users based on a the provided SCIM filter query. Refer to filter section for more details
eg: name eq "Policy 01"
eg: name eq "Policy 01"
headers_data = Map();
headers_data.put("Accept", "application/json");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/api/v1/protection/conditional-access-policies"
type: GET
headers: headers_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://id360.manageengine.com/api/v1/protection/conditional-access-policies")
.get()
.addHeader("Accept", "application/json")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'GET',
headers: {
Accept: 'application/json',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
}
};
fetch('https://id360.manageengine.com/api/v1/protection/conditional-access-policies', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("id360.manageengine.com")
headers = {
'Accept': "application/json",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
conn.request("GET", "/api/v1/protection/conditional-access-policies", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "GET",
"hostname": "id360.manageengine.com",
"port": null,
"path": "/api/v1/protection/conditional-access-policies",
"headers": {
"Accept": "application/json",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
curl --request GET \
--url https://id360.manageengine.com/api/v1/protection/conditional-access-policies \
--header 'Accept: application/json' \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
{
"data": [
{
"id": "2000000093001",
"is_enabled": true,
"is_default_policy": true,
"display_name": "Global Policy",
"description": "",
"priority": 2,
"endpoints": [
"All Endpoints"
],
"access_type": "allow",
"is_agent_required": true,
"last_modified_time": "2025-07-08T06:09:47.123Z",
"last_modified_user": "john@mydomain.com"
},
{
"id": "2000000093002",
"is_enabled": true,
"is_default_policy": false,
"display_name": "Policy 01",
"description": "",
"priority": 1,
"user_assignments": {
"users_count": 5,
"groups_count": 2
},
"endpoints": [
"ComputerDevices",
"NPS"
],
"access_type": "allow",
"is_agent_required": true,
"last_modified_time": "2025-07-08T06:09:47.123Z",
"last_modified_user": "jane@mydomain.com"
}
],
"meta": {
"start_index": 1,
"limit": 100,
"total_no_of_objects": 1
}
}
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "The OAuth token is invalid."
}
}
{
"error": {
"code": "00000000",
"title": "Internal Server Error",
"detail": "An unexpected internal error has occurred on the server. Please try again later."
}
}
Create a Conditional Access Policy
Create a conditional access policy.
OAuth Scope : id360.conditional_access_policy.create,id360.conditional_access_policy.all
Arguments
name
string
Name of the conditional access policy.
description
string
Description of the conditional access policy.
is_enabled
boolean
Indicates whether the policy is enabled.
user_assignments
object
user_ids
array
List of user IDs assigned to the policy.
group_ids
array
List of group IDs assigned to the policy.
access_conditions
object
criteria_expression
string
Expression defining the criteria for the policy.
eg: ((3 and 2) and 1)
eg: ((3 and 2) and 1)
conditions
array
sequence_number
integer
Sequence number of the condition.
factor_type
string
Type of conditional factor.
Allowed Values:
- ipaddress
- geolocation
- time
comparator
string
Comparator for the condition.
Allowed Values:
- in
- not_in
factor_configs
array
List of factor configuration IDs for the condition.
include_all_trusted_sources
boolean
Indicates if all trusted sources are included (applicable only for ipaddress).
access_type
string
Type of access granted by the policy.
Allowed Values:
- allow
- deny
endpoints_settings
array
List of endpoint settings for the conditional access policy.
endpoint
string
Endpoint for which the policy is applicable.
Allowed Values:
- ComputerDevices
- NPS
- IIS
- SSOApplications
- IdentityServer
type
string
Type of the endpoint.
-
ComputerDevices :
- ComputerDevices
-
NPS :
- NPS_VPN
-
IIS :
- IIS
-
SSOApplications :
- SSOApplications
-
IdentityServer :
- Login
- SensitiveActions
device_assignment
object
Configuration for device assignment in the policy. Only applicable for ComputerDevices.
device_ids
array
List of device IDs assigned to the policy.
group_ids
array
List of group IDs assigned to the policy.
all_devices_group_selected
boolean
Indicates if all devices group is selected for the policy.
app_assignment
object
Configuration for application assignment in the policy. Only applicable for SSOApplications.
app_ids
array
List of application IDs assigned to the module.
actions
array
List of actions allowed. Only applicable for ComputerDevices and IdentityServer-SensitiveActions.
Available actions for ComputerDevices:
Available actions for ComputerDevices:
- InteractiveLogon
- MachineUnlock
- RDP
- SSH
- UAC
- Sudo
- delete_users
- delete_groups
- delete_directories
- delete_applications
- admin_dashboard_enrollment
primary_authentication
object
Configuration for primary factors required for the action. Available only for ComputerDevices and IdentityServer-Login.
is_passwordless_enabled
boolean
Indicates if passwordless authentication is enabled.
factor_configs
array
List of factor configurations for primary authentication.
authn_factor_config_id
integer
Unique identifier for the authentication factor configuration.
verification_order
integer
Order of verification for the authentication factor.
secondary_authentication
object
Configuration for secondary factors required for the action. Available for all endpoints.
is_mfa_enabled
boolean
Indicates if multi-factor authentication is enabled for the action.
no_of_required_factors
integer
Minimum number of secondary factors required for the action.
authn_mode
string
Mode of verification for the secondary factor. Available only for NPS.
Allowed Values:
- native
- secure_link
factor_configs
array
List of factor configurations for secondary authentication.
authn_factor_config_id
integer
Unique identifier for the authentication factor configuration.
verification_order
integer
Order of verification for the authentication factor.
is_mandatory
boolean
Indicates if the authentication factor is mandatory.
advanced_settings
object
Advanced settings for the endpoint type.
mfa_timeout
integer
Timeout for authentication completion in minutes.
mfa_unenrolled_action
string
Allow/Deny access partially enrolled users.
Allowed Values:
- allow
- deny
mfa_trust
object
Configuration for periodic MFA prompts.
is_enabled
boolean
Indicates if periodic MFA prompts are enabled.
initiator_type
string
Type of initiator for the periodic MFA prompts.
Allowed Values:
- user
- admin
duration
object
value
integer
Value of the trust duration.
unit
string
Unit of the trust duration.
Allowed Values:
- minutes
- hours
- days
radius_response_config
object
Configuration for RADIUS response attributes. Only applicable for NPS.
vendor_id
string
The unique number that denotes your VPN provider.
Note: In the case of Fortigate, the Vendor ID is 12356. Refer to your VPN provider's documentation to get the Vendor ID.
Note: In the case of Fortigate, the Vendor ID is 12356. Refer to your VPN provider's documentation to get the Vendor ID.
attributes_list
array
List of RADIUS attributes to be included in the response.
type
string
Type of the RADIUS attribute (vendor or standard).
Allowed Values:
- vendor
- standard
number
integer
Number of the RADIUS attribute.
data_type
string
Data type of the RADIUS attribute.
Allowed Values:
- string
- integer
- enum
- ipv4address
- ipv6address
value
string
Value of the RADIUS attribute.
notification_template_id
integer
Unique identifier for the notification template.
advanced_settings
object
Advanced settings for conditional access policies.
is_captcha_enabled
boolean
Indicates if CAPTCHA is enabled for the policy.
captcha_frequency_type
string
Type of CAPTCHA frequency.
Allowed Values:
- always
- after_failed_attempts
captcha_failed_attempts_threshold
integer
Number of failed attempts before CAPTCHA is triggered.
is_backup_codes_enabled
boolean
Indicates if backup codes are enabled for the policy.
emailaddress_selection_mode
string
Mode for selecting email addresses.
Allowed Values:
- primary
- select
- input
mobileno_selection_mode
string
Mode for selecting SMS numbers.
Allowed Values:
- primary
- select
- input
parameters_data='{"field1":"value1","field2":"value2"}';
headers_data = Map();
headers_data.put("Accept", "application/json");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/api/v1/protection/conditional-access-policies"
type: POST
headers: headers_data
content-type: application/json
parameters: parameters_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"field1\":\"value1\",\"field2\":\"value2\"}");
Request request = new Request.Builder()
.url("https://id360.manageengine.com/api/v1/protection/conditional-access-policies")
.post(body)
.addHeader("Accept", "application/json")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.addHeader("content-type", "application/json")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'POST',
headers: {
Accept: 'application/json',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f',
'content-type': 'application/json'
},
body: '{"field1":"value1","field2":"value2"}'
};
fetch('https://id360.manageengine.com/api/v1/protection/conditional-access-policies', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("id360.manageengine.com")
payload = "{\"field1\":\"value1\",\"field2\":\"value2\"}"
headers = {
'Accept': "application/json",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
'content-type': "application/json"
}
conn.request("POST", "/api/v1/protection/conditional-access-policies", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "POST",
"hostname": "id360.manageengine.com",
"port": null,
"path": "/api/v1/protection/conditional-access-policies",
"headers": {
"Accept": "application/json",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
"content-type": "application/json"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.write(JSON.stringify({field1: 'value1', field2: 'value2'}));
req.end();
curl --request POST \
--url https://id360.manageengine.com/api/v1/protection/conditional-access-policies \
--header 'Accept: application/json' \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
--header 'content-type: application/json' \
--data '{"field1":"value1","field2":"value2"}'
{
"name": "Policy 01",
"description": "Test Policy",
"is_enabled": true,
"user_assignments": {
"user_ids": [
"2000000092642",
"2000000092643"
],
"group_ids": [
"2000000092616"
]
},
"access_conditions": {
"criteria_expression": "((3 and 2) and 1)",
"conditions": [
{
"sequence_number": 1,
"factor_type": "ipaddress",
"comparator": "in",
"factor_configs": [
"2000000092642",
"2000000092643"
],
"include_all_trusted_sources": true
}
]
},
"access_type": "allow",
"endpoints_settings": [
{
"endpoint": "ComputerDevices",
"type": "ComputerDevices",
"device_assignment": {
"device_ids": [
"2000000092642",
"2000000092643"
],
"group_ids": [
"2000000092616",
"2000000092617"
],
"all_devices_group_selected": false
},
"app_assignment": {
"app_ids": [
"2000000092642"
]
},
"actions": [
"InteractiveLogon",
"RDP"
],
"primary_authentication": {
"is_passwordless_enabled": true,
"factor_configs": [
{
"authn_factor_config_id": 200000012544,
"verification_order": 1
}
]
},
"secondary_authentication": {
"is_mfa_enabled": true,
"no_of_required_factors": 1,
"authn_mode": "native",
"factor_configs": [
{
"authn_factor_config_id": 200000012544,
"verification_order": 1,
"is_mandatory": true
}
]
},
"advanced_settings": {
"mfa_timeout": 5,
"mfa_unenrolled_action": "allow",
"mfa_trust": {
"is_enabled": true,
"initiator_type": "user",
"duration": {
"value": 30,
"unit": "minutes"
}
},
"radius_response_config": {
"vendor_id": "12356",
"attributes_list": [
{
"type": "vendor",
"number": 12,
"data_type": "string",
"value": "12"
}
]
},
"notification_template_id": 200000012544
}
}
],
"advanced_settings": {
"is_captcha_enabled": true,
"captcha_frequency_type": "always",
"captcha_failed_attempts_threshold": 3,
"is_backup_codes_enabled": false,
"emailaddress_selection_mode": "primary",
"mobileno_selection_mode": "select"
}
}
{
"id": "2000000000001",
"name": "Policy 01",
"description": "Test Policy",
"is_enabled": true,
"user_assignments": {
"user_ids": [
"2000000092642",
"2000000092643"
],
"group_ids": [
"2000000092616"
],
"users_count": 2,
"groups_count": 1
},
"access_conditions": {
"criteria_expression": "((3 and 2) and 1)",
"conditions": [
{
"sequence_number": 1,
"factor_type": "ipaddress",
"comparator": "in",
"factor_configs": [
"2000000092642",
"2000000092643"
],
"include_all_trusted_sources": true
}
]
},
"access_type": "allow",
"endpoints": [
"ComputerDevices",
"NPS",
"IIS",
"IdentityServer"
],
"endpoints_settings": [
{
"endpoint": "ComputerDevices",
"type": "ComputerDevices",
"device_assignment": {
"device_ids": [
"2000000092642",
"2000000092643"
],
"group_ids": [
"2000000092616",
"2000000092617"
],
"all_devices_group_selected": false
},
"app_assignment": {
"app_ids": [
"2000000092642"
]
},
"actions": [
"InteractiveLogon",
"RDP"
],
"primary_authentication": {
"is_passwordless_enabled": true,
"factor_configs": [
{
"authn_factor_config_id": 200000012544,
"verification_order": 1
}
]
},
"secondary_authentication": {
"is_mfa_enabled": true,
"no_of_required_factors": 1,
"authn_mode": "native",
"factor_configs": [
{
"authn_factor_config_id": 200000012544,
"verification_order": 1,
"is_mandatory": true
}
]
}
}
]
}
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "The OAuth token is invalid."
}
}
{
"error": {
"code": "00000000",
"title": "Internal Server Error",
"detail": "An unexpected internal error has occurred on the server. Please try again later."
}
}
Bulk Delete Conditional Access Policies
Deletes multiple conditional access policies by IDs.
OAuth Scope : id360.conditional_access_policy.delete,id360.conditional_access_policy.all'
Query Parameters
ids
(Required)
Comma-separated list of IDs to be deleted
headers_data = Map();
headers_data.put("Accept", "application/json");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/api/v1/protection/conditional-access-policies?ids=2000000000001,2000000000002"
type: DELETE
headers: headers_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://id360.manageengine.com/api/v1/protection/conditional-access-policies?ids=2000000000001%2C2000000000002")
.delete(null)
.addHeader("Accept", "application/json")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'DELETE',
headers: {
Accept: 'application/json',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
}
};
fetch('https://id360.manageengine.com/api/v1/protection/conditional-access-policies?ids=2000000000001%2C2000000000002', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("id360.manageengine.com")
headers = {
'Accept': "application/json",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
conn.request("DELETE", "/api/v1/protection/conditional-access-policies?ids=2000000000001%2C2000000000002", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "DELETE",
"hostname": "id360.manageengine.com",
"port": null,
"path": "/api/v1/protection/conditional-access-policies?ids=2000000000001%2C2000000000002",
"headers": {
"Accept": "application/json",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
curl --request DELETE \
--url 'https://id360.manageengine.com/api/v1/protection/conditional-access-policies?ids=2000000000001%2C2000000000002' \
--header 'Accept: application/json' \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
[
{
"resource_id": "2000000000001",
"status": 204
},
{
"resource_id": "2000000000002",
"status": 404,
"error": {
"code": "****",
"title": "Policy Not Found",
"detail": "The specified conditional access policy does not exist."
}
}
]
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "The OAuth token is invalid."
}
}
{
"error": {
"code": "00000000",
"title": "Internal Server Error",
"detail": "An unexpected internal error has occurred on the server. Please try again later."
}
}
Get a Conditional Access Policy
Retrieve a specific conditional access policy by ID.
OAuth Scope : id360.conditional_access_policy.read,id360.conditional_access_policy.all
headers_data = Map();
headers_data.put("Accept", "application/json");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001"
type: GET
headers: headers_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001")
.get()
.addHeader("Accept", "application/json")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'GET',
headers: {
Accept: 'application/json',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
}
};
fetch('https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("id360.manageengine.com")
headers = {
'Accept': "application/json",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
conn.request("GET", "/api/v1/protection/conditional-access-policies/2000000000001", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "GET",
"hostname": "id360.manageengine.com",
"port": null,
"path": "/api/v1/protection/conditional-access-policies/2000000000001",
"headers": {
"Accept": "application/json",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
curl --request GET \
--url https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001 \
--header 'Accept: application/json' \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
{
"id": "2000000000001",
"name": "Policy 01",
"description": "Test Policy",
"is_enabled": true,
"user_assignments": {
"user_ids": [
"2000000092642",
"2000000092643"
],
"group_ids": [
"2000000092616"
],
"users_count": 2,
"groups_count": 1
},
"access_conditions": {
"criteria_expression": "((3 and 2) and 1)",
"conditions": [
{
"sequence_number": 1,
"factor_type": "ipaddress",
"comparator": "in",
"factor_configs": [
"2000000092642",
"2000000092643"
],
"include_all_trusted_sources": true
}
]
},
"access_type": "allow",
"endpoints": [
"ComputerDevices",
"NPS",
"IIS",
"IdentityServer"
],
"endpoints_settings": [
{
"endpoint": "ComputerDevices",
"type": "ComputerDevices",
"device_assignment": {
"device_ids": [
"2000000092642",
"2000000092643"
],
"group_ids": [
"2000000092616",
"2000000092617"
],
"all_devices_group_selected": false
},
"app_assignment": {
"app_ids": [
"2000000092642"
]
},
"actions": [
"InteractiveLogon",
"RDP"
],
"primary_authentication": {
"is_passwordless_enabled": true,
"factor_configs": [
{
"authn_factor_config_id": 200000012544,
"verification_order": 1
}
]
},
"secondary_authentication": {
"is_mfa_enabled": true,
"no_of_required_factors": 1,
"authn_mode": "native",
"factor_configs": [
{
"authn_factor_config_id": 200000012544,
"verification_order": 1,
"is_mandatory": true
}
]
}
}
]
}
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "The OAuth token is invalid."
}
}
{
"error": {
"code": "****",
"title": "Policy Not Found",
"detail": "The specified conditional access policy does not exist."
}
}
{
"error": {
"code": "00000000",
"title": "Internal Server Error",
"detail": "An unexpected internal error has occurred on the server. Please try again later."
}
}
Update a Conditional Access Policy
Update an existing conditional access policy by ID.
OAuth Scope : id360.conditional_access_policy.update,id360.conditional_access_policy.all'
Arguments
name
string
Name of the conditional access policy.
description
string
Description of the conditional access policy.
is_enabled
boolean
Indicates whether the policy is enabled.
user_assignments
object
user_ids
array
List of user IDs assigned to the policy.
group_ids
array
List of group IDs assigned to the policy.
access_conditions
object
criteria_expression
string
Expression defining the criteria for the policy.
eg: ((3 and 2) and 1)
eg: ((3 and 2) and 1)
conditions
array
sequence_number
integer
Sequence number of the condition.
factor_type
string
Type of conditional factor.
Allowed Values:
- ipaddress
- geolocation
- time
comparator
string
Comparator for the condition.
Allowed Values:
- in
- not_in
factor_configs
array
List of factor configuration IDs for the condition.
include_all_trusted_sources
boolean
Indicates if all trusted sources are included (applicable only for ipaddress).
access_type
string
Type of access granted by the policy.
Allowed Values:
- allow
- deny
endpoints_settings
array
List of endpoint settings for the conditional access policy.
endpoint
string
Endpoint for which the policy is applicable.
Allowed Values:
- ComputerDevices
- NPS
- IIS
- SSOApplications
- IdentityServer
type
string
Type of the endpoint.
-
ComputerDevices :
- ComputerDevices
-
NPS :
- NPS_VPN
-
IIS :
- IIS
-
SSOApplications :
- SSOApplications
-
IdentityServer :
- Login
- SensitiveActions
device_assignment
object
Configuration for device assignment in the policy. Only applicable for ComputerDevices.
device_ids
array
List of device IDs assigned to the policy.
group_ids
array
List of group IDs assigned to the policy.
all_devices_group_selected
boolean
Indicates if all devices group is selected for the policy.
app_assignment
object
Configuration for application assignment in the policy. Only applicable for SSOApplications.
app_ids
array
List of application IDs assigned to the module.
actions
array
List of actions allowed. Only applicable for ComputerDevices and IdentityServer-SensitiveActions.
Available actions for ComputerDevices:
Available actions for ComputerDevices:
- InteractiveLogon
- MachineUnlock
- RDP
- SSH
- UAC
- Sudo
- delete_users
- delete_groups
- delete_directories
- delete_applications
- admin_dashboard_enrollment
primary_authentication
object
Configuration for primary factors required for the action. Available only for ComputerDevices and IdentityServer-Login.
is_passwordless_enabled
boolean
Indicates if passwordless authentication is enabled.
factor_configs
array
List of factor configurations for primary authentication.
authn_factor_config_id
integer
Unique identifier for the authentication factor configuration.
verification_order
integer
Order of verification for the authentication factor.
secondary_authentication
object
Configuration for secondary factors required for the action. Available for all endpoints.
is_mfa_enabled
boolean
Indicates if multi-factor authentication is enabled for the action.
no_of_required_factors
integer
Minimum number of secondary factors required for the action.
authn_mode
string
Mode of verification for the secondary factor. Available only for NPS.
Allowed Values:
- native
- secure_link
factor_configs
array
List of factor configurations for secondary authentication.
authn_factor_config_id
integer
Unique identifier for the authentication factor configuration.
verification_order
integer
Order of verification for the authentication factor.
is_mandatory
boolean
Indicates if the authentication factor is mandatory.
advanced_settings
object
Advanced settings for the endpoint type.
mfa_timeout
integer
Timeout for authentication completion in minutes.
mfa_unenrolled_action
string
Allow/Deny access partially enrolled users.
Allowed Values:
- allow
- deny
mfa_trust
object
Configuration for periodic MFA prompts.
is_enabled
boolean
Indicates if periodic MFA prompts are enabled.
initiator_type
string
Type of initiator for the periodic MFA prompts.
Allowed Values:
- user
- admin
duration
object
value
integer
Value of the trust duration.
unit
string
Unit of the trust duration.
Allowed Values:
- minutes
- hours
- days
radius_response_config
object
Configuration for RADIUS response attributes. Only applicable for NPS.
vendor_id
string
The unique number that denotes your VPN provider.
Note: In the case of Fortigate, the Vendor ID is 12356. Refer to your VPN provider's documentation to get the Vendor ID.
Note: In the case of Fortigate, the Vendor ID is 12356. Refer to your VPN provider's documentation to get the Vendor ID.
attributes_list
array
List of RADIUS attributes to be included in the response.
type
string
Type of the RADIUS attribute (vendor or standard).
Allowed Values:
- vendor
- standard
number
integer
Number of the RADIUS attribute.
data_type
string
Data type of the RADIUS attribute.
Allowed Values:
- string
- integer
- enum
- ipv4address
- ipv6address
value
string
Value of the RADIUS attribute.
notification_template_id
integer
Unique identifier for the notification template.
advanced_settings
object
Advanced settings for conditional access policies.
is_captcha_enabled
boolean
Indicates if CAPTCHA is enabled for the policy.
captcha_frequency_type
string
Type of CAPTCHA frequency.
Allowed Values:
- always
- after_failed_attempts
captcha_failed_attempts_threshold
integer
Number of failed attempts before CAPTCHA is triggered.
is_backup_codes_enabled
boolean
Indicates if backup codes are enabled for the policy.
emailaddress_selection_mode
string
Mode for selecting email addresses.
Allowed Values:
- primary
- select
- input
mobileno_selection_mode
string
Mode for selecting SMS numbers.
Allowed Values:
- primary
- select
- input
parameters_data='{"name":"Policy 01","description":"Test Policy","is_enabled":true,"user_assignments":{"user_ids":["2000000092642","2000000092643"],"group_ids":["2000000092616"]},"access_conditions":{"criteria_expression":"((3 and 2) and 1)","conditions":[{"sequence_number":1,"factor_type":"ipaddress","comparator":"in","factor_configs":["2000000092642","2000000092643"],"include_all_trusted_sources":true}]},"access_type":"allow","endpoints_settings":[{"endpoint":"ComputerDevices","type":"ComputerDevices","device_assignment":{"device_ids":["2000000092642","2000000092643"],"group_ids":["2000000092616","2000000092617"],"all_devices_group_selected":false},"app_assignment":{"app_ids":["2000000092642"]},"actions":["InteractiveLogon","RDP"],"primary_authentication":{"is_passwordless_enabled":true,"factor_configs":[{"authn_factor_config_id":200000012544,"verification_order":1}]},"secondary_authentication":{"is_mfa_enabled":true,"no_of_required_factors":1,"authn_mode":"native","factor_configs":[{"authn_factor_config_id":200000012544,"verification_order":1,"is_mandatory":true}]},"advanced_settings":{"mfa_timeout":5,"mfa_unenrolled_action":"allow","mfa_trust":{"is_enabled":true,"initiator_type":"user","duration":{"value":30,"unit":"minutes"}},"radius_response_config":{"vendor_id":"12356","attributes_list":[{"type":"vendor","number":12,"data_type":"string","value":"12"}]},"notification_template_id":200000012544}}],"advanced_settings":{"is_captcha_enabled":true,"captcha_frequency_type":"always","captcha_failed_attempts_threshold":3,"is_backup_codes_enabled":false,"emailaddress_selection_mode":"primary","mobileno_selection_mode":"select"}}';
headers_data = Map();
headers_data.put("Accept", "application/json");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001"
type: PATCH
headers: headers_data
content-type: application/json
parameters: parameters_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"name\":\"Policy 01\",\"description\":\"Test Policy\",\"is_enabled\":true,\"user_assignments\":{\"user_ids\":[\"2000000092642\",\"2000000092643\"],\"group_ids\":[\"2000000092616\"]},\"access_conditions\":{\"criteria_expression\":\"((3 and 2) and 1)\",\"conditions\":[{\"sequence_number\":1,\"factor_type\":\"ipaddress\",\"comparator\":\"in\",\"factor_configs\":[\"2000000092642\",\"2000000092643\"],\"include_all_trusted_sources\":true}]},\"access_type\":\"allow\",\"endpoints_settings\":[{\"endpoint\":\"ComputerDevices\",\"type\":\"ComputerDevices\",\"device_assignment\":{\"device_ids\":[\"2000000092642\",\"2000000092643\"],\"group_ids\":[\"2000000092616\",\"2000000092617\"],\"all_devices_group_selected\":false},\"app_assignment\":{\"app_ids\":[\"2000000092642\"]},\"actions\":[\"InteractiveLogon\",\"RDP\"],\"primary_authentication\":{\"is_passwordless_enabled\":true,\"factor_configs\":[{\"authn_factor_config_id\":200000012544,\"verification_order\":1}]},\"secondary_authentication\":{\"is_mfa_enabled\":true,\"no_of_required_factors\":1,\"authn_mode\":\"native\",\"factor_configs\":[{\"authn_factor_config_id\":200000012544,\"verification_order\":1,\"is_mandatory\":true}]},\"advanced_settings\":{\"mfa_timeout\":5,\"mfa_unenrolled_action\":\"allow\",\"mfa_trust\":{\"is_enabled\":true,\"initiator_type\":\"user\",\"duration\":{\"value\":30,\"unit\":\"minutes\"}},\"radius_response_config\":{\"vendor_id\":\"12356\",\"attributes_list\":[{\"type\":\"vendor\",\"number\":12,\"data_type\":\"string\",\"value\":\"12\"}]},\"notification_template_id\":200000012544}}],\"advanced_settings\":{\"is_captcha_enabled\":true,\"captcha_frequency_type\":\"always\",\"captcha_failed_attempts_threshold\":3,\"is_backup_codes_enabled\":false,\"emailaddress_selection_mode\":\"primary\",\"mobileno_selection_mode\":\"select\"}}");
Request request = new Request.Builder()
.url("https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001")
.patch(body)
.addHeader("Accept", "application/json")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.addHeader("content-type", "application/json")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'PATCH',
headers: {
Accept: 'application/json',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f',
'content-type': 'application/json'
},
body: '{"name":"Policy 01","description":"Test Policy","is_enabled":true,"user_assignments":{"user_ids":["2000000092642","2000000092643"],"group_ids":["2000000092616"]},"access_conditions":{"criteria_expression":"((3 and 2) and 1)","conditions":[{"sequence_number":1,"factor_type":"ipaddress","comparator":"in","factor_configs":["2000000092642","2000000092643"],"include_all_trusted_sources":true}]},"access_type":"allow","endpoints_settings":[{"endpoint":"ComputerDevices","type":"ComputerDevices","device_assignment":{"device_ids":["2000000092642","2000000092643"],"group_ids":["2000000092616","2000000092617"],"all_devices_group_selected":false},"app_assignment":{"app_ids":["2000000092642"]},"actions":["InteractiveLogon","RDP"],"primary_authentication":{"is_passwordless_enabled":true,"factor_configs":[{"authn_factor_config_id":200000012544,"verification_order":1}]},"secondary_authentication":{"is_mfa_enabled":true,"no_of_required_factors":1,"authn_mode":"native","factor_configs":[{"authn_factor_config_id":200000012544,"verification_order":1,"is_mandatory":true}]},"advanced_settings":{"mfa_timeout":5,"mfa_unenrolled_action":"allow","mfa_trust":{"is_enabled":true,"initiator_type":"user","duration":{"value":30,"unit":"minutes"}},"radius_response_config":{"vendor_id":"12356","attributes_list":[{"type":"vendor","number":12,"data_type":"string","value":"12"}]},"notification_template_id":200000012544}}],"advanced_settings":{"is_captcha_enabled":true,"captcha_frequency_type":"always","captcha_failed_attempts_threshold":3,"is_backup_codes_enabled":false,"emailaddress_selection_mode":"primary","mobileno_selection_mode":"select"}}'
};
fetch('https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("id360.manageengine.com")
payload = "{\"name\":\"Policy 01\",\"description\":\"Test Policy\",\"is_enabled\":true,\"user_assignments\":{\"user_ids\":[\"2000000092642\",\"2000000092643\"],\"group_ids\":[\"2000000092616\"]},\"access_conditions\":{\"criteria_expression\":\"((3 and 2) and 1)\",\"conditions\":[{\"sequence_number\":1,\"factor_type\":\"ipaddress\",\"comparator\":\"in\",\"factor_configs\":[\"2000000092642\",\"2000000092643\"],\"include_all_trusted_sources\":true}]},\"access_type\":\"allow\",\"endpoints_settings\":[{\"endpoint\":\"ComputerDevices\",\"type\":\"ComputerDevices\",\"device_assignment\":{\"device_ids\":[\"2000000092642\",\"2000000092643\"],\"group_ids\":[\"2000000092616\",\"2000000092617\"],\"all_devices_group_selected\":false},\"app_assignment\":{\"app_ids\":[\"2000000092642\"]},\"actions\":[\"InteractiveLogon\",\"RDP\"],\"primary_authentication\":{\"is_passwordless_enabled\":true,\"factor_configs\":[{\"authn_factor_config_id\":200000012544,\"verification_order\":1}]},\"secondary_authentication\":{\"is_mfa_enabled\":true,\"no_of_required_factors\":1,\"authn_mode\":\"native\",\"factor_configs\":[{\"authn_factor_config_id\":200000012544,\"verification_order\":1,\"is_mandatory\":true}]},\"advanced_settings\":{\"mfa_timeout\":5,\"mfa_unenrolled_action\":\"allow\",\"mfa_trust\":{\"is_enabled\":true,\"initiator_type\":\"user\",\"duration\":{\"value\":30,\"unit\":\"minutes\"}},\"radius_response_config\":{\"vendor_id\":\"12356\",\"attributes_list\":[{\"type\":\"vendor\",\"number\":12,\"data_type\":\"string\",\"value\":\"12\"}]},\"notification_template_id\":200000012544}}],\"advanced_settings\":{\"is_captcha_enabled\":true,\"captcha_frequency_type\":\"always\",\"captcha_failed_attempts_threshold\":3,\"is_backup_codes_enabled\":false,\"emailaddress_selection_mode\":\"primary\",\"mobileno_selection_mode\":\"select\"}}"
headers = {
'Accept': "application/json",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
'content-type': "application/json"
}
conn.request("PATCH", "/api/v1/protection/conditional-access-policies/2000000000001", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "PATCH",
"hostname": "id360.manageengine.com",
"port": null,
"path": "/api/v1/protection/conditional-access-policies/2000000000001",
"headers": {
"Accept": "application/json",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
"content-type": "application/json"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.write(JSON.stringify({
name: 'Policy 01',
description: 'Test Policy',
is_enabled: true,
user_assignments: {user_ids: ['2000000092642', '2000000092643'], group_ids: ['2000000092616']},
access_conditions: {
criteria_expression: '((3 and 2) and 1)',
conditions: [
{
sequence_number: 1,
factor_type: 'ipaddress',
comparator: 'in',
factor_configs: ['2000000092642', '2000000092643'],
include_all_trusted_sources: true
}
]
},
access_type: 'allow',
endpoints_settings: [
{
endpoint: 'ComputerDevices',
type: 'ComputerDevices',
device_assignment: {
device_ids: ['2000000092642', '2000000092643'],
group_ids: ['2000000092616', '2000000092617'],
all_devices_group_selected: false
},
app_assignment: {app_ids: ['2000000092642']},
actions: ['InteractiveLogon', 'RDP'],
primary_authentication: {
is_passwordless_enabled: true,
factor_configs: [{authn_factor_config_id: 200000012544, verification_order: 1}]
},
secondary_authentication: {
is_mfa_enabled: true,
no_of_required_factors: 1,
authn_mode: 'native',
factor_configs: [
{
authn_factor_config_id: 200000012544,
verification_order: 1,
is_mandatory: true
}
]
},
advanced_settings: {
mfa_timeout: 5,
mfa_unenrolled_action: 'allow',
mfa_trust: {
is_enabled: true,
initiator_type: 'user',
duration: {value: 30, unit: 'minutes'}
},
radius_response_config: {
vendor_id: '12356',
attributes_list: [{type: 'vendor', number: 12, data_type: 'string', value: '12'}]
},
notification_template_id: 200000012544
}
}
],
advanced_settings: {
is_captcha_enabled: true,
captcha_frequency_type: 'always',
captcha_failed_attempts_threshold: 3,
is_backup_codes_enabled: false,
emailaddress_selection_mode: 'primary',
mobileno_selection_mode: 'select'
}
}));
req.end();
curl --request PATCH \
--url https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001 \
--header 'Accept: application/json' \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
--header 'content-type: application/json' \
--data '{"name":"Policy 01","description":"Test Policy","is_enabled":true,"user_assignments":{"user_ids":["2000000092642","2000000092643"],"group_ids":["2000000092616"]},"access_conditions":{"criteria_expression":"((3 and 2) and 1)","conditions":[{"sequence_number":1,"factor_type":"ipaddress","comparator":"in","factor_configs":["2000000092642","2000000092643"],"include_all_trusted_sources":true}]},"access_type":"allow","endpoints_settings":[{"endpoint":"ComputerDevices","type":"ComputerDevices","device_assignment":{"device_ids":["2000000092642","2000000092643"],"group_ids":["2000000092616","2000000092617"],"all_devices_group_selected":false},"app_assignment":{"app_ids":["2000000092642"]},"actions":["InteractiveLogon","RDP"],"primary_authentication":{"is_passwordless_enabled":true,"factor_configs":[{"authn_factor_config_id":200000012544,"verification_order":1}]},"secondary_authentication":{"is_mfa_enabled":true,"no_of_required_factors":1,"authn_mode":"native","factor_configs":[{"authn_factor_config_id":200000012544,"verification_order":1,"is_mandatory":true}]},"advanced_settings":{"mfa_timeout":5,"mfa_unenrolled_action":"allow","mfa_trust":{"is_enabled":true,"initiator_type":"user","duration":{"value":30,"unit":"minutes"}},"radius_response_config":{"vendor_id":"12356","attributes_list":[{"type":"vendor","number":12,"data_type":"string","value":"12"}]},"notification_template_id":200000012544}}],"advanced_settings":{"is_captcha_enabled":true,"captcha_frequency_type":"always","captcha_failed_attempts_threshold":3,"is_backup_codes_enabled":false,"emailaddress_selection_mode":"primary","mobileno_selection_mode":"select"}}'
{
"name": "Policy 01",
"description": "Test Policy",
"is_enabled": true,
"user_assignments": {
"user_ids": [
"2000000092642",
"2000000092643"
],
"group_ids": [
"2000000092616"
]
},
"access_conditions": {
"criteria_expression": "((3 and 2) and 1)",
"conditions": [
{
"sequence_number": 1,
"factor_type": "ipaddress",
"comparator": "in",
"factor_configs": [
"2000000092642",
"2000000092643"
],
"include_all_trusted_sources": true
}
]
},
"access_type": "allow",
"endpoints_settings": [
{
"endpoint": "ComputerDevices",
"type": "ComputerDevices",
"device_assignment": {
"device_ids": [
"2000000092642",
"2000000092643"
],
"group_ids": [
"2000000092616",
"2000000092617"
],
"all_devices_group_selected": false
},
"app_assignment": {
"app_ids": [
"2000000092642"
]
},
"actions": [
"InteractiveLogon",
"RDP"
],
"primary_authentication": {
"is_passwordless_enabled": true,
"factor_configs": [
{
"authn_factor_config_id": 200000012544,
"verification_order": 1
}
]
},
"secondary_authentication": {
"is_mfa_enabled": true,
"no_of_required_factors": 1,
"authn_mode": "native",
"factor_configs": [
{
"authn_factor_config_id": 200000012544,
"verification_order": 1,
"is_mandatory": true
}
]
},
"advanced_settings": {
"mfa_timeout": 5,
"mfa_unenrolled_action": "allow",
"mfa_trust": {
"is_enabled": true,
"initiator_type": "user",
"duration": {
"value": 30,
"unit": "minutes"
}
},
"radius_response_config": {
"vendor_id": "12356",
"attributes_list": [
{
"type": "vendor",
"number": 12,
"data_type": "string",
"value": "12"
}
]
},
"notification_template_id": 200000012544
}
}
],
"advanced_settings": {
"is_captcha_enabled": true,
"captcha_frequency_type": "always",
"captcha_failed_attempts_threshold": 3,
"is_backup_codes_enabled": false,
"emailaddress_selection_mode": "primary",
"mobileno_selection_mode": "select"
}
}
{
"id": "2000000000001",
"name": "Policy 01",
"description": "Test Policy",
"is_enabled": true,
"user_assignments": {
"user_ids": [
"2000000092642",
"2000000092643"
],
"group_ids": [
"2000000092616"
],
"users_count": 2,
"groups_count": 1
},
"access_conditions": {
"criteria_expression": "((3 and 2) and 1)",
"conditions": [
{
"sequence_number": 1,
"factor_type": "ipaddress",
"comparator": "in",
"factor_configs": [
"2000000092642",
"2000000092643"
],
"include_all_trusted_sources": true
}
]
},
"access_type": "allow",
"endpoints": [
"ComputerDevices",
"NPS",
"IIS",
"IdentityServer"
],
"endpoints_settings": [
{
"endpoint": "ComputerDevices",
"type": "ComputerDevices",
"device_assignment": {
"device_ids": [
"2000000092642",
"2000000092643"
],
"group_ids": [
"2000000092616",
"2000000092617"
],
"all_devices_group_selected": false
},
"app_assignment": {
"app_ids": [
"2000000092642"
]
},
"actions": [
"InteractiveLogon",
"RDP"
],
"primary_authentication": {
"is_passwordless_enabled": true,
"factor_configs": [
{
"authn_factor_config_id": 200000012544,
"verification_order": 1
}
]
},
"secondary_authentication": {
"is_mfa_enabled": true,
"no_of_required_factors": 1,
"authn_mode": "native",
"factor_configs": [
{
"authn_factor_config_id": 200000012544,
"verification_order": 1,
"is_mandatory": true
}
]
}
}
]
}
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "The OAuth token is invalid."
}
}
{
"error": {
"code": "****",
"title": "Policy Not Found",
"detail": "The specified conditional access policy does not exist."
}
}
{
"error": {
"code": "00000000",
"title": "Internal Server Error",
"detail": "An unexpected internal error has occurred on the server. Please try again later."
}
}
Delete a Conditional Access Policy
Delete a specific conditional access policy by ID.
OAuth Scope : id360.conditional_access_policy.delete,id360.conditional_access_policy.all'
headers_data = Map();
headers_data.put("Accept", "application/json");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001"
type: DELETE
headers: headers_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001")
.delete(null)
.addHeader("Accept", "application/json")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'DELETE',
headers: {
Accept: 'application/json',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
}
};
fetch('https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("id360.manageengine.com")
headers = {
'Accept': "application/json",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
conn.request("DELETE", "/api/v1/protection/conditional-access-policies/2000000000001", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "DELETE",
"hostname": "id360.manageengine.com",
"port": null,
"path": "/api/v1/protection/conditional-access-policies/2000000000001",
"headers": {
"Accept": "application/json",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
curl --request DELETE \
--url https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001 \
--header 'Accept: application/json' \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "The OAuth token is invalid."
}
}
{
"error": {
"code": "****",
"title": "Policy Not Found",
"detail": "The specified conditional access policy does not exist."
}
}
{
"error": {
"code": "00000000",
"title": "Internal Server Error",
"detail": "An unexpected internal error has occurred on the server. Please try again later."
}
}
Get Conditional Access Policies Priority
Retrieve the priority order of conditional access policies.
This is an internal API
OAuth Scope : id360.conditional_access_policy.read,id360.conditional_access_policy.all
headers_data = Map();
headers_data.put("Accept", "application/json");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/api/v1/protection/conditional-access-policies/priority"
type: GET
headers: headers_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://id360.manageengine.com/api/v1/protection/conditional-access-policies/priority")
.get()
.addHeader("Accept", "application/json")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'GET',
headers: {
Accept: 'application/json',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
}
};
fetch('https://id360.manageengine.com/api/v1/protection/conditional-access-policies/priority', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("id360.manageengine.com")
headers = {
'Accept': "application/json",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
conn.request("GET", "/api/v1/protection/conditional-access-policies/priority", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "GET",
"hostname": "id360.manageengine.com",
"port": null,
"path": "/api/v1/protection/conditional-access-policies/priority",
"headers": {
"Accept": "application/json",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
curl --request GET \
--url https://id360.manageengine.com/api/v1/protection/conditional-access-policies/priority \
--header 'Accept: application/json' \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
{
"data": [
{
"id": "20000001002",
"name": "Policy 01",
"priority": 1
}
]
}
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "The OAuth token is invalid."
}
}
{
"error": {
"code": "****",
"title": "Policy Not Found",
"detail": "The specified conditional access policy does not exist."
}
}
{
"error": {
"code": "00000000",
"title": "Internal Server Error",
"detail": "An unexpected internal error has occurred on the server. Please try again later."
}
}
Update Conditional Access Policies Priority
Update the priority order of conditional access policies.
This is an internal API
OAuth Scope : id360.conditional_access_policy.update,id360.conditional_access_policy.all'
Arguments
id
string
Unique identifier for the conditional access policy.
priority
integer
Priority of the conditional access policy.
parameters_data='{"field1":"value1","field2":"value2"}';
headers_data = Map();
headers_data.put("Accept", "application/json");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/api/v1/protection/conditional-access-policies/priority"
type: PUT
headers: headers_data
content-type: application/json
parameters: parameters_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\"field1\":\"value1\",\"field2\":\"value2\"}");
Request request = new Request.Builder()
.url("https://id360.manageengine.com/api/v1/protection/conditional-access-policies/priority")
.put(body)
.addHeader("Accept", "application/json")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.addHeader("content-type", "application/json")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'PUT',
headers: {
Accept: 'application/json',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f',
'content-type': 'application/json'
},
body: '{"field1":"value1","field2":"value2"}'
};
fetch('https://id360.manageengine.com/api/v1/protection/conditional-access-policies/priority', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("id360.manageengine.com")
payload = "{\"field1\":\"value1\",\"field2\":\"value2\"}"
headers = {
'Accept': "application/json",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
'content-type': "application/json"
}
conn.request("PUT", "/api/v1/protection/conditional-access-policies/priority", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "PUT",
"hostname": "id360.manageengine.com",
"port": null,
"path": "/api/v1/protection/conditional-access-policies/priority",
"headers": {
"Accept": "application/json",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f",
"content-type": "application/json"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.write(JSON.stringify({field1: 'value1', field2: 'value2'}));
req.end();
curl --request PUT \
--url https://id360.manageengine.com/api/v1/protection/conditional-access-policies/priority \
--header 'Accept: application/json' \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f' \
--header 'content-type: application/json' \
--data '{"field1":"value1","field2":"value2"}'
[
{
"id": "20000001002",
"priority": 1
}
]
{
"data": [
{
"id": "20000001002",
"name": "Policy 01",
"priority": 1
}
]
}
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "The OAuth token is invalid."
}
}
{
"error": {
"code": "****",
"title": "Policy Not Found",
"detail": "The specified conditional access policy does not exist."
}
}
{
"error": {
"code": "00000000",
"title": "Internal Server Error",
"detail": "An unexpected internal error has occurred on the server. Please try again later."
}
}
Enable a Conditional Access Policy
Enables a specific conditional access policy by ID.
OAuth Scope : id360.conditional_access_policy.update,id360.conditional_access_policy.write,id360.conditional_access_policy.all'
headers_data = Map();
headers_data.put("Accept", "application/json");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001/enable"
type: POST
headers: headers_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001/enable")
.post(null)
.addHeader("Accept", "application/json")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'POST',
headers: {
Accept: 'application/json',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
}
};
fetch('https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001/enable', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("id360.manageengine.com")
headers = {
'Accept': "application/json",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
conn.request("POST", "/api/v1/protection/conditional-access-policies/2000000000001/enable", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "POST",
"hostname": "id360.manageengine.com",
"port": null,
"path": "/api/v1/protection/conditional-access-policies/2000000000001/enable",
"headers": {
"Accept": "application/json",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
curl --request POST \
--url https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001/enable \
--header 'Accept: application/json' \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "The OAuth token is invalid."
}
}
{
"error": {
"code": "****",
"title": "Policy Not Found",
"detail": "The specified conditional access policy does not exist."
}
}
{
"error": {
"code": "00000000",
"title": "Internal Server Error",
"detail": "An unexpected internal error has occurred on the server. Please try again later."
}
}
Disable a Conditional Access Policy
Disables a specific conditional access policy by ID.
OAuth Scope : id360.conditional_access_policy.update,id360.conditional_access_policy.write,id360.conditional_access_policy.all'
headers_data = Map();
headers_data.put("Accept", "application/json");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001/disable"
type: POST
headers: headers_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001/disable")
.post(null)
.addHeader("Accept", "application/json")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'POST',
headers: {
Accept: 'application/json',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
}
};
fetch('https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001/disable', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("id360.manageengine.com")
headers = {
'Accept': "application/json",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
conn.request("POST", "/api/v1/protection/conditional-access-policies/2000000000001/disable", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "POST",
"hostname": "id360.manageengine.com",
"port": null,
"path": "/api/v1/protection/conditional-access-policies/2000000000001/disable",
"headers": {
"Accept": "application/json",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
curl --request POST \
--url https://id360.manageengine.com/api/v1/protection/conditional-access-policies/2000000000001/disable \
--header 'Accept: application/json' \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "The OAuth token is invalid."
}
}
{
"error": {
"code": "****",
"title": "Policy Not Found",
"detail": "The specified conditional access policy does not exist."
}
}
{
"error": {
"code": "00000000",
"title": "Internal Server Error",
"detail": "An unexpected internal error has occurred on the server. Please try again later."
}
}
Bulk Enable Conditional Access Policies
Enables multiple conditional access policies by IDs.
OAuth Scope : id360.conditional_access_policy.update,id360.conditional_access_policy.write,id360.conditional_access_policy.all'
Query Parameters
ids
(Required)
Comma-separated list of IDs to be deleted
headers_data = Map();
headers_data.put("Accept", "application/json");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/api/v1/protection/conditional-access-policies/enable?ids=2000000000001,2000000000002"
type: POST
headers: headers_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://id360.manageengine.com/api/v1/protection/conditional-access-policies/enable?ids=2000000000001%2C2000000000002")
.post(null)
.addHeader("Accept", "application/json")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'POST',
headers: {
Accept: 'application/json',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
}
};
fetch('https://id360.manageengine.com/api/v1/protection/conditional-access-policies/enable?ids=2000000000001%2C2000000000002', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("id360.manageengine.com")
headers = {
'Accept': "application/json",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
conn.request("POST", "/api/v1/protection/conditional-access-policies/enable?ids=2000000000001%2C2000000000002", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "POST",
"hostname": "id360.manageengine.com",
"port": null,
"path": "/api/v1/protection/conditional-access-policies/enable?ids=2000000000001%2C2000000000002",
"headers": {
"Accept": "application/json",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
curl --request POST \
--url 'https://id360.manageengine.com/api/v1/protection/conditional-access-policies/enable?ids=2000000000001%2C2000000000002' \
--header 'Accept: application/json' \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
[
{
"resource_id": "2000000000001",
"status": 204
},
{
"resource_id": "2000000000002",
"status": 404,
"error": {
"code": "****",
"title": "Policy Not Found",
"detail": "The specified conditional access policy does not exist."
}
}
]
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "The OAuth token is invalid."
}
}
{
"error": {
"code": "00000000",
"title": "Internal Server Error",
"detail": "An unexpected internal error has occurred on the server. Please try again later."
}
}
Bulk Disable Conditional Access Policies
Disables multiple conditional access policies by IDs.
OAuth Scope : id360.conditional_access_policy.update,id360.conditional_access_policy.write,id360.conditional_access_policy.all'
Query Parameters
ids
(Required)
Comma-separated list of IDs to be deleted
headers_data = Map();
headers_data.put("Accept", "application/json");
headers_data.put("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f");
response = invokeUrl
[
url: "https://id360.manageengine.com/api/v1/protection/conditional-access-policies/disable?ids=2000000000001,2000000000002"
type: POST
headers: headers_data
connection: <connection_name>
];
info response;
OkHttpClient client = new OkHttpClient();
Request request = new Request.Builder()
.url("https://id360.manageengine.com/api/v1/protection/conditional-access-policies/disable?ids=2000000000001%2C2000000000002")
.post(null)
.addHeader("Accept", "application/json")
.addHeader("Authorization", "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f")
.build();
Response response = client.newCall(request).execute();
const options = {
method: 'POST',
headers: {
Accept: 'application/json',
Authorization: 'Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
}
};
fetch('https://id360.manageengine.com/api/v1/protection/conditional-access-policies/disable?ids=2000000000001%2C2000000000002', options)
.then(response => response.json())
.then(response => console.log(response))
.catch(err => console.error(err));
import http.client
conn = http.client.HTTPSConnection("id360.manageengine.com")
headers = {
'Accept': "application/json",
'Authorization': "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
conn.request("POST", "/api/v1/protection/conditional-access-policies/disable?ids=2000000000001%2C2000000000002", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
const http = require("https");
const options = {
"method": "POST",
"hostname": "id360.manageengine.com",
"port": null,
"path": "/api/v1/protection/conditional-access-policies/disable?ids=2000000000001%2C2000000000002",
"headers": {
"Accept": "application/json",
"Authorization": "Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f"
}
};
const req = http.request(options, function (res) {
const chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function () {
const body = Buffer.concat(chunks);
console.log(body.toString());
});
});
req.end();
curl --request POST \
--url 'https://id360.manageengine.com/api/v1/protection/conditional-access-policies/disable?ids=2000000000001%2C2000000000002' \
--header 'Accept: application/json' \
--header 'Authorization: Zoho-oauthtoken 1000.41d9xxxxxxxxxxxxxxxxxxxxxxxxc2d1.8fccxxxxxxxxxxxxxxxxxxxxxxxx125f'
[
{
"resource_id": "2000000000001",
"status": 204
},
{
"resource_id": "2000000000002",
"status": 404,
"error": {
"code": "****",
"title": "Policy Not Found",
"detail": "The specified conditional access policy does not exist."
}
}
]
{
"error": {
"code": "00000101",
"title": "Unauthorized",
"detail": "The OAuth token is invalid."
}
}
{
"error": {
"code": "00000000",
"title": "Internal Server Error",
"detail": "An unexpected internal error has occurred on the server. Please try again later."
}
}