management/generate/pingone-management.yml

openapi: 3.0.0
info:
  title: PingOne Platform API - SSO and Base
  description: The PingOne Platform API covering the base and SSO services (otherwise known as the Management APIs)
  version: '2023-06-29'
externalDocs:
  url: https://apidocs.pingidentity.com/pingone/platform/v1/api/#management-apis
  description: PingOne Platform API Reference - Management APIs
servers:
  - url: '{protocol}://{baseDomain}.{suffix}/v1'
    description: PingOne Platform API Endpoint
    variables:
      suffix:
        enum:
          - 'asia'
          - 'ca'
          - 'com'
          - 'com.au'
          - 'eu'
        default: 'com'
      baseDomain:
        default: 'api.pingone'
      protocol:
        default: 'https'
  - url: '{protocol}://{baseHostname}/v1'
    description: PingOne Platform API Endpoint
    variables:
      baseHostname:
        default: 'api.pingone.com'
      protocol:
        default: 'https'
components:
  securitySchemes:
    bearer:
      type: http
      scheme: bearer
      bearerFormat: JWT
      description: OAuth bearer token (see documentation)
  schemas:
    LinksHATEOAS:
      type: object
      readOnly: true
      additionalProperties:
        type: object
        properties:
          href:
            type: string
            format: uri
            description: The HREF of the link.
        required:
          - href 
    EnumAdministratorSecurityAllowedMethods:
      type: string
      description: Indicates the methods to enable or disable for admin sign-on. Possible values are `TOTP` (temporary one-time password), `FIDO2`, or `EMAIL`.
      enum: [TOTP, FIDO2, EMAIL]
    EnumAdministratorSecurityAuthenticationMethod:
      type: string
      description: Indicates whether to use PingOne MFA, an external IdP, or a combination of both for admin sign-on. Possible values are `PINGONE`, `EXTERNAL`, or `HYBRID`. The default is `PINGONE`.
      enum: [PINGONE, EXTERNAL, HYBRID]
      default: PINGONE
    EnumAdministratorSecurityMfaStatus:
      type: string
      description: This applies only to the specified environment, and can be either `OPT_IN` (indicating MFA is to be used for administrator sign-ons), or `OPT_OUT` (indicating MFA is not to be used for administrator sign-ons). This currently defaults to `OPT_OUT`.
      default: OPT_OUT
      enum: [OPT_IN, OPT_OUT]
    EnumAgreementRevisionContentType:
      type: string
      description: An immutable string that specifies the content type of text. Options are text/html and text/plain, as defined by [rfc-6838](https://datatracker.ietf.org/doc/html/rfc6838#section-4.2.1) and [Media Types/text](https://www.iana.org/assignments/media-types/media-types.xhtml#text). This attribute is supported in POST requests only.
      enum: [text/html,text/plain]
    EnumAlertChannelAlertType:
      type: string
      enum: [CERTIFICATE_EXPIRED, CERTIFICATE_EXPIRING, KEY_PAIR_EXPIRED, KEY_PAIR_EXPIRING, GATEWAY_VERSION_DEPRECATED, GATEWAY_VERSION_DEPRECATING, LICENSE_90_PERCENT_USER_SOFT_LIMIT, LICENSE_EXPIRED, LICENSE_EXPIRING, LICENSE_ROTATED, LICENSE_USER_HARD_LIMIT_EXCEEDED, LICENSE_USER_SOFT_LIMIT_EXCEEDED, RISK_CONFIGURATION]
      description: Alert channel alerting types.
    EnumAlertChannelSeverity:
      type: string
      enum: [INFO, WARNING, ERROR]
      description: Alert channel severity. Possible values are `INFO`, `WARNING`, and `ERROR`.
    EnumAlertChannelType:
      type: string
      enum: [EMAIL]
      description: Alert channel type enumeration. Possible values are `EMAIL`.
    EnumApplicationAccessControlType:
      type: string
      description: A string that specifies the user role required to access the application. Options are ADMIN_USERS_ONLY. A user is an admin user if the user has one or more of the following roles Organization Admin, Environment Admin, Identity Data Admin, or Client Application Developer.
      enum: [ADMIN_USERS_ONLY]
    EnumApplicationAccessControlGroupType:
      type: string
      enum: [ANY_GROUP, ALL_GROUPS]
      description: A string that specifies the group type required to access the application. Options are `ANY_GROUP` (the actor must belong to at least one group listed in the `groups` property) and `ALL_GROUPS` (the actor must belong to all groups listed in the `groups` property).
    EnumApplicationCorsSettingsBehavior:
      type: string
      enum: [ALLOW_NO_ORIGINS, ALLOW_SPECIFIC_ORIGINS]
      description: The behavior of CORS for the application. `ALLOWS_NO_ORIGINS` rejects all CORS requests.  `ALLOW_SPECIFIC_ORIGINS` rejects all CORS requests except those listed in `corsSettings.origins`.
    EnumApplicationNativeGooglePlayVerificationType:
      type: string
      enum: [GOOGLE, INTERNAL]
      description: The type of verification that should be used. The possible values are `GOOGLE` and `INTERNAL`. Using internal verification will not count against your Google API call quota. The value you select for `verificationType` determines what other parameters you must provide. When set to `GOOGLE`, you must provide `serviceAccountCredentials`. When set to `INTERNAL`, you must provide `decryptionKey` and `verificationKey`.
    EnumApplicationOIDCGrantType:
      type: string
      enum: [AUTHORIZATION_CODE, IMPLICIT, REFRESH_TOKEN, CLIENT_CREDENTIALS, DEVICE_CODE]
    EnumApplicationOIDCPARRequirement:
      type: string
      description: Whether pushed authorization requests (PAR) are required. Options are `REQUIRED` and `OPTIONAL`. The default value is `OPTIONAL`.
      default: OPTIONAL
      enum: [REQUIRED, OPTIONAL]
    EnumApplicationOIDCPKCEOption:
      type: string
      enum: [OPTIONAL, REQUIRED, S256_REQUIRED]
      description: A string that specifies how PKCE request parameters are handled on the authorize request. Options are OPTIONAL PKCE code_challenge is optional and any code challenge method is acceptable. REQUIRED PKCE code_challenge is required and any code challenge method is acceptable. S256_REQUIRED PKCE code_challege is required and the code_challenge_method must be S256.
    EnumApplicationOIDCResponseType:
      type: string
      description: The code or token type returned by an authorization request. Options are `TOKEN`, `ID_TOKEN`, and `CODE`. For hybrid flows that specify `CODE` with `TOKEN` or `ID_TOKEN`, see [Hybrid grant type](https://apidocs.pingidentity.com/pingone/main/v1/api/#hybrid-grant-type).
      enum: [TOKEN, ID_TOKEN, CODE]
    EnumApplicationOIDCTokenAuthMethod:
      type: string
      enum: [NONE, CLIENT_SECRET_BASIC, CLIENT_SECRET_POST, PRIVATE_KEY_JWT, CLIENT_SECRET_JWT]
      description: A string that specifies the client authentication methods supported by the token endpoint.
    EnumApplicationProtocol:
      type: string
      enum: [OPENID_CONNECT, SAML, WS-FED, EXTERNAL_LINK]
      description: A string that specifies the protocol for the Application.
    EnumApplicationSAMLSloBinding:
      type: string
      enum: [HTTP_REDIRECT, HTTP_POST]
      description: A string that specifies the binding protocol to be used for the logout response. Options are HTTP_REDIRECT or HTTP_POST. The default is HTTP_POST; existing configurations with no data default to HTTP_POST.
      default: HTTP_POST
    EnumApplicationTags:
      type: string
      enum: [PING_FED_CONNECTION_INTEGRATION]
    EnumApplicationType:
      type: string
      enum: [WEB_APP, NATIVE_APP, SINGLE_PAGE_APP, WORKER, SERVICE, CUSTOM_APP, PING_ONE_SELF_SERVICE, PING_ONE_ADMIN_CONSOLE, PING_ONE_PORTAL, TEMPLATE_APP, PORTAL_LINK_APP]
      description: A string that specifies the type associated with the application. This is a required property.
    EnumApplicationWSFEDIDPSigningAlgorithm:
      type: string
      description: The signature algorithm to be used for signing. Algorithms supported `SHA256withRSA`, `SHA384withRSA`, `SHA512withRSA`, `SHA256withECDSA`, `SHA384withECDSA`, and `SHA512withECDSA`.
      enum: [SHA256withRSA, SHA384withRSA, SHA512withRSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA]
    EnumApplicationWSFEDKerberosGatewayType:
      type: string
      enum: [LDAP]
      description: The gateway type. This must be "LDAP".
    EnumAttributeMappingType:
      type: string
      enum: [CORE, SCOPE, CUSTOM]
      description: A string that specifies the mapping type of the attribute. Options are CORE, SCOPE, and CUSTOM. The CORE and SCOPE mapping types are for reserved attributes managed by the API and cannot be removed. Attribute values for these mapping types can be updated. The CUSTOM mapping type is for user-defined attributes. Attributes of this type can be updated and deleted.
    EnumBillOfMaterialsProductTags:
      type: string
      enum: [DAVINCI_MINIMAL]
    EnumBrandingLogoType:
      type: string
      enum: [IMAGE, NONE]
      description: The type of format used for the image. Options are IMAGE and NONE.
    EnumBrandingThemeBackgroundType:
      type: string
      enum: [NONE, COLOR, IMAGE, DEFAULT]
      description: The background type for the theme. Options are `NONE`, `COLOR`, `IMAGE`, `DEFAULT`.
    EnumBrandingThemeTemplate:
      type: string
      enum: [default, focus, mural, slate, split]
      description: The template name of the branding theme associated with the environment. Options are default, focus, mural, slate, and split.
    EnumCertificateKeyAlgorithm:
      type: string
      enum: [RSA, EC, UNKNOWN]
      description: Specifies the key algorithm. Options are `RSA`, `EC`, and `UNKNOWN`.
    EnumCertificateKeyEncryptionAlgorithm:
      type: string
      enum: [AES_128, AES_256, TRIPLEDES]
      description: The algorithm to use when encrypting assertions.
    EnumCertificateKeySignagureAlgorithm:
      type: string
      description: Specifies the signature algorithm of the key. For RSA keys, options are `SHA256withRSA`, `SHA384withRSA` and `SHA512withRSA`. For elliptical curve (EC) keys, options are `SHA256withECDSA`, `SHA384withECDSA`, and `SHA512withECDSA`
      enum: [SHA256withRSA, SHA384withRSA, SHA512withRSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA]
    EnumCertificateKeyStatus:
      type: string
      description: Specifies the status of the key. Options are `VALID`, `EXPIRING`, `EXPIRED`, `NOT_YET_VALID`, and `REVOKED`.
      enum: [VALID, EXPIRING, EXPIRED, NOT_YET_VALID, REVOKED]
      readOnly: true
    EnumCertificateKeyUsageType:
      type: string
      description: Specifies how the certificate is used. Options are `ENCRYPTION`, `SIGNING`, `SSL/TLS`, `ISSUANCE`, `OUTBOUND_MTLS`.  `ISSUANCE` keys are used as part of another key's trust chain, and are used to sign other keys. Certificate Revocation Lists (CRL) are published against these keys. `SSL/TLS` keys are used to protect internet protocol domains (such as, a [Custom Domain](https://apidocs.pingidentity.com/pingone/platform/v1/api/#custom-domains) you've configured in PingOne). `OUTBOUND_MTLS` keys are used to enable mutual TLS (mTLS) authentication with a subscription service.
      enum: [ENCRYPTION, SIGNING, SSL/TLS, ISSUANCE, OUTBOUND_MTLS]
    EnumCreateCertificateAcceptHeader:
      type: string
      enum: [application/x-pkcs7-certificates]
    EnumCSRExportHeader:
      type: string
      enum: [application/pkcs10, application/x-pem-file]
    EnumCSRResponseImportHeader:
      type: string
      enum: [application/x-pem-file]
    EnumCustomAdminRoleApplicableTo:
      type: string
      description: The scope types to which the role can be applied. Options are ORGANIZATION, ENVIRONMENT, and POPULATION.
      enum: [ORGANIZATION, ENVIRONMENT, POPULATION]
    EnumCustomAdminRoleType:
      type: string
      enum: [PLATFORM,CUSTOM]
      description: A value that indicates whether the role is a built-in role or a custom role. Options are PLATFORM and CUSTOM.
      readOnly: true
    EnumCustomDomainPostHeader:
      type: string
      enum: [application/vnd.pingidentity.certificate.import+json, application/vnd.pingidentity.domainName.verify+json]
    EnumCustomDomainStatus:
      type: string
      description: A string that specifies the status of the custom domain. Options are ACTIVE, VERIFICATION_REQUIRED, and SSL_CERTIFICATE_REQUIRED.
      enum: [ACTIVE, VERIFICATION_REQUIRED, SSL_CERTIFICATE_REQUIRED]
    EnumEmailDomainStatus:
      type: string
      enum: [ACTIVE, VERIFICATION_REQUIRED]
      description: The status of the email domain ownership.
    EnumEnvironmentType:
      type: string
      enum: [PRODUCTION, SANDBOX]
      description: A string that specifies the type of environment to use.
    EnumFormItemAlignment:
      type: string
      enum: [LEFT, CENTER, RIGHT]
      description: A string that specifies the alignment of the item.
    EnumFormCategory:
      type: string
      enum: [CUSTOM]
      description: A string that specifies the type of form. The `CUSTOM` form type allows the form to be built with fields that do not map specifically to the PingOne directory attributes.
    EnumFormElementLabelMode:
      type: string
      enum: [DEFAULT, FLOAT]
      description: A string that specifies how the field is rendered.
    EnumFormElementLayout:
      type: string
      enum: [HORIZONTAL, VERTICAL]
      description: A string that specifies layout attributes for radio button and checkbox fields. This is a required property when the type is `RADIO` or `CHECKBOX`.
    EnumFormElementValidationType:
      type: string
      enum: [NONE, CUSTOM]
      description: A string that specifies the validation type. This is a required property when the field type is `TEXT`.
    EnumFormFieldType:
      type: string
      enum: [TEXT, PASSWORD, PASSWORD_VERIFY, RADIO, CHECKBOX, DROPDOWN, COMBOBOX, DIVIDER, EMPTY_FIELD, TEXTBLOB, SLATE_TEXTBLOB, SUBMIT_BUTTON, ERROR_DISPLAY, FLOW_LINK, FLOW_BUTTON, RECAPTCHA_V2, QR_CODE, SOCIAL_LOGIN_BUTTON]
      description: A string that specifies the type of the field.
    EnumFormRecaptchaV2Size:
      type: string
      enum: [NORMAL, COMPACT]
      description: A string that specifies the size of the reCAPTCHA widget.
    EnumFormRecaptchaV2Theme:
      type: string
      enum: [LIGHT, DARK]
      description: A string that specifies the theme of the reCAPTCHA widget.
    EnumFormSocialLoginIdpType:
      type: string
      enum: [FACEBOOK, APPLE, GOOGLE, AMAZON, LINKEDIN, MICROSOFT, TWITTER, YAHOO, PAYPAL, GITHUB, OPENID_CONNECT, SAML, LDAP]
      description: A string that specifies the external identity provider type.
    EnumFormStylesWidthUnit:
      type: string
      enum: [PERCENT, PIXELS]
    EnumFormTranslationMethod:
      type: string
      enum: [TRANSLATE, DEFAULT_VALUE, KEY]
      description: A string that specifies how to translate the text strings in the form.
    EnumFormQrCodeType:
      type: string
      enum: [MFA_AUTH]
      description: A string that specifies the QR Code type.
    EnumFlowPolicyTriggerType:
      type: string
      description: An enum string that specifies the trigger type associated with the flow policy trigger.
      enum: [AUTHENTICATION]
    EnumFormsIncludeParameter:
      type: string
      enum: [components]
    EnumGatewayTypeLDAPSecurity:
      type: string
      enum: [None, TLS, StartTLS]
      description: A string that specifies the connection security type. Options are None, TLS, and StartTLS. The default value is None.
      default: None
    EnumGatewayType:
      type: string
      enum: [LDAP, PING_FEDERATE, PING_INTELLIGENCE, API_GATEWAY_INTEGRATION, RADIUS]
      description: A string that specifies the type of gateway resource. Options are LDAP, PING_FEDERATE, API_GATEWAY_INTEGRATION, RADIUS and PING_INTELLIGENCE. This is a required property.
    EnumGatewayPasswordAuthority:
      type: string
      enum: [PING_ONE, LDAP]
      description: This can be either `PING_ONE` or `LDAP`. If set to `PING_ONE`, PingOne authenticates with the external directory initially, then PingOne authenticates all subsequent sign-ons.
    EnumGatewayVendor:
      type: string
      enum: [PingDirectory, Microsoft Active Directory, Oracle Directory Server Enterprise Edition, Oracle Unified Directory, CA Directory, OpenDJ Directory Server, IBM (Tivoli) Security Directory Server, LDAPv3-compliant Directory Server]
      description: A string that specifies the LDAP vendor. Options are `PingDirectory`, `Microsoft Active Directory`, `Oracle Directory Server Enterprise Edition`, `Oracle Unified Directory`, `CA Directory`, `OpenDJ Directory Server`, `IBM (Tivoli) Security Directory Server`, and `LDAPv3-compliant Directory Server`.
    EnumGetKeyAcceptHeader:
      type: string
      enum: [application/json, application/x-pkcs7-certificates, application/x-x509-ca-cert]
    EnumGroupSourceType:
      type: string
      enum: [GATEWAY, IDP]
      readOnly: true
      description: External groups only. Set during user creation/update. Supported values are `GATEWAY`, `IDP`
    EnumHealthStatus:
      type: string
      enum: [HEALTHY, DEGRADED, UNHEALTHY]
      description: An enumeration that specifies whether or not the gateway is in a healthy state.
    EnumIdentityPropagationPlanStatus:
      type: string
      enum: [INACTIVE]
      description: Status of the propagation plan; defaults to `INACTIVE`
    EnumIdentityProvider:
      type: string
      enum: [FACEBOOK, GOOGLE, LINKEDIN, APPLE, TWITTER, AMAZON, YAHOO, MICROSOFT, PAYPAL, GITHUB, OPENID_CONNECT, SAML, PING_ONE]
      description: A string that identifies the type of identity provider used to authenticate the user. The default value of `PING_ONE` is set when a value for identityProvider.id is not provided. The `PING_ONE` value is the default for all pre-existing users. There is currently no search filter support for this attribute.
      default: PING_ONE
    EnumIdentityProviderAttributeMappingType:
      type: string
      description: The mapping type. Options are CORE (This attribute is required by the schema and cannot be removed. The name and update properties cannot be changed.) or CUSTOM (All user-created attributes are of this type.)
      enum: [CORE, CUSTOM]
    EnumIdentityProviderAttributeMappingUpdate:
      type: string
      description: Indicates whether to update the user attribute in the directory with the non-empty mapped value from the IdP. Options are EMPTY_ONLY (only update the user attribute if it has an empty value); ALWAYS (always update the user attribute value).
      enum: [EMPTY_ONLY, ALWAYS]
    EnumIdentityProviderExt:
      type: string
      enum: [FACEBOOK, GOOGLE, LINKEDIN, APPLE, TWITTER, AMAZON, YAHOO, MICROSOFT, PAYPAL, GITHUB, OPENID_CONNECT, SAML]
      description: A string that identifies the type of identity provider used to authenticate the user.
    EnumIdentityProviderOIDCTokenAuthMethod:
      type: string
      description: A string that specifies the OIDC identity provider's token endpoint authentication method. Options are CLIENT_SECRET_BASIC (default), CLIENT_SECRET_POST, and NONE. This is a required property.
      default: CLIENT_SECRET_BASIC
      enum: [CLIENT_SECRET_BASIC, CLIENT_SECRET_POST, NONE]
    EnumIdentityProviderPKCEMethod:
      type: string
      description: The method for PKCE. Options are `NONE` or `S256`. The default is `NONE`. This value auto-populates from a discovery endpoint if the OpenID Provider includes `S256` in its `code_challenge_methods_supported` claim. The plain method is not currently supported.
      default: NONE
      enum: [S256, NONE]
    EnumIdentityProviderSAMLSigningAlgorithm:
      type: string
      description: The signing key algorithm used by PingOne. Value will depend on which key algorithm and signature algorithm you chose when creating your signing key. Possible values are `SHA256withRSA`, `SHA384withRSA`, `SHA512withRSA`, `SHA256withECDSA`, `SHA384withECDSA`, `SHA512eithEDCSA`.
      enum: [SHA256withRSA, SHA384withRSA, SHA512withRSA, SHA256withECDSA, SHA384withECDSA, SHA512eithEDCSA]
    EnumIdentityProviderSAMLSSOBinding:
      type: string
      description: A string that specifies the binding for the authentication request. Options are HTTP_POST and HTTP_REDIRECT.
      enum: [HTTP_POST, HTTP_REDIRECT]
    EnumIdentityProviderSAMLSLOBinding:
      type: string
      description: The binding protocol to be used for the logout response. Options are `HTTP_REDIRECT` or `HTTP_POST`. The default is `HTTP_POST`; existing configurations with no data default to `HTTP_POST`. This is an optional property.
      enum: [HTTP_POST, HTTP_REDIRECT]
      default: HTTP_POST
    EnumImageFormat:
      type: string
      enum: [png, jpg, gif]
      description: A string that specifies the type of format used for the image. Options are jpg, png, and gif.
    EnumIntegrationPingProductName:
      type: string
      enum: [PINGID, PINGONE_ENTERPRISE, PINGONE, PINGACCESS, PINGFEDERATE, PINGDIRECTORY, PINGDATAGOVERNANCE, PINGINTELLIGENCE_FOR_APIS, PINGONE_ADVANCED_SERVICES]
      description: The Ping product associated with the integration.
    EnumIntegrationTag:
      type: string
      enum: [SSO, AUTHENTICATION, MFA, INTELLIGENCE, GOVERNANCE, IDAAS, ACCESS, DIRECTORY, PROVISIONING]
      description: Tag to apply to the integration metadata. Can include `SSO`, `AUTHENTICATION`, `MFA`, `INTELLIGENCE`, `GOVERNANCE`, `IDAAS`, `ACCESS`, `DIRECTORY`, or `PROVISIONING`.
    EnumIntegrationVersionType:
      type: string
      enum: [PRODUCT_INTEGRATION_KIT, SAML]
      description: The type of integration for this version. Currently, the only valid values are PRODUCT_INTEGRATION_KIT and SAML.
    EnumIntegrationVersionIntegrationKitIntegratedWithName:
      type: string
      enum: [PINGID, PINGONE_ENTERPRISE, PINGONE, PINGACCESS, PINGFEDERATE, PINGDIRECTORY, PINGDATAGOVERNANCE]
      description: Name of the compatible Ping product with which this version integrates. Can include PINGID, PINGONE_ENTERPRISE, PINGONE, PINGACCESS, PINGFEDERATE, PINGDIRECTORY, or PINGDATAGOVERNANCE
    EnumIntegrationVersionSAMLProtocolVersion:
      type: string
      enum: ["2.0", "1.1", "1.0"]
      description: The SAML protocol version supported 2.0, 1.1, or 1.0.
    EnumIntegrationVersionSAMLSLOBinding:
      type: string
      enum: [HTTP_POST, HTTP_REDIRECT]
      description: The SLO binding. Must be either HTTP_POST or HTTP_REDIRECT
    EnumKeyRotationPolicyAlgorithm:
      type: string
      enum: [RSA]
      description: The algorithm this KRP applies to generated `KrpKeys`. `RSA` is currently the only supported value.
    EnumKeyRotationPolicySigAlgorithm:
      type: string
      enum: [SHA256withRSA]
      description: The signature algorithm this KRP will apply to generated `KrpKeys`. `SHA256withRSA` is currently the only supported value.
    EnumKeyRotationPolicyUsageType:
      type: string
      enum: [SIGNING]
      description: How the KRP will be used, pertaining to what operations the KRP supports. The only valid value for initial release is `SIGNING`.
    EnumLicenseStatus:
      type: string
      enum: [ACTIVE, EXPIRED, FUTURE, TERMINATED]
      description: A string that specifies the status of the license. Options are `ACTIVE`, `EXPIRED`, `FUTURE` and `TERMINATED`.
    EnumMobileIntegrityDetectionPlatform:
      type: string
      enum: [IOS, GOOGLE]
    EnumNotificationsSettingsEmailDeliverySettingsCustomAuthenticationMethod:
      type: string
      description: Use the value `BASIC` if your authentication with the email provider uses a username and password. Use `BEARER` if your authentication is based on the use of a bearer token.
      enum: [BASIC, BEARER]
    EnumNotificationsSettingsEmailDeliverySettingsCustomProtocol:
      type: string
      enum: [HTTP]
      description: Set to `HTTP` when configuring an external email provider.
    EnumNotificationsSettingsEmailDeliverySettingsCustomProvider:
      type: string
      enum: [CUSTOM_PROVIDER]
      description: Must be set to `CUSTOM_PROVIDER`.
    EnumNotificationsSettingsEmailDeliverySettingsCustomRequestsDeliveryMethod:
      type: string
      enum: [EMAIL]
      description: Should be set to EMAIL.
    EnumNotificationsSettingsEmailDeliverySettingsCustomRequestsMethod:
      type: string
      enum: [GET, POST]
      description: Use method to specify the type of API request the email provider requires. Valid values are `GET` and `POST`.
    EnumNotificationsPolicyCountryLimitDeliveryMethod:
      type: string
      enum: [SMS, Voice]
      description: The delivery method that the defined limitation should be applied to.  Options are `SMS`, `Voice`.
    EnumNotificationsPolicyCountryLimitType:
      type: string
      enum: [NONE, ALLOWED, DENIED]
      description: |
        Determines the kind of limitation being defined. The possible values are:
        `NONE`
        `ALLOWED` - allows SMS/Voice notifications only for the countries specified with `countryLimit.countries`
        `DENIED` - denies SMS/Voice notifications for the countries specified with `countryLimit.countries`
    EnumNotificationsPolicyQuotaDeliveryMethods:
      type: string
      enum: [SMS, Voice, Email]
    EnumNotificationsPolicyQuotaItemType:
      type: string
      enum: [USER, ENVIRONMENT]
      description: Specifies whether the limit defined is per-user or per environment. Value must be either `USER` or `ENVIRONMENT`.
    EnumNotificationsSettingsDeliveryMode:
      type: string
      enum: [ALL]
    EnumNotificationsSettingsPhoneDeliverySettingsCustomDeliveryMethod:
      type: string
      enum: [SMS, VOICE]
      description: |
        The notification's delivery method. Possible values:
        `SMS`
        `VOICE`
    EnumNotificationsSettingsPhoneDeliverySettingsCustomRequestMethod:
      type: string
      enum: [GET, POST]
      description: The type of HTTP request method. Possible values are `GET` and `POST`.
    EnumNotificationsSettingsPhoneDeliverySettingsCustomNumberFormat:
      type: string
      enum: [FULL, NUMBER_ONLY]
      default: FULL
      description: |
        The phone number format. Possible values:
        `FULL` (default)
        The phone number format with a leading `+` sign, in the E.164 standard format.
        For example: `+14155552671`
        `NUMBER_ONLY`
        The phone number format without a leading `+` sign, in the E.164 standard format.
        For example: `14155552671`
    EnumNotificationsSettingsPhoneDeliverySettingsCustomNumbersType:
      type: string
      enum: [SHORT_CODE, TOLL_FREE, PHONE_NUMBER]
      description: The type of phone number.
    EnumNotificationsSettingsPhoneDeliverySettingsCustomNumbersCapability:
      type: string
      enum: [SMS, VOICE]
      description: The type of phone delivery service capability.
    EnumNotificationsSettingsPhoneDeliverySettingsCustomAuthMethod:
      type: string
      enum: [BASIC, BEARER]
      description: |
        The custom provider account's authentication method. Possible values: `BASIC`, `BEARER`
    EnumNotificationsSettingsPhoneDeliverySettingsTwilioSyniverseNumbersType:
      type: string
      enum: [SHORT_CODE, TOLL_FREE, PHONE_NUMBER]
      description: |
        The type of phone number. Possible values: `SHORT_CODE`, `TOLL_FREE`, `PHONE_NUMBER`
    EnumNotificationsSettingsPhoneDeliverySettingsTwilioSyniverseNumbersCapability:
      type: string
      enum: [VOICE, SMS]
      description: |
        The type of phone delivery service capability. Possible values: `VOICE`, `SMS`
    EnumNotificationsSettingsPhoneDeliverySettingsProvider:
      type: string
      enum: [CUSTOM_TWILIO, CUSTOM_SYNIVERSE, CUSTOM_PROVIDER]
      description: |
        The ID of the provider of phone delivery service. Possible values:
        `PINGONE_TWILIO`: Specifies that Ping Identity's Twilio account is the SMS/voice provider.
        `CUSTOM_TWILIO`: Specifies that your Twilio account is the SMS/voice provider.
        `CUSTOM_SYNIVERSE`: Specifies that your Syniverse account is the SMS/voice provider.
        `CUSTOM_PROVIDER`: Specifies a custom-defined SMS provider (excluding Twilio and Syniverse).
    EnumOrganizationType:
      type: string
      enum: [PAID, TRIAL, INTERNAL]
      description: A string that specifies the organization type. If the organization has any paid licenses, the type property value is set to `PAID`. Otherwise, the property value is set to `TRIAL`.  Internal organizations have a value of `INTERNAL`.
    EnumPasscodeRefreshTimeUnit:
      type: string
      description: The type of time unit for `mobile.passcodeRefreshDuration.duration`.  Must be SECONDS.
      default: SECONDS
      enum: [SECONDS]
    EnumProductType:
      type: string
      enum: [PING_ONE_MFA, PING_ONE_DAVINCI, PING_ONE_ORCHESTRATE, PING_ONE_RISK, PING_ONE_FRAUD, PING_ONE_PROVISIONING, PING_DATA_SYNC, PING_DATA_GOVERNANCE, PING_ONE_FOR_ENTERPRISE, PING_ID_SDK, PING_ONE_FOR_SAAS, PING_ONE_VERIFY, PING_ONE_CREDENTIALS, PING_ONE_AUTHORIZE, PING_ONE_BASE, PING_FEDERATE, PING_ACCESS, PING_DIRECTORY, PING_AUTHORIZE, PING_ID, PING_INTELLIGENCE, PING_CENTRAL]
      description: A string that specifies the Ping Identity product type. Options for PingOne platform products are PING_ONE_DAVINCI, PING_ONE_MFA, PING_ONE_RISK, PING_ONE_VERIFY, PING_ONE_CREDENTIALS, PING_ONE_AUTHORIZE and PING_ONE_BASE. The PING_ONE_BASE product represents the default set of services that an environment can use on the PingOne platform. Options for other Ping Identity products are PING_FEDERATE, PING_ACCESS, PING_DIRECTORY, PING_AUTHORIZE, PING_ID, PING_INTELLIGENCE, and PING_CENTRAL
    EnumPropagationStoreConnectionStatusContentType:
      type: string
      enum: [application/vnd.pingidentity.connection.check+json]
    EnumPropagationStoreStatus:
      type: string
      enum: [INACTIVE]
      description: The status of the identity store. The default value is INACTIVE.
    EnumPropagationStoreSyncState:
      type: string
      readOnly: true
      enum: [SYNCING, FAILED]
      description: The current state of synchronization with a propagation store or stores. Options are either SYNCING or FAILED.
    EnumPropagationStoreType:
      type: string
      enum: [Aquera, AzureActiveDirectorySAML2, directory, LdapGateway, PingOne, Salesforce, SalesforceContacts, scim, Slack, Workday, Zoom]
      description: The type of the identity store and determines the required and acceptable configuration properties. It also determines the acceptable target attribute mappings. Options are Aquera, AzureActiveDirectorySAML2, directory, LdapGateway, PingOne, Salesforce, SalesforceContacts, scim, Slack, Workday, or Zoom.
    EnumPropagationStoreTypeRemoveActionDisable:
      type: string
      enum: [Disable]
      description: The action to take when deprovisioning (removing) a user. Must be set to Disable.
    EnumPropagationStoreTypeRemoveActionDisableDelete:
      type: string
      enum: [Disable, Delete]
      description: The action to take when deprovisioning (removing) a user. Options are either `Disable` or `Delete`.
    EnumPropagationStoreTypeAqueraAuthenticationMethod:
      type: string
      enum: [OAuth Bearer Token, Basic Auth]
      description: The account authentication method. For example, `OAuth Bearer Token` or `Basic Auth`.
    EnumPropagationStoreTypeAqueraGroupSourceName:
      type: string
      enum: [Common Name, Distinguished Name]
      description: The source to use for the group name. Options are either `Common Name` or `Distinguished Name`.
    EnumPropagationStoreTypeLDAPGatewayLDAPType:
      type: string
      enum: [PingDirectory, Microsoft Active Directory]
      description: Type of LDAP gateway; can be `PingDirectory` or `Microsoft Active Directory`.
    EnumPropagationStoreTypePingOneDefaultAuthMethod:
      type: string
      enum: [Email 1, SMS 1, Voice 1]
      description: The default authentication method. Options are `Email 1`, `SMS 1`, or `Voice 1`.
    EnumPropagationStoreTypePingOneRegion:
      type: string
      enum: [NA, CA, EU, AP]
      description: A supported region. Options are `NA`, `CA`, `EU`, or `AP`.
    EnumPropagationStoreTypeSalesforceContactsRecordType:
      type: string
      enum: [Lead, Contact]
      description: The type of Salesforce record. Options are either Lead or Contact.
    EnumPropagationStoreTypeSCIMAuthenticationMethod:
      type: string
      enum: [OAuth 2 Client Credentials, OAuth 2 Bearer Token, Basic Authentication]
      description: The account authentication method. Can be `OAuth 2 Client Credentials`, `OAuth 2 Bearer Token`, or `Basic Authentication`.
    EnumPropagationStoreTypeSCIMGroupNameSource:
      type: string
      enum: [Common Name, Distinguished Name]
      description: The source to use for the group name. Options are either `Common Name` or `Distinguished Name`.
    EnumPropagationStoreTypeSCIMUniqueUserIdentifier:
      type: string
      enum: [userName, workEmail]
      description: Specifies the unique user identifier to use. Options are either `userName` or `workEmail`.
    EnumPropagationStoreTypeSlackUniqueUserIdentifier:
      type: string
      enum: [primaryEmail, userName]
      description: The unique user identifier, must be either `primaryEmail` or `userName`.
    EnumPropagationStoreTypeZoomAuthenticationMethod:
      type: string
      enum: [JWT Bearer Token, OAuth Bearer Token]
      description: Account authentication method. Case sensitive. Can be JWT Bearer Token or OAuth Bearer Token. Defaults to JWT Bearer Token.
      default: JWT Bearer Token
    EnumRegionCode:
      type: string
      enum: [AP, AU, CA, EU, NA]
      description: A string that specifies the environment region code. The value is set when the environment is created and cannot be updated.
    EnumRegionCodeLicense:
      type: string
      enum: [AP, CA, EU, NORTH_AMERICA]
    EnumResourceAttributeType:
      type: string
      enum: [CORE, CUSTOM, PREDEFINED]
      description: |
        A string that specifies the type of resource attribute. Options are:
        CORE: The claim is required and cannot not be removed.
        CUSTOM: The claim is not a CORE attribute. All created attributes are of this type.
        PREDEFINED: A designation for predefined OIDC resource attributes such as given_name. These attributes cannot be removed; however, they can be modified.
    EnumResourceApplicationResourceType:
      type: string
      enum: [PING_ONE_RESOURCE]
      description: The application resource's parent type. Options are `PING_ONE_RESOURCE`.
    EnumResourceIntrospectEndpointAuthMethod:
      type: string
      enum: [NONE, CLIENT_SECRET_BASIC, CLIENT_SECRET_POST]
      description: The client authentication methods supported by the token endpoint. Options are `NONE`, `CLIENT_SECRET_BASIC`, and `CLIENT_SECRET_POST`.
    EnumResourceType:
      type: string
      enum: [OPENID_CONNECT, PINGONE_API, CUSTOM]
      description: A string that specifies the type of resource. Options are `OPENID_CONNECT`, `PINGONE_API`, and `CUSTOM`. Only the `CUSTOM` resource type can be created. `OPENID_CONNECT` specifies the built-in platform resource for OpenID Connect. `PINGONE_API` specifies the built-in platform resource for PingOne.
    EnumRoleName:
      type: string
      description: The name of the role
      enum: [
        "Application Owner",
        "Client Application Developer",
        "Configuration Read Only",
        "DaVinci Admin Read Only",
        "DaVinci Admin",
        "Environment Admin",
        "Identity Data Admin",
        "Identity Data Read Only",
        "Organization Admin",
        "PingFederate Administrator",
        "PingFederate Auditor",
        "PingFederate Crypto Administrator",
        "PingFederate Expression Administrator",
        "PingFederate User Administrator"
      ]
    EnumRoleAssignmentScopeType:
      type: string
      enum: [ORGANIZATION, ENVIRONMENT, POPULATION, APPLICATION]
      description: A string that specifies the type of resource defining the scope of the Role assignment.
    EnumSchemaAttributeSchemaType:
      type: string
      enum: [ CORE, STANDARD, CUSTOM ]
      description: A string that specifies the schema type of the attribute. It may be one of CORE, STANDARD or CUSTOM. Core and standard attributes are present out-of-the-box. Core attributes may not be updated or deleted. Standard attributes may not be deleted, but their mutable properties may be updated. Custom attributes may be deleted, and their mutable properties may be updated. New attributes are created with a schema type of CUSTOM.
    EnumSchemaAttributeType:
      type: string
      enum: [ STRING, JSON, BOOLEAN, COMPLEX ]
      description: A string that specifies the the type of the attribute. It may be one of STRING, JSON, BOOLEAN, or COMPLEX. If the type is not provided during creation, then it defaults to STRING. Complex and boolean attributes may not be created, but standard attributes of those types may be updated. JSON attributes are limited by size (total size must not exceed 16KB).
      default: STRING
    EnumSignOnPolicyExtraVerification:
      type: string
      enum: [disabled, permissive, restrictive]
      default: disabled
      description: |
        Specifies the level of further verification when deviceAuthorization is enabled. The PingOne platform performs an extra verification check by sending a silent push notification to the customer native application, and receives a confirmation in return.  `extraVerification` can be one of the following levels:
        `disabled` (default): The PingOne platform does not perform the extra verification check.
        `permissive`: The PingOne platform performs the extra verification check. Upon timeout or failure to get a response from the native app, the MFA step is treated as successfully completed.
        `restrictive`: The PingOne platform performs the extra verification check.The PingOne platform performs the extra verification check. Upon timeout or failure to get a response from the native app, the MFA step is treated as failed.
    EnumSignOnPolicyNoDeviceMode:
      type: string
      enum: [BYPASS, BLOCK]
      description: A string that specifies the device mode for the MFA flow. Options are `BYPASS` to allow MFA without a specified device, or `BLOCK` to block the MFA flow if no device is specified. To use this configuration option, the authorize request must include a signed `login_hint_token` property. For more information, see Authorize (Browserless and MFA Only Flows)
    EnumSignOnPolicyType:
      type: string
      description: A string that specifies the type of action. Options are `LOGIN`, `MULTI_FACTOR_AUTHENTICATION`, `IDENTIFIER_FIRST`, `IDENTITY_PROVIDER` `AGREEMENT` and `PROGRESSIVE_PROFILING`.  Workforce environments also include `PINGID_WINLOGIN_PASSWORDLESS_AUTHENTICATION` and `PINGID_AUTHENTICATION`
      enum: [LOGIN, MULTI_FACTOR_AUTHENTICATION, IDENTIFIER_FIRST, IDENTITY_PROVIDER, PROGRESSIVE_PROFILING, AGREEMENT, PINGID_WINLOGIN_PASSWORDLESS_AUTHENTICATION, PINGID_AUTHENTICATION]
    EnumSignOnPolicyActionLoginNewUserProvisioningGatewayType:
      type: string
      enum: [LDAP]
      description: A string identifying the type of gateway. Currently, only `LDAP` is supported.
    EnumSolutionType:
      type: string
      enum: [WORKFORCE, CUSTOMER, CIAM_TRIAL, WF_TRIAL]
      description: |
        The solution type selected when creating the environment. Ignored on PUT operations. The following values are supported:
        `CIAM_TRIAL`. The Customer trial experience. Indicates the Customer solution type, and the Solution Designer was selected.
        `WF_TRIAL`. The Workforce trial experience. Indicates the Workforce solution type, and the Solution Designer was selected.
        `CUSTOMER`. Indicates the Customer solution type was selected. This solution type uses PingOne MFA, rather than PingID.
        `WORKFORCE`. Indicates the Workforce solution type was selected. This solution type uses PingID, rather than PingOne MFA.
    EnumSubscriptionFilterIncludedTags:
      type: string
      enum: [adminIdentityEvent]
      description: A tags that events must have to be monitored by a subscription. Currently, the available tags are `adminIdentityEvent`. Identifies the event as the action of an administrator on other administrators.
    EnumSubscriptionFormat:
      type: string
      enum: [ACTIVITY, SPLUNK, NEWRELIC]
      description: A string that specifies one of the supported subscription formats. Options are ACTIVITY, SPLUNK, and NEWRELIC. This is a required property.
    EnumTemplateContentDeliveryMethod:
      type: string
      enum: [Email, SMS, Voice, Push]
      description: The content's delivery method. Possible values are `Email`, `SMS`, `Voice` or `Push`. Cannot be changed after it is initially set in `POST /environments/{{envID}}/templates/{{templateName}}/contents`.
    EnumTemplateContentPushCategory:
      type: string
      enum: [BANNER_BUTTONS, WITHOUT_BANNER_BUTTONS, APPROVE_AND_OPEN_APP]
      description: |
        For Push content, you can specify what type of banner should be displayed to the user. The available options are:
        * `BANNER_BUTTONS` - the banner contains both Approve and Deny buttons
        * `WITHOUT_BANNER_BUTTONS` - when the user clicks the banner, they are taken to an application that contains the necessary approval controls.
        * `APPROVE_AND_OPEN_APP` - when the Approve button is clicked, authentication is completed and the user is taken to the relevant application.

        If this parameter is not provided, the default is `BANNER_BUTTONS`. Note that to use the non-default push banners, you must implement them in your application code, using the PingOne SDK. For details, see the [README for iOS](https://github.com/pingidentity/pingone-mobile-sdk-ios/#171-push-notifications-categories) and the [README for Android](https://github.com/pingidentity/pingone-mobile-sdk-android).
      default: BANNER_BUTTONS
    EnumTemplateName:
      type: string
      enum: [credential_issued,credential_revoked,credential_updated,credential_verification, device_pairing,digital_wallet_pairing,email_verification_admin,email_verification_user,email_phone_verification,general,id_verification,new_device_paired,recovery_code_template, strong_authentication, transaction, verification_code_template]
      description: The name of the template
    EnumTrustedEmailStatus:
      type: string
      enum: [ACTIVE, VERIFICATION_REQUIRED]
      description: A string that specifies the status of the trusted email address.
      readOnly: true
    EnumEnabledStatus:
      type: string
      enum: [ENABLED, DISABLED]
      description: A string that specifies whether device integrity detection takes place on mobile devices, for the application's enrollment and authentication events ENABLED, DISABLED
    EnumDurationUnitMinsHours:
      type: string
      enum: [MINUTES, HOURS]
    EnumUpdateStatus:
      type: string
      description: >-
        An enumeration that specifies one of the following values:
        AT_LATEST: The gateway instance's version is at or after the supported version marked latest.
        UPGRADE_AVAILABLE: The gateway instance's version is at the supported version that is marked recommended but there is a later supported version marked recommended.
        UPGRADE_RECOMMENDED: The gateway instance's version is at a known version but the version is not marked as recommended or latest. The version has greater than 30 days support.
        UPGRADE_REQUIRED: The gateway instance's version is at a known version but the version is not marked as recommended or latest. The version has support ending within the next month.
        NOT_SUPPORTED: The gateway instance's version is not known or supported.
      enum: [AT_LATEST, UPGRADE_AVAILABLE, UPGRADE_RECOMMENDED, UPGRADE_REQUIRED, NOT_SUPPORTED]
    EnumUserLifecycleStatus:
      type: string
      enum: [ACCOUNT_OK, VERIFICATION_REQUIRED]
      description: A string that specifies information about the account lifecycle. Options for status are `ACCOUNT_OK` and `VERIFICATION_REQUIRED`. This property value is only allowed to be set when importing a user to set the initial account status. If the initial status is set to `VERIFICATION_REQUIRED` and an email address is provided, a verification email is sent.
    EnumUserAccountContentTypeHeader:
      type: string
      enum: [application/vnd.pingidentity.account.unlock+json, application/vnd.pingidentity.account.lock+json]
    EnumGroupMembershipType:
      type: string
      enum: [DIRECT, INDIRECT]
      description: A string that defines the relationship of group membership
    EnumUserGroupAssignmentExpandParameter:
      type: string
      enum: [group]
      description: When this parameter is appended to the request, the results are expanded to include additional information about each group.
    EnumUserRequestInclude:
      type: string
      enum: [memberOfGroupIDs, memberOfGroupNames]
    EnumUserStatus:
      type: string
      enum: [LOCKED, OK]
      description: A string that specifies the account locked state.
    EnumUserVerifyStatus:
      type: string
      enum: [NOT_INITIATED, ENABLED, DISABLED]
      description: Indicates whether ID verification can be done for the user. This value can be NOT_INITIATED (the initial value), ENABLED, or DISABLED. If the user verification status is DISABLED, a new verification status cannot be created for that user until the status is changed to ENABLED.
    AdministratorSecurity:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        allowedMethods:
          $ref: '#/components/schemas/EnumAdministratorSecurityAllowedMethods'
        authenticationMethod:
          $ref: '#/components/schemas/EnumAdministratorSecurityAuthenticationMethod'
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was created.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        mfaStatus:
          $ref: '#/components/schemas/EnumAdministratorSecurityMfaStatus'
        policy:
          type: object
          readOnly: true
          properties:
            id:
              type: string
              readOnly: true
              description: The admin sign-on policy ID.
        provider:
          type: object
          properties:
            id:
              type: string
              description: The UUID of the external IdP, if applicable.
          required:
            - id
        recovery:
          type: boolean
          description: Indicates whether to allow account recovery within the admin policy.
        updatedAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was last updated.
      required:
        - authenticationMethod
        - recovery
    Agreement:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        consentsAggregatedAt:
          type: string
          format: date-time
          description: The time the consent count metric was last updated. This value is typically updated once every 24 hours.
          readOnly: true
        description:
          type: string
          description: A string that specifies the description of the agreement.
        enabled:
          type: boolean
          description: A boolean that specifies the current enabled state of the agreement. This is a required property. The agreement must support the default language to be enabled. It cannot be disabled if it is referenced by a sign-on action. When an agreement is disabled, it is not used anywhere it is configured across PingOne.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        totalExpiredConsents:
          type: integer
          description: An integer that identifies the number of users who have consented to the agreement, but their consent has expired. This value is last calculated at the consentCountsUpdatedAt time.
          readOnly: true
        id:
          type: string
          description: A string that specifies the agreement ID.
          readOnly: true
        name:
          type: string
          description: A string that specifies the name of the agreement resource. This is a required property.
        reconsentPeriodDays:
          type: number
          format: float
          description: A number that represents the number of days until a consent to this agreement expires.
        totalConsents:
          type: integer
          description: An integer that identifies the total number of users who have consented to the agreement. This value is last calculated at the consentCountsUpdatedAt time.
          readOnly: true
      required:
        - enabled
        - name
    AgreementLanguage:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        agreement:
          type: object
          properties:
            id:
              type: string
              description: A read-only string of the ID for the agreement resource for this revision.
          readOnly: true
        currentRevision:
          type: object
          properties:
            id:
              type: string
              description: A relationship that specifies the current revision associated with this language resource. The current revision is the one shown to users for new consents in the language.
          readOnly: true
        displayName:
          type: string
          description: A string that is used as the title of the agreement for the language presented to the user. This is a required property.
        enabled:
          type: boolean
          description: A boolean that maps directly with a language being enabled or displayed for the environment within the platform. This is a required property.
        id:
          type: string
          description: A string that specifies the language ID.
          readOnly: true
        locale:
          type: string
          description: A string that specifies the tag for identifying the language resource associated with this agreement consent (for example, en-US). This is a required property. For more information about language tags, see Tags for Identifying Languages.
        userExperience:
          type: object
          properties:
            acceptCheckboxText:
              type: string
              description: A string that specifies the text next to the "accept" checkbox in the end user interface. Accepted character are unicode letters, combining marks, numeric characters, whitespace, and punctuation characters (regex `^[\p{L}\p{M}\p{N}\p{Zs}\p{P}]+$`).
              pattern: '^[\p{L}\p{M}\p{N}\p{Zs}\p{P}]+$'
            continueButtonText:
              type: string
              description: A string that specifies the text of the "continue" button in the end user interface. Accepted character are unicode letters, combining marks, numeric characters, whitespace, and punctuation characters (regex `^[\p{L}\p{M}\p{N}\p{Zs}\p{P}]+$`).
              pattern: '^[\p{L}\p{M}\p{N}\p{Zs}\p{P}]+$'
            declineButtonText:
              type: string
              description: A string that specifies the text of the "decline" button in the end user interface. Accepted character are unicode letters, combining marks, numeric characters, whitespace, and punctuation characters (regex `^[\p{L}\p{M}\p{N}\p{Zs}\p{P}]+$`).
              pattern: '^[\p{L}\p{M}\p{N}\p{Zs}\p{P}]+$'
      required:
        - displayName
        - enabled
        - locale
    AgreementLanguageRevision:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        agreement:
          type: object
          properties:
            id:
              type: string
              description: A read-only string of the ID for the agreement resource for this revision.
          readOnly: true
        contentType:
          $ref: '#/components/schemas/EnumAgreementRevisionContentType'
        effectiveAt:
          type: string
          format: date-time
          description: A date that specifies the start date that the revision is presented to users. This property value can be modified only if the current value is a date that has not already passed. The effective date must be unique for each language agreement, and the property value can be the present date or a future date only.
        id:
          type: string
          description: A read-only string that specifies the revision ID.
          readOnly: true
        language:
          type: object
          properties:
            id:
              type: string
              description: A relationship that specifies the language resource associated with this revision.
          readOnly: true
        notValidAfter:
          type: string
          format: date-time
          description: A date that specifies whether the revision is still valid in the context of all revisions for a language. This property is calculated dynamically at read time, taking into consideration the agreement language, the language enabled property, and the agreement enabled property. When a new revision is added, the notValidAfter property values for all other previous revisions might be impacted. For example, if a new revision becomes effective and it forces reconsent, then all older revisions are no longer valid.
          readOnly: true
        requireReconsent:
          type: boolean
          description: A boolean that specifies whether the user is required to provide consent to the language revision after it becomes effective.
        text:
          type: string
          description: An immutable string that specifies text or HTML for the revision. This attribute is supported in POST requests only. For more information, see contentType.
      required:
        - contentType
        - effectiveAt
        - requireReconsent
        - text
    AgreementRevisionText:
      type: object
      properties:
        resourcePath:
          type: string
        data:
          type: string
        dataType:
          type: string
    AlertChannel:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          description: Unique ID of the alert channel.
          readOnly: true
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        alertName:
          type: string
          description: The name to assign to the alert channel.
        channelType:
          $ref: '#/components/schemas/EnumAlertChannelType'
        addresses:
          type: array
          description: The email addresses to send the alert to.
          items:
            type: string
            format: email
        includeSeverities:
          type: array
          description: Filters alerts by severity. If empty, all severities are included. Possible values are `INFO`, `WARNING`, and `ERROR``.
          items:
            $ref: '#/components/schemas/EnumAlertChannelSeverity'
        includeAlertTypes:
          type: array
          description: Filters alerts by alert type. If empty, all alert types are included. Possible values are CERTIFICATE_EXPIRED, CERTIFICATE_EXPIRING, KEY_PAIR_EXPIRED, GATEWAY_VERSION_DEPRECATED, KEY_PAIR_EXPIRING, and GATEWAY_VERSION_DEPRECATING.
          items:
            $ref: '#/components/schemas/EnumAlertChannelAlertType'
        excludeAlertTypes:
          type: array
          description: Administrators will not be emailed alerts of these types. If empty, no alert types are excluded. Possible values are CERTIFICATE_EXPIRED, CERTIFICATE_EXPIRING, KEY_PAIR_EXPIRED, GATEWAY_VERSION_DEPRECATED, KEY_PAIR_EXPIRING, and GATEWAY_VERSION_DEPRECATING.
          items:
            $ref: '#/components/schemas/EnumAlertChannelAlertType'
      required:
        - channelType
        - addresses
    Application:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        accessControl:
          type: object
          properties:
            role:
              type: object
              properties:
                type:
                  $ref: '#/components/schemas/EnumApplicationAccessControlType'
              required:
                - type
            group:
              type: object
              properties:
                type:
                  $ref: '#/components/schemas/EnumApplicationAccessControlGroupType'
                groups:
                  type: array
                  description: A set that specifies the group IDs for the groups the actor must belong to for access to the application.
                  items:
                    type: object
                    properties:
                      id:
                        type: string
                    required:
                      - id
              required:
                - type
                - groups
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was created.
        description:
          type: string
          description: A string that specifies the description of the application.
        enabled:
          type: boolean
          description: A string that specifies the current enabled state of the application. Options are ENABLED or DISABLED.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        hiddenFromAppPortal:
          type: boolean
          description: A boolean to specify whether the application is hidden in the application portal despite the configured group access policy.
        icon:
          type: object
          description: The HREF and the ID for the application icon.
          properties:
            id:
              type: string
            href:
              type: string
          required:
            - id
            - href
        id:
          type: string
          readOnly: true
          description: A string that specifies the application ID.
        loginPageUrl:
          type: string
          description: A string that specifies the custom login page URL for the application. If you set the loginPageUrl property for applications in an environment that sets a custom domain, the URL should include the top-level domain and at least one additional domain level. Warning To avoid issues with third-party cookies in some browsers, a custom domain must be used, giving your PingOne environment the same parent domain as your authentication application. For more information about custom domains, see Custom domains.
        name:
          type: string
          description: A string that specifies the name of the application. This is a required property.
        protocol:
          $ref: '#/components/schemas/EnumApplicationProtocol'
        type:
          $ref: '#/components/schemas/EnumApplicationType'
        updatedAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was last updated.
      required:
        - enabled
        - name
        - type
        - protocol
    ApplicationCorsSettings:
      type: object
      description: Allows customization of how the Authorization and Authentication APIs interact with CORS requests that reference the application.  If omitted, the application allows CORS requests from any origin except for operations that expose sensitive information (e.g. `/as/authorize` and `/as/token`).  This is legacy behavior, and it is recommended that applications migrate to include specific `corsSettings`.
      properties:
        behavior:
          $ref: '#/components/schemas/EnumApplicationCorsSettingsBehavior'
        origins:
          type: array
          description: Must be non-empty when `corsSettings.behavior` is `ALLOW_SPECIFIC_ORIGINS` and must be omitted or empty when `corsSettings.behavior` is `ALLOW_NO_ORIGINS`.  Limited to 20 values.  Values are the origins from which CORS requests to the Authorization and Authentication APIs are allowed.  Each value is an `http` or `https` URL without a path.  The host may be a domain name (including `localhost`), or an IPv4 address.  Subdomains may use the wildcard (*) to match any string.
          maxItems: 20
          items:
            type: string
      required:
        - behavior
    ApplicationExternalLink:
      allOf:
        - $ref: '#/components/schemas/Application'
        - type: object
          properties:
            homePageUrl:
              type: string
              description: A string that specifies the custom home page URL for the application.
          required:
            - homePageUrl
    ApplicationSAML:
      allOf:
        - $ref: '#/components/schemas/Application'
        - type: object
          properties:
            homePageUrl:
              type: string
              description: A string that specifies the custom home page URL for the application.
            acsUrls:
              type: array
              description: A string that specifies the Assertion Consumer Service URLs. The first URL in the list is used as default (there must be at least one URL). This is a required property.
              items:
                type: string
            assertionDuration:
              type: integer
              description: An integer that specifies the assertion validity duration in seconds. This is a required property.
            assertionSigned:
              type: boolean
              description: A boolean that specifies whether the SAML assertion itself should be signed. The default value is `true`.
              default: true
            corsSettings:
              $ref: '#/components/schemas/ApplicationCorsSettings'
            defaultTargetUrl:
              type: string
              description: This is used as the RelayState parameter by the IdP to deep link into the application after authentication. This value can be overridden by the applicationUrl query parameter for GET Identity Provider Initiated SSO. Although both of these parameters are generally URLs, because they are used as deep links, this is not enforced. If neither defaultTargetUrl nor applicationUrl is specified during a SAML authentication flow, no RelayState value is supplied to the application. The defaultTargetUrl (or the applicationUrl) value is passed to the SAML application's ACS URL as a separate RelayState key value (not within the SAMLResponse key value).
            enableRequestedAuthnContext:
              type: boolean
              description: Indicates whether `requestedAuthnContext` is taken into account in policy decision-making during authentication.
            idpSigning:
              type: object
              properties:
                key:
                  type: object
                  properties:
                    id:
                      type: string
                      description: A string that specifies the certificate to be used by the identity provider to sign assertions and responses. If this property is omitted, the default signing certificate for the environment is used.
                  required:
                    - id
                algorithm:
                  $ref: '#/components/schemas/EnumCertificateKeySignagureAlgorithm'
              required:
                - key
            nameIdFormat:
              type: string
              description: A string that specifies the format of the Subject NameID attibute in the SAML assertion
            responseSigned:
              type: boolean
              description: A boolean that specifies whether the SAML assertion response itself should be signed. The default value is `false`.
              default: false
            sessionNotOnOrAfterDuration:
              type: integer
              description: Update this value if the SAML application requires a different `SessionNotOnOrAfter` attribute value within the `AuthnStatement` element than the `NotOnOrAfter` value set by the `assertionDuration` property.
            sloBinding:
              $ref: '#/components/schemas/EnumApplicationSAMLSloBinding'
            sloEndpoint:
              type: string
              description: A string that specifies the logout endpoint URL. This is an optional property. However, if a sloEndpoint logout endpoint URL is not defined, logout actions result in an error.
            sloResponseEndpoint:
              type: string
              description: A string that specifies the endpoint URL to submit the logout response. If a value is not provided, the sloEndpoint property value is used to submit SLO response.
            sloWindow:
              type: integer
              description: Defines how long PingOne can exchange logout messages with the application, specifically a `LogoutRequest` from the application, since the initial request. PingOne can also send a `LogoutRequest` to the application when a single logout is initiated by the user from other session participants, such as an application or identity provider. This setting is per application. The SLO logout is separate from the user session logout that revokes all tokens.
            spEncryption:
              type: object
              description: Enables PingOne to encrypt SAML assertions to be sent to the application. Assertions are not encrypted by default.
              properties:
                algorithm:
                  $ref: '#/components/schemas/EnumCertificateKeyEncryptionAlgorithm'
                certificate:
                  type: object
                  description: Contains the ID of the encryption public certificate that has been uploaded to PingOne.
                  properties:
                    id:
                      type: string
                      description: Specify the unique identifier of the encryption public certificate that has been uploaded to PingOne.
                  required:
                    - id
              required:
                - algorithm
                - certificate
            spEntityId:
              type: string
              description: A string that specifies the service provider entity ID used to lookup the application. This is a required property and is unique within the environment.
            spVerification:
              type: object
              properties:
                authnRequestSigned:
                  type: boolean
                  description: Whether the Authn Request signing should be enforced. Default is `false`.
                  default: false
                certificates:
                  type: array
                  items:
                    type: object
                    properties:
                      id:
                        type: string
                        description: An array that specifies the certificate IDs used to verify the service provider signature.
                    required:
                      - id
              required:
                - certificates
            template:
              $ref: '#/components/schemas/ApplicationTemplate'
          required:
            - spEntityId
            - acsUrls
            - assertionDuration
    ApplicationOIDC:
      allOf:
        - $ref: '#/components/schemas/Application'
        - type: object
          properties:
            additionalRefreshTokenReplayProtectionEnabled:
              type: boolean
              description: When set to `true` (the default), if you attempt to reuse the refresh token, the authorization server immediately revokes the reused refresh token, as well as all descendant tokens. Setting this to null equates to a `false` setting.
              default: true
            allowWildcardInRedirectUris:
              type: boolean
              description: A boolean to specify whether wildcards are allowed in redirect URIs. For more information, see [Wildcards in Redirect URIs](https://docs.pingidentity.com/csh?context=p1_c_wildcard_redirect_uri).
            assignActorRoles:
              type: boolean
              description: A boolean that specifies whether the permissions service should assign default roles to the application. This property is set only on the POST request. The property is ignored when included in a PUT request.
            corsSettings:
              $ref: '#/components/schemas/ApplicationCorsSettings'
            devicePathId:
              type: string
              description: A string that specifies a unique identifier within an environment for a device authorization grant flow to provide a short identifier to the application. This property is ignored when the `deviceCustomVerificationUri` property is configured. The string can contain any letters, numbers, and some special characters (regex `a-zA-Z0-9_-`). It can have a length of no more than 50 characters (`min`/`max`=`1`/`50`).
              pattern: '^[a-zA-Z0-9_-]{1,50}$'
            deviceCustomVerificationUri:
              type: string
              description: A string that specifies an optional custom verification URI that is returned for the `/device_authorization` endpoint.
            deviceTimeout:
              type: integer
              description: An integer that specifies the length of time (in seconds) that the `userCode` and `deviceCode` returned by the `/device_authorization` endpoint are valid. This property is required only for applications in which the `grantTypes` property is set to `device_code`. The default value is `600` seconds. It can have a value of no more than `3600` seconds (`min`/`max`=`1`/`3600`).
              default: 600
              minimum: 1
              maximum: 3600
            devicePollingInterval:
              type: integer
              description: An integer that specifies the frequency (in seconds) for the client to poll the `/as/token` endpoint. This property is required only for applications in which the `grantTypes` property is set to `device_code`. The default value is `5` seconds. It can have a value of no more than `60` seconds (`min`/`max`=`1`/`60`).
              default: 5
              minimum: 1
              maximum: 60
            jwks:
              type: string
              description: A JWKS string that validates the signature of signed JWTs for applications that use the `PRIVATE_KEY_JWT` option for the `tokenEndpointAuthMethod`. This property is required when `tokenEndpointAuthMethod` is `PRIVATE_KEY_JWT` and the `jwksUrl` property is empty. For more information, see [Create a private_key_jwt JWKS string](https://apidocs.pingidentity.com/pingone/platform/v1/api/#create-a-private_key_jwt-jwks-string). This property is also required if the optional `request` property JWT on the authorize endpoint is signed using the RS256 (or RS384, RS512) signing algorithm and the `jwksUrl` property is empty. For more infornmation about signing the request property JWT, see [Create a request property JWT](https://apidocs.pingidentity.com/pingone/platform/v1/api/#create-a-request-property-jwt).
            jwksUrl:
              type: string
              description: A URL (supports `https://` only) that provides access to a JWKS string that validates the signature of signed JWTs for applications that use the `PRIVATE_KEY_JWT` option for the `tokenEndpointAuthMethod`. This property is required when `tokenEndpointAuthMethod` is `PRIVATE_KEY_JWT` and the `jwks` property is empty. For more information, see [Create a private_key_jwt JWKS string](https://apidocs.pingidentity.com/pingone/platform/v1/api/#create-a-private_key_jwt-jwks-string). This property is also required if the optional `request` property JWT on the authorize endpoint is signed using the RS256 (or RS384, RS512) signing algorithm and the `jwks` property is empty. For more infornmation about signing the request property JWT, see [Create a request property JWT](https://apidocs.pingidentity.com/pingone/platform/v1/api/#create-a-request-property-jwt).
            mobile:
              type: object
              properties:
                bundleId:
                  type: string
                  description: A string that specifies the bundle associated with the application, for push notifications in native apps. The value of the bundleId property is unique per environment, and once defined, is immutable.  this setting overrides the top-level bundleId field
                packageName:
                  type: string
                  description: A string that specifies the package name associated with the application, for push notifications in native apps. The value of the mobile.packageName property is unique per environment, and once defined, is immutable.  this setting overrides the top-level packageName field.
                huaweiAppId:
                  type: string
                  description: The unique identifier for the app on the device and in the Huawei Mobile Service AppGallery. The value of the `huaweiAppId` property is unique per environment, and once defined, is immutable. Used only for applications for the Huawei ecosystem.
                huaweiPackageName:
                  type: string
                  description: The package name associated with the application, for push notifications in native apps. The value of the `huaweiPackageName` property is unique per environment, and once defined, is immutable. Used only for applications for the Huawei ecosystem.
                passcodeRefreshDuration:
                  type: object
                  properties:
                    duration:
                      type: integer
                      description: The amount of time a passcode should be displayed before being replaced with a new passcode - must be between 30 and 60.
                      default: 30
                      minimum: 30
                      maximum: 60
                    timeUnit:
                      $ref: '#/components/schemas/EnumPasscodeRefreshTimeUnit'
                  required:
                    - duration
                    - timeUnit
                integrityDetection:
                  type: object
                  properties:
                    excludedPlatforms:
                      type: array
                      description: You can enable device integrity checking separately for Android and iOS by setting `mobile.integrityDetection.mode` to `ENABLED` and then using `mobile.integrityDetection.excludedPlatforms` to specify the OS where you do not want to use device integrity checking. The values to use are `GOOGLE` and `IOS` (all upper case). Note that this is implemented as an array even though currently you can only include a single value.  If `GOOGLE` is not included as a value, `googlePlay` is required to be set.
                      maxItems: 1
                      items:
                        $ref: '#/components/schemas/EnumMobileIntegrityDetectionPlatform'
                    mode:
                      $ref: '#/components/schemas/EnumEnabledStatus'
                      description: A string that specifies whether device integrity detection takes place on mobile devices, for the application's enrollment and authentication events ENABLED, DISABLED
                    cacheDuration:
                      type: object
                      properties:
                        amount:
                          type: integer
                          description: An integer that specifies the number of minutes or hours that specify the duration between successful integrity detection calls. Every attestation request entails a certain time tradeoff. You can choose to cache successful integrity detection calls for a predefined duration, between a minimum of 1 minute and a maximum of 48 hours. If mobile.integrityDetection.mode is ENABLED, the cache duration must be set.
                        units:
                          $ref: '#/components/schemas/EnumDurationUnitMinsHours'
                          description: A string that specifies the time units of the mobile.integrityDetection.cacheDuration.amount :MINUTES, HOURS
                    googlePlay:
                      type: object
                      description: Object that contains the credentials required for using Google's Play Integrity API for integrity detection.  Required if `excludedPlatforms` does not contain `GOOGLE`.
                      properties:
                        decryptionKey:
                          type: string
                          format: password
                          description: Play Integrity verdict decryption key from your Google Play Services account. This parameter must be provided if you have set `mobile.integrityDetection.googlePlay.verificationType` to `INTERNAL`.
                        serviceAccountCredentials:
                          type: string
                          format: password
                          description: Contents of the JSON file that represents your Service Account Credentials. This parameter must be provided if you have set `mobile.integrityDetection.googlePlay.verificationType` to `GOOGLE`.
                        verificationKey:
                          type: string
                          format: password
                          description: Play Integrity verdict signature verification key from your Google Play Services account. This parameter must be provided if you have set `mobile.integrityDetection.googlePlay.verificationType` to `INTERNAL`.
                        verificationType:
                          $ref: '#/components/schemas/EnumApplicationNativeGooglePlayVerificationType'
                uriPrefix:
                  type: string
                  description: A string that specifies a URI prefix that enables direct triggering of the mobile application when scanning a QR code. The URI prefix can be set to a universal link with a valid value (which can be a URL address that starts with `HTTP://` or `HTTPS://`, such as `https://www.acme.com`), or an app schema, which is just a string and requires no special validation.
            bundleId:
              type: string
              deprecated: true
              description: |
                **Deprecation Notice** This field is deprecated and will be removed in a future release. Use `mobile.bundleId` instead.  A string that specifies the bundle associated with the application, for push notifications in native apps. The value of the bundleId property is unique per environment, and once defined, is immutable.
            packageName:
              type: string
              deprecated: true
              description: |
                **Deprecation Notice** This field is deprecated and will be removed in a future release. Use `mobile.packageName` instead.  A string that specifies the package name associated with the application, for push notifications in native apps. The value of the mobile.packageName property is unique per environment, and once defined, is immutable.
            kerberos:
              type: object
              description: Object containing Kerberos settings
              properties:
                key:
                  type: object
                  description: A Relationship object containing the certificate issuer (root CA).
                  properties:
                    id:
                      type: string
                      description: The unique identifier for the Kerberos key.
                  required:
                    - id
              required:
                - key
            grantTypes:
              type: array
              description: A string that specifies the grant type for the authorization request. This is a required property. Options are AUTHORIZATION_CODE, IMPLICIT, REFRESH_TOKEN, CLIENT_CREDENTIALS.
              items:
                $ref: '#/components/schemas/EnumApplicationOIDCGrantType'
            homePageUrl:
              type: string
              description: A string that specifies the custom home page URL for the application.
            initiateLoginUri:
              type: string
              description: A string that specifies the URI to use for third-parties to begin the sign-on process for the application. If specified, PingOne redirects users to this URI to initiate SSO to PingOne. The application is responsible for implementing the relevant OIDC flow when the initiate login URI is requested. This property is required if you want the application to appear in the PingOne Application Portal. See the OIDC specification section of [Initiating Login from a Third Party](https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin) for more information.
            pkceEnforcement:
              $ref: '#/components/schemas/EnumApplicationOIDCPKCEOption'
            postLogoutRedirectUris:
              type: array
              description: A string that specifies the URLs that the browser can be redirected to after logout.
              items:
                type: string
            redirectUris:
              type: array
              description: A string that specifies the callback URI for the authentication response.
              items:
                type: string
            refreshTokenDuration:
              type: integer
              description: An integer that specifies the lifetime in seconds of the refresh token. If a value is not provided, the default value is 2592000, or 30 days. Valid values are between 60 and 2147483647. If the `refreshTokenRollingDuration` property is specified for the application, then this property must be less than or equal to the value of `refreshTokenRollingDuration`. After this property is set, the value cannot be nullified. This value is used to generate the value for the exp claim when minting a new refresh token.
              maximum: 2147483647
              minimum: 60
              default: 2592000
            refreshTokenRollingDuration:
              type: integer
              description: An integer that specifies the number of seconds a refresh token can be exchanged before re-authentication is required. If a value is not provided, the refresh token is valid forever. Valid values are between 60 and 2147483647. After this property is set, the value cannot be nullified. This value is used to generate the value for the exp claim when minting a new refresh token.
              maximum: 2147483647
            refreshTokenRollingGracePeriodDuration:
              type: integer
              description: The number of seconds that a refresh token may be reused after having been exchanged for a new set of tokens. This is useful in the case of network errors on the client. Valid values are between 0 and 86400 seconds. Null is treated the same as 0.
              maximum: 86400
            responseTypes:
              type: array
              description: The code or token type returned by an authorization request. Options are `TOKEN`, `ID_TOKEN`, and `CODE`. For hybrid flows that specify `CODE` with `TOKEN` or `ID_TOKEN`, see [Hybrid grant type](https://apidocs.pingidentity.com/pingone/main/v1/api/#hybrid-grant-type).
              items:
                $ref: '#/components/schemas/EnumApplicationOIDCResponseType'
            requireSignedRequestObject:
              type: boolean
              description: Indicates that the Java Web Token (JWT) for the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter is required to be signed. If `false` or null (default), a signed request object is not required. Both `supportUnsignedRequestObject` and this property cannot be set to `true`.
            supportUnsignedRequestObject:
              type: boolean
              description: A boolean that specifies whether the [request query](https://openid.net/specs/openid-connect-core-1_0.html#RequestObject) parameter JWT is allowed to be unsigned. If false or null (default), an unsigned request object is not allowed.
            tags:
              type: array
              description: An array that specifies the list of labels associated with the application. Options are `PING_FED_CONNECTION_INTEGRATION`.  Only applicable for creating worker applications.
              items:
                $ref: '#/components/schemas/EnumApplicationTags'
            targetLinkUri:
              type: string
              description: The URI for the application. If specified, PingOne will redirect application users to this URI after a user is authenticated. In the PingOne admin console, this becomes the value of the `target_link_uri` parameter used for the Initiate Single Sign-On URL field.
            template:
              $ref: '#/components/schemas/ApplicationTemplate'
            tokenEndpointAuthMethod:
              $ref: '#/components/schemas/EnumApplicationOIDCTokenAuthMethod'
            parRequirement:
              $ref: '#/components/schemas/EnumApplicationOIDCPARRequirement'
            parTimeout:
              type: integer
              description: PAR timeout in seconds. Must be between `1` and `600`. The default value is `60`.
              minimum: 1
              maximum: 600
              default: 60
            signing:
              type: object
              description: Configuration for the signing key. If absent, application tokens will be signed and verified by the PingOne default key at runtime. This property only applies to OIDC applications of type `WEB_APP`, `NATIVE_APP`, `SINGLE_PAGE_APP`, and `CUSTOM_APP`.
              properties:
                keyRotationPolicy:
                  type: object
                  description: Contains the Key Rotation Policy (KRP) ID. This property is required if `signing` is set.
                  properties:
                    id:
                      type: string
                      description: Reference to a KRP ID from certificate management. This property is required if `signing` is set.
                  required:
                    - id
              required:
                - keyRotationPolicy
          required:
            - grantTypes
            - tokenEndpointAuthMethod
    ApplicationOIDCInternal:
      allOf:
        - $ref: '#/components/schemas/Application'
        - type: object
          properties:
            pkceEnforcement:
              $ref: '#/components/schemas/EnumApplicationOIDCPKCEOption'
            tokenEndpointAuthMethod:
              $ref: '#/components/schemas/EnumApplicationOIDCTokenAuthMethod'
          required:
            - tokenEndpointAuthMethod
    ApplicationPingOneAdminConsole:
      type: object
      properties:
        pkceEnforcement:
          $ref: '#/components/schemas/EnumApplicationOIDCPKCEOption'
        tokenEndpointAuthMethod:
          $ref: '#/components/schemas/EnumApplicationOIDCTokenAuthMethod'
    ApplicationPingOnePortal:
      allOf:
        - $ref: '#/components/schemas/ApplicationOIDCInternal'
        - type: object
          properties:
            applyDefaultTheme:
              type: boolean
              description: If `true`, applies the default theme to the app portal application.
          required:
            - applyDefaultTheme
    ApplicationPingOneSelfService:
      allOf:
        - $ref: '#/components/schemas/ApplicationOIDCInternal'
        - type: object
          properties:
            enableDefaultThemeFooter:
              type: boolean
              description: If `true`, shows the default theme footer on the self service application. Applies only if `applyDefaultTheme` is also `true`.
            applyDefaultTheme:
              type: boolean
              description: If `true`, applies the default theme to the self service application.
          required:
            - applyDefaultTheme
    ApplicationAttributeMapping:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          readOnly: true
          description: A string that specifies the application ID.
        application:
          type: object
          readOnly: true
          properties:
            id:
              type: string
              description: A string that specifies the application associated with the application mapping resource.
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was created.
        mappingType:
          $ref: '#/components/schemas/EnumAttributeMappingType'
        name:
          type: string
          description: A string that specifies the name of attribute and must be unique within an application. For SAML applications, the samlAssertion.subject name is a reserved case-insensitive name which indicates the mapping to be used for the subject in an assertion. For OpenID Connect applications, the following names are reserved and cannot be used acr, amr, at_hash, aud, auth_time, azp, client_id, exp, iat, iss, jti, nbf, nonce, org, scope, sid, sub  This is a required property.
        required:
          type: boolean
          description: A boolean to specify whether a mapping value is required for this attribute. If true, a value must be set and a non-empty value must be available in the SAML assertion or ID token.
        updatedAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was updated.
        value:
          type: string
          description: A string that specifies the string constants or expression for mapping the attribute path against a specific source. The expression format is ${<source>.<attribute_path>}. The only supported source is user (for example, ${user.id}). This is a required property.
        nameFormat:
          type: string
          description: A URI reference representing the classification of the attribute. Helps the service provider interpret the attribute format.
        idToken:
          type: boolean
          description: Whether the attribute mapping should be available in the ID Token. This property is applicable only when the application's `protocol` property is `OPENID_CONNECT`. If omitted, the default is `true`. Note that the `idToken` and `userInfo` properties cannot both be set to `false`. At least one of these properties must have a value of true.
          default: true
        userInfo:
          type: boolean
          description: Whether the attribute mapping should be available through the `/as/userinfo` endpoint. This property is applicable only when the application's protocol property is `OPENID_CONNECT`. If omitted, the default is `true`. Note that the `idToken` and `userInfo` properties cannot both be set to `false`. At least one of these properties must have a value of `true`.
          default: true
        oidcScopes:
          type: array
          description: OIDC resource scope IDs that this attribute mapping is available for exclusively. This setting overrides any global OIDC resource scopes that contain an attribute mapping with the same name. The list can contain only scope IDs that have been granted for the application through the `/grants` endpoint. A null value is accepted for backwards compatibility. However, an empty set is invalid, and one scope ID is expected. If null, the response includes this mapping in the `openid` scope.
          items:
            type: string
      required:
        - name
        - value
        - required
    ApplicationResourceGrant:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        application:
          type: object
          readOnly: true
          properties:
            id:
              type: string
              readOnly: true
              description: A string that specifies the application resource ID.
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was created.
        id:
          type: string
          readOnly: true
          description: A string that specifies the application resource grant ID.
        resource:
          type: object
          properties:
            id:
              type: string
              description: A string that specifies the ID of the protected resource associated with this grant. This is a required property.
          required:
            - id
        scopes:
          type: array
          items:
            type: object
            properties:
              id:
                type: string
                description: id	A array that specifies the IDs of the scopes associated with this grant. This is a required property.
            required:
              - id
        updatedAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was last updated.
      required:
        - resource
        - scopes
    ApplicationSecret:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        secret:
          type: string
          format: password
          readOnly: true
          description: A string that specifies the application secret ID used to authenticate to the authorization server.
        previous:
          type: object
          properties:
            secret:
              type: string
              format: password
              readOnly: true
              description: A string that specifies the previous application secret. This property is returned in the response if the previous secret is not expired.
            expiresAt:
              type: string
              format: date-time
              description: A timestamp that specifies how long this secret is saved (and can be used) before it expires. Supported time range is 1 minute to 30 days.
            lastUsed:
              type: string
              format: date-time
              readOnly: true
              description: A timestamp that specifies when the previous secret was last used.
          required:
            - expiresAt
    ApplicationTemplate:
      type: object
      properties:
        configuration:
          type: object
          description: Contains a key/value map of the parameters required by the integration in Integration Catalog.
          additionalProperties:
            type: string
        integration:
          type: object
          properties:
            id:
              type: string
              description: The UUID of the integration in Integration Catalog.
          required:
            - id
        version:
          type: object
          properties:
            id:
              type: string
              description: The UUID of the integration version in Integration Catalog.
          required:
            - id
      required:
        - configuration
        - integration
        - version
    ApplicationWSFED:
      allOf:
        - $ref: '#/components/schemas/Application'
        - type: object
          properties:
            audienceRestriction:
              type: string
              description: The service provider ID. Defaults to `urn:federation:MicrosoftOnline`.
              default: urn:federation:MicrosoftOnline
            domainName:
              type: string
              description: The federated domain name (for example, the Azure custom domain).
            corsSettings:
              $ref: '#/components/schemas/ApplicationCorsSettings'
            idpSigning:
              type: object
              description: Contains the information about the signing of requests by the identity provider (IdP).
              properties:
                algorithm:
                  $ref: '#/components/schemas/EnumApplicationWSFEDIDPSigningAlgorithm'
                key:
                  type: object
                  description: The keypair to be used by the IdP to sign requests. If this isn't specified, the default signing certificate for the environment is used.
                  properties:
                    id:
                      type: string
                      description: The ID of the key specified for `idpSigning.key`.
                  required:
                    - id
              required:
                - algorithm
                - key
            kerberos:
              type: object
              description: Contains the Kerberos authentication settings. Set this to null to disable Kerberos authentication.
              properties:
                gateways:
                  type: array
                  description: Contains the gateway properties.
                  items:
                    type: object
                    properties:
                      id:
                        type: string
                        description: The UUID of the LDAP gateway.
                      type:
                        $ref: '#/components/schemas/EnumApplicationWSFEDKerberosGatewayType'
                      userType:
                        type: object
                        properties:
                          id:
                            type: string
                            description: The UUID of a user type in the list of `userTypes` for the LDAP gateway.
                    required:
                      - id
                      - type
                      - userType
            replyUrl:
              type: string
              description: The URL that the replying party (such as, Office365) uses to accept submissions of RequestSecurityTokenResponse messages that are a result of SSO requests.
            sloEndpoint:
              type: string
              description: The single logout endpoint URL.
          required:
            - domainName
            - idpSigning
            - replyUrl
    BillOfMaterials:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        solutionType:
          $ref: '#/components/schemas/EnumSolutionType'
        createdAt:
          type: string
          description: The time the resource was created.
          readOnly: true
        updatedAt:
          type: string
          description: The time the resource was last updated.
          readOnly: true
        products:
          type: array
          description: An array that specifies the products associated with this bill of materials
          items:
            type: object
            properties:
              id:
                type: string
                readOnly: true
                description: A string that specifies the BOM ID
              type:
                $ref: '#/components/schemas/EnumProductType'
              description:
                type: string
                description: A string that specifies the description of the product or standalone service
                readOnly: true
              console:
                type: object
                properties:
                  href:
                    type: string
                    description: Primary console link for certain products
                required:
                  - href
              tags:
                type: array
                items:
                  $ref: '#/components/schemas/EnumBillOfMaterialsProductTags'
              deployment:
                type: object
                properties:
                  id:
                    type: string
                    description: The ID of the PingID deployment
                    readOnly: true
              bookmarks:
                type: array
                description: Optional array of custom bookmarks. Maximum of five bookmarks per product.
                items:
                  type: object
                  properties:
                    name:
                      type: string
                      description: Name of the custom bookmark. The name must be unique among the product bookmarks and be 50 characters or fewer.
                    href:
                      type: string
                      description: A valid URL for the bookmark.
                  required:
                    - name
                    - href
            required:
              - type
      required:
        - products
    BrandingSettings:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          readOnly: true
          description: Specifies the resource’s unique identifier.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        companyName:
          type: string
          description: The company name associated with the specified environment.
        logo:
          type: object
          properties:
            href:
              type: string
              description: The URL or fully qualified path to the logo file used for branding.
            id:
              type: string
              description: The ID of the logo image.
          required:
            - id
            - href
    BrandingTheme:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        configuration:
          type: object
          properties:
            backgroundColor:
              type: string
              description: The background color for the theme. It must be a valid hexadecimal color code, and it is a required property when configuration.backgroundType is set to COLOR.
            backgroundType:
              $ref: '#/components/schemas/EnumBrandingThemeBackgroundType'
            backgroundImage:
              type: object
              properties:
                href:
                  type: string
                  description: The URL or fully qualified path to the background image file used for branding. This is a required property when configuration.backgroundType is set to IMAGE.
                id:
                  type: string
                  description: The ID of the background image.
              required:
                - href
                - id
            bodyTextColor:
              type: string
              description: The body text color for the theme. It must be a valid hexadecimal color code.
            buttonColor:
              type: string
              description: The button color for the theme. It must be a valid hexadecimal color code.
            buttonTextColor:
              type: string
              description: The button text color for the branding theme. It must be a valid hexadecimal color code.
            cardColor:
              type: string
              description: The card color for the branding theme. It must be a valid hexadecimal color code.
            footer:
              type: string
              description: The footer of the branding theme.
            headingTextColor:
              type: string
              description: The heading text color for the branding theme. It must be a valid hexadecimal color code.
            linkTextColor:
              type: string
              description: The hyperlink text color for the branding theme. It must be a valid hexadecimal color code.
            logo:
              type: object
              properties:
                href:
                  type: string
                  description: The URL or fully qualified path to the logo file used for branding. This is a required property when configuration.logoType is set to IMAGE.
                id:
                  type: string
                  description: The ID of the logo image.
              required:
                - href
                - id
            logoType:
              $ref: '#/components/schemas/EnumBrandingLogoType'
            name:
              type: string
              description: The name of the branding theme.
          required:
            - backgroundType
            - logoType
            - buttonColor
            - buttonTextColor
            - linkTextColor
            - cardColor
            - bodyTextColor
            - headingTextColor
        default:
          type: boolean
          description: Specifies whether this theme is the environment's default branding configuration.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        id:
          type: string
          readOnly: true
          description: Specifies the resource’s unique identifier.
        template:
          $ref: '#/components/schemas/EnumBrandingThemeTemplate'
      required:
        - configuration
        - default
        - template
    BrandingThemeDefault:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        default:
          type: boolean
          description: A boolean to specify whether the theme is the default in the environment
      required:
        - default
    Certificate:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        algorithm:
          $ref: '#/components/schemas/EnumCertificateKeyAlgorithm'
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was created.
        default:
          type: boolean
          description: Specifies whether this is the default key for the specified environment.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        expiresAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the key resource expires.
        id:
          type: string
          readOnly: true
          description: Specifies the resource’s unique identifier.
        issuerDN:
          type: string
          description: Specifies the distinguished name of the certificate issuer.
        keyLength:
          type: integer
          description: The key length. For RSA keys, options are `2048`, `3072`, `4096`, and `7680`. For elliptical curve (EC) keys, options are `224`, `256`, `384`, and `521`.
        name:
          type: string
          description: Specifies the resource name.
        organization:
          $ref: '#/components/schemas/ObjectOrganization'
        serialNumber:
          type: integer
          description: Specifies the serial number of the key or certificate.
          format: int64
        signatureAlgorithm:
          $ref: '#/components/schemas/EnumCertificateKeySignagureAlgorithm'
        startsAt:
          type: string
          description: The time the validity period starts.
          format: date-time
          readOnly: true
        status:
          $ref: '#/components/schemas/EnumCertificateKeyStatus'
        subjectDN:
          type: string
          description: Specifies the distinguished name of the subject being secured.
        usageType:
          $ref: '#/components/schemas/EnumCertificateKeyUsageType'
        validityPeriod:
          type: integer
          minimum: 1
          description: Specifies the number of days the key is valid.
        customCRL:
          type: string
          pattern: ^http:\/\/[a-zA-Z0-9.-\/]*$
          description: A URL string of a custom Certificate Revokation List endpoint.  Used for certificates of type `ISSUANCE`.
      required:
        - name
        - algorithm
        - keyLength
        - signatureAlgorithm
        - subjectDN
        - usageType
        - validityPeriod
    CertificateKeyUpdate:
      type: object
      properties:
        default:
          type: boolean
          description: Specifies whether this is the default key for the specified environment.
        usageType:
          $ref: '#/components/schemas/EnumCertificateKeyUsageType'
        issuerDN:
          type: string
          description: Specifies the distinguished name of the certificate issuer.
      required:
        - default
        - usageType
    CustomAdminRole:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        applicableTo:
          type: array
          description: The scope types to which the role can be applied.
          items:
            $ref: '#/components/schemas/EnumCustomAdminRoleApplicableTo'
        canAssign:
          type: array
          description: A relationship that specifies if an actor is assigned the current custom role for a jurisdiction, then the actor can assign any of this set of roles to another actor for the same jurisdiction or sub-jurisdiction. This capability is dreived from the canBeAssignedBy property.
          readOnly: true
          items:
            type: object
            properties:
              id:
                type: string
                description: The unique identifier of the actor.
            required:
              - id
        canBeAssignedBy:
          type: array
          description: A relationship that determines whether a user assigned to one of this set of roles for a jurisdiction can assign the current custom role to another user for the same jurisdiction or sub-jurisdiction.
          items:
            type: object
            properties:
              id:
                type: string
                description: The unique identifier of the actor.
            required:
              - id
        description:
          type: string
          description: The description of the role.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        id:
          type: string
          readOnly: true
          description: A string that specifies the resource’s unique identifier.
        name:
          type: string
          description: The role name.
        permissions:
          type: array
          description: The set of permissions assigned to the role.
          items:
            type: object
            properties:
              id:
                type: string
                description: The unique identifier of the permission (e.g. `permissions:read:userRoleAssignments`).
            required:
              - id
        type:
          $ref: '#/components/schemas/EnumCustomAdminRoleType'
      required:
        - canBeAssignedBy
        - name
        - permissions
    CustomDomain:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        certificate:
          type: object
          readOnly: true
          description: An object that specifies information about the SSL certificate used by this custom domain. If this property is not present, it indicates that an SSL certificate has not been setup for this custom domain.
          properties:
            expiresAt:
              type: string
              format: date-time
              description: The time when the certificate expires.
              readOnly: true
        canonicalName:
          type: string
          description: A string that specifies the domain name that should be used as the value of the CNAME record in the customer’s DNS.
          readOnly: true
        domainName:
          type: string
          description: A string that specifies the resource name, which must be provided and must be unique within an environment (for example, auth.shopco.com). This is a required property.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        id:
          type: string
          readOnly: true
          description: A string that specifies the resource’s unique identifier.
        status:
          $ref: '#/components/schemas/EnumCustomDomainStatus'
      required:
        - domainName
    CustomDomainCertificateRequest:
      type: object
      properties:
        certificate:
          type: string
          description: |
            A string that specifies the PEM-encoded certificate to import. This is a required property. The following validation is performed on the certificate: \
            It must not be expired. \
            It MUST not be self signed. \
            The custom domain name MUST match one of the subject alternative name (SAN) values on the certificate.
        intermediateCertificates:
          type: string
          description: A string that specifies the PEM-encoded certificate chain.
        privateKey:
          type: string
          format: password
          description: A string that specifies the PEM-encoded, unencrypted private key that matches the certificate's public key. This is a required property.
      required:
        - certificate
        - privateKey
    EmailDomain:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          readOnly: true
          description: A string that specifies the auto-generated ID of the email domain.
        domainName:
          type: string
          description: A string that specifies the resource name, which must be provided and must be unique within an environment (for example, auth.shopco.com). This is a required property. Wildcards are NOT supported.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
      required:
        - domainName
    EmailDomainDKIMStatus:
      type: object
      properties:
        type:
          type: string
          description: A string that specifies the type of DNS record, with the value "CNAME".
          readOnly: true
        regions:
          type: array
          readOnly: true
          description: The regions collection specifies the properties for the 4 AWS SES regions that are used for sending email for the environment. The regions are determined by the geography where this environment was provisioned (North America, Canada, Europe & Asia-Pacific).
          items:
            type: object
            properties:
              name:
                type: string
                description: The name of the region.
              status:
                $ref: '#/components/schemas/EnumEmailDomainStatus'
              tokens:
                type: array
                description: A collection of key and value pairs.
                items:
                  type: object
                  properties:
                    key:
                      type: string
                      description: Record name.
                    value:
                      type: string
                      description: Record value.
    EmailDomainOwnershipStatus:
      type: object
      properties:
        type:
          type: string
          readOnly: true
          description: A string that specifies the type of DNS record, with the value "TXT".
        regions:
          type: array
          readOnly: true
          description: The regions collection specifies the properties for the 4 AWS SES regions that are used for sending email for the environment. The regions are determined by the geography where this environment was provisioned (North America, Canada, Europe & Asia-Pacific).
          items:
            type: object
            properties:
              name:
                type: string
                description: The name of the region.
              status:
                $ref: '#/components/schemas/EnumEmailDomainStatus'
              key:
                type: string
                description: Record name.
              value:
                type: string
                description: Record value.
    EmailDomainSPFStatus:
      type: object
      properties:
        type:
          type: string
          readOnly: true
          description: A string that specifies the type of DNS record, with the value "TXT".
        status:
          $ref: '#/components/schemas/EnumEmailDomainStatus'
        key:
          type: string
          description: Record name.
        value:
          type: string
          description: Record value.
    EmailDomainTrustedEmail:
      type: object
      properties:
        id:
          type: string
          readOnly: true
          description: A string that specifies the auto generated ID of the trusted email address.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        domain:
          type: object
          readOnly: true
          properties:
            id:
              type: string
              description: A string that specifies the trusted email domain resource’s unique identifier associated with the resource.
        emailAddress:
          type: string
          description: A string that specifies the trusted email address, for example john.smith@shopco.com.
        status:
          $ref: '#/components/schemas/EnumTrustedEmailStatus'
        domainId:
          type: string
          description: A string that specifies the trusted email domain resource’s unique identifier associated with the resource.
          readOnly: true
      required:
        - emailAddress
    EntityArray:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        '_embedded':
          type: object
          properties:
            actions:
              type: array
              items:
                $ref: '#/components/schemas/SignOnPolicyAction'
            agreements:
              type: array
              items:
                $ref: '#/components/schemas/Agreement'
            alertChannels:
              type: array
              items:
                $ref: '#/components/schemas/AlertChannel'
            attributes:
              type: array
              items:
                oneOf:
                  - $ref:  '#/components/schemas/ApplicationAttributeMapping'
                  - $ref:  '#/components/schemas/IdentityProviderAttribute'
                  - $ref:  '#/components/schemas/SchemaAttribute'
                  - $ref:  '#/components/schemas/ResourceAttribute'
                  - $ref:  '#/components/schemas/IntegrationVersionAttribute'
            applications:
              type: array
              items:
                oneOf:
                  - $ref: '#/components/schemas/ApplicationSAML'
                  - $ref: '#/components/schemas/ApplicationOIDC'
                  - $ref: '#/components/schemas/ApplicationWSFED'
                  - $ref: '#/components/schemas/ApplicationExternalLink'
                  - $ref: '#/components/schemas/ApplicationPingOnePortal'
                  - $ref: '#/components/schemas/ApplicationPingOneSelfService'
                  - $ref: '#/components/schemas/ApplicationPingOneAdminConsole'
            certificates:
              type: array
              items:
                $ref: '#/components/schemas/Certificate'
            contents:
              type: array
              items:
                $ref: '#/components/schemas/TemplateContent'
            credentials:
              type: array
              items:
                $ref: '#/components/schemas/GatewayCredential'
            customDomains:
              type: array
              items:
                $ref: '#/components/schemas/CustomDomain'
            emailDomains:
              type: array
              items:
                $ref: '#/components/schemas/EmailDomain'
            environments:
              type: array
              items:
                $ref: '#/components/schemas/Environment'
            flowPolicies:
              type: array
              items:
                $ref: '#/components/schemas/FlowPolicy'
            flowPolicyAssignments:
              type: array
              items:
                $ref: '#/components/schemas/FlowPolicyAssignment'
            forms:
              type: array
              items:
                $ref: '#/components/schemas/Form'
            gatewayInstances:
              type: array
              items:
                $ref: '#/components/schemas/GatewayInstance'
            gateways:
              type: array
              items:
                anyOf:
                  - $ref: '#/components/schemas/Gateway'
                  - $ref: '#/components/schemas/GatewayTypeLDAP'
                  - $ref: '#/components/schemas/GatewayTypeRADIUS'
            grants:
              type: array
              items:
                $ref: '#/components/schemas/ApplicationResourceGrant'
            groups:
              type: array
              items:
                $ref: '#/components/schemas/Group'
            groupMemberships:
              type: array
              items:
                $ref: '#/components/schemas/GroupMembership'
            identityProviders:
              type: array
              items:
                $ref: '#/components/schemas/IdentityProvider'
            integrations:
              type: array
              items:
                $ref: '#/components/schemas/Integration'
            keys:
              type: array
              items:
                $ref: '#/components/schemas/Certificate'
            keyRotationPolicies:
              type: array
              items:
                $ref: '#/components/schemas/KeyRotationPolicy'
            languages:
              type: array
              items:
                oneOf:
                  - $ref: '#/components/schemas/AgreementLanguage'
                  - $ref: '#/components/schemas/Language'
            licenses:
              type: array
              items:
                $ref: '#/components/schemas/License'
            notificationsPolicies:
              type: array
              items:
                $ref: '#/components/schemas/NotificationsPolicy'
            organizations:
              type: array
              items:
                $ref: '#/components/schemas/Organization'
            passwordPolicies:
              type: array
              items:
                $ref: '#/components/schemas/PasswordPolicy'
            permissions:
              type: array
              items:
                $ref: '#/components/schemas/ResourceApplicationPermission'
            phoneDeliverySettings:
              type: array
              items:
                $ref: '#/components/schemas/NotificationsSettingsPhoneDeliverySettings'
            plans:
              type: array
              items:
                $ref: '#/components/schemas/IdentityPropagationPlan'
            populations:
              type: array
              items:
                $ref: '#/components/schemas/Population'
            resources:
              type: array
              items:
                oneOf:
                  - $ref: '#/components/schemas/Resource'
                  - $ref: '#/components/schemas/ResourceApplicationResource'
            revisions:
              type: array
              items:
                $ref: '#/components/schemas/AgreementLanguageRevision'
            scopes:
              type: array
              items:
                $ref: '#/components/schemas/ResourceScope'
            signOnPolicies:
              type: array
              items:
                $ref: '#/components/schemas/SignOnPolicy'
            signOnPolicyAssignments:
              type: array
              items:
                $ref: '#/components/schemas/SignOnPolicyAssignment'
            subscriptions:
              type: array
              items:
                $ref: '#/components/schemas/Subscription'
            templates:
              type: array
              items:
                $ref: '#/components/schemas/Template'
            themes:
              type: array
              items:
                $ref: '#/components/schemas/BrandingTheme'
            trustedEmails:
              type: array
              items:
                $ref: '#/components/schemas/EmailDomainTrustedEmail'
            roleAssignments:
              type: array
              items:
                $ref: '#/components/schemas/RoleAssignment'
            roles:
              type: array
              items:
                oneOf:
                  - $ref: '#/components/schemas/Role'
                  - $ref: '#/components/schemas/UserApplicationRoleAssignment'
                  - $ref: '#/components/schemas/CustomAdminRole'
            schemas:
              type: array
              items:
                $ref: '#/components/schemas/Schema'
            users:
              type: array
              items:
                $ref: '#/components/schemas/User'
            versions:
              type: array
              items:
                $ref: '#/components/schemas/IntegrationVersion'
        count:
          type: number
        size:
          type: number
    Environment:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        billOfMaterials:
          $ref: '#/components/schemas/BillOfMaterials'
        createdAt:
          type: string
          description: The time the resource was created.
          readOnly: true
        description:
          type: string
          description: A string that specifies the description of the population.
        icon:
          type: string
          description: The URL referencing the image to use for the environment icon. The supported image types are JPEG/JPG, PNG, and GIF.
        id:
          type: string
          description: A string that specifies the resource’s unique identifier.
          readOnly: true
        license:
          type: object
          properties:
            id:
              type: string
              description: A string that specifies the active license associated with this environment. This property is required only if your organization has more than one active license.
          required:
            - id
        name:
          type: string
          description: A string that specifies the environment name, which must be provided and must be unique within an organization.
        organization:
          type: object
          properties:
            id:
              type: string
              description: A string that specifies the organization resource’s unique identifier associated with the environment.
        region:
          oneOf:
            - $ref: '#/components/schemas/EnumRegionCode'
            - type: string
        type:
          $ref: '#/components/schemas/EnumEnvironmentType'
        updatedAt:
          type: string
          description: The time the resource was last updated.
          readOnly: true
      required:
        - name
        - type
        - region
        - license
      example:
        name: New-Env
        description: New environment description
        type: SANDBOX
        region: EU
        billOfMaterials:
          products:
            type: PING_ONE_BASE
            description: New environment product description
            console:
              href: https://example.com
        license:
          id: 34f0efac-21d9-4a17-8a35-196bb3362983
    FlowPolicy:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          description: The flow policy resource's unique identifier.
          readOnly: true
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        application:
          type: object
          description: An object that specifies the application information associated with the flow policy resource.
          properties:
            id:
              type: string
              description: The unique identifier of the application resource associated with the flow policy.
            name:
              type: string
              description: The name of the application resource associated with the flow policy.
          readOnly: true
        enabled:
          type: boolean
          description: A boolean that specifies whether the flow policy is enabled.
          readOnly: true
        name:
          type: string
          description: The flow policy resource name.
          readOnly: true
        trigger:
          type: object
          description: An object that specifies trigger information associated with the flow policy resource.
          properties:
            type:
              $ref: '#/components/schemas/EnumFlowPolicyTriggerType'
          readOnly: true
    FlowPolicyAssignment:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          description: A string that specifies the flow policy assignment resource's unique identifier.
          readOnly: true
        application:
          $ref: '#/components/schemas/ObjectApplication'
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        flowPolicy:
          type: object
          description: An object that contains details of the flow policy resource.
          properties:
            id:
              type: string
              description: A string that specifies the flow policy resource ID associated with the flow policy assignment.
          required:
            - id
        priority:
          type: integer
          description: The order in which the policy referenced by this assignment is evaluated during an authentication flow relative to other policies. An assignment with a lower priority will be evaluated first.
          minimum: 1
      required:
        - flowPolicy
        - priority
    Form:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          readOnly: true
          description: A string that specifies the resource’s unique identifier.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        name:
          type: string
          description: A string that specifies the form name, which must be provided and must be unique within an environment.
        description:
          type: string
          description: A string that specifies the description of the form.
        category:
          $ref: '#/components/schemas/EnumFormCategory'
        components:
          $ref: '#/components/schemas/FormComponents'
        cols:
          type: integer
          description: An integer that specifies the number of columns in the form (min = 1; max = 4).
          minimum: 1
          maximum: 4
        markOptional:
          type: boolean
          description: A boolean that specifies whether optional fields are highlighted in the rendered form.
        markRequired:
          type: boolean
          description: A boolean that specifies whether required fields are highlighted in the rendered form.
        translationMethod:
          $ref: '#/components/schemas/EnumFormTranslationMethod'
        fieldTypes:
          type: array
          readOnly: true
          description: A read-only object that specifies the list of the FormField types in the form.
          items:
            $ref: '#/components/schemas/EnumFormFieldType'
        languageBundle:
          type: object
          description: An object that provides a map of i18n keys to their translations. This object includes both the keys and their default translations. The PingOne language management service finds this object, and creates the new keys for translation for this form.
          additionalProperties:
            type: string
        created:
          type: string
          format: date-time
          readOnly: true
          description: The date the resouce was created (ISO-8061 format).
        modified:
          type: string
          format: date-time
          readOnly: true
          description: The date the resouce was modified (ISO-8061 format).
      required:
        - category
        - components
        - markOptional
        - markRequired
        - name
    FormComponents:
      type: object
      properties:
        fields:
          type: array
          items:
            $ref: '#/components/schemas/FormField'
      required:
        - fields
    FormElement:
      type: object
      properties:
        attributeDisabled:
          type: boolean
          readOnly: true
          description: A boolean that specifies whether the linked directory attribute is disabled.
        key:
          type: string
          description: A string that specifies an identifier for the field component.
        label:
          type: string
          description: A string of escaped JSON that is designed to store a series of text and translatable keys.
        labelMode:
          $ref: '#/components/schemas/EnumFormElementLabelMode'
        required:
          type: boolean
          description: A boolean that specifies whether the field is required.
        otherOptionEnabled:
          type: boolean
          description: A boolean that specifies whether the end user can type an entry that is not in a predefined list.
        otherOptionKey:
          type: string
          description: A string that specifies whether the form identifies that the choice is a custom choice not from a predefined list.
        otherOptionLabel:
          type: string
          description: A string that specifies the label for a custom or "other" choice in a list.
        otherOptionInputLabel:
          type: string
          description: A string that specifies the label for the other option in drop-down controls.
        otherOptionAttributeDisabled:
          type: boolean
          description: A boolean that specifies whether the directory attribute option is disabled. Set to true if it references a PingOne directory attribute.
      required:
        - key
        - label
    FormElementOption:
      type: object
      properties:
        label:
          type: string
          description: A string that specifies the label shown to the end user for this option.
        value:
          type: string
          description: A string that specifies the value of the field if this option is selected.
      required:
        - label
        - value
    FormElementValidation:
      type: object
      description: An object containing validation data for the field. This is a required property when the type is `TEXT`.
      properties:
        regex:
          type: string
          description: A string that specifies a validation regular expression. The expression must be a valid regular expression string. This is a required property when the validation type is `CUSTOM`.
        type:
          $ref: '#/components/schemas/EnumFormElementValidationType'
        errorMessage:
          type: string
          description: A string that specifies the error message to be displayed when the field validation fails.
    FormElementPasswordVerify:
      type: object
      properties:
        labelPasswordVerify:
          type: string
          description: A string that when a second field for verifies password is used, this poperty specifies the field label for that verify field.
    FormField:
      oneOf:
        - $ref: '#/components/schemas/FormFieldText'
        - $ref: '#/components/schemas/FormFieldPassword'
        - $ref: '#/components/schemas/FormFieldPasswordVerify'
        - $ref: '#/components/schemas/FormFieldRadio'
        - $ref: '#/components/schemas/FormFieldCheckbox'
        - $ref: '#/components/schemas/FormFieldDropdown'
        - $ref: '#/components/schemas/FormFieldCombobox'
        - $ref: '#/components/schemas/FormFieldDivider'
        - $ref: '#/components/schemas/FormFieldEmptyField'
        - $ref: '#/components/schemas/FormFieldTextblob'
        - $ref: '#/components/schemas/FormFieldSlateTextblob'
        - $ref: '#/components/schemas/FormFieldSubmitButton'
        - $ref: '#/components/schemas/FormFieldErrorDisplay'
        - $ref: '#/components/schemas/FormFieldFlowLink'
        - $ref: '#/components/schemas/FormFieldFlowButton'
        - $ref: '#/components/schemas/FormFieldRecaptchaV2'
        - $ref: '#/components/schemas/FormFieldQrCode'
        - $ref: '#/components/schemas/FormFieldSocialLoginButton'
      discriminator:
        propertyName: type
        mapping:
          TEXT: '#/components/schemas/FormFieldText'
          PASSWORD: '#/components/schemas/FormFieldPassword'
          PASSWORD_VERIFY: '#/components/schemas/FormFieldPasswordVerify'
          RADIO: '#/components/schemas/FormFieldRadio'
          CHECKBOX: '#/components/schemas/FormFieldCheckbox'
          DROPDOWN: '#/components/schemas/FormFieldDropdown'
          COMBOBOX: '#/components/schemas/FormFieldCombobox'
          DIVIDER: '#/components/schemas/FormFieldDivider'
          EMPTY_FIELD: '#/components/schemas/FormFieldEmptyField'
          SLATE_TEXTBLOB: '#/components/schemas/FormFieldSlateTextblob'
          SUBMIT_BUTTON: '#/components/schemas/FormFieldSubmitButton'
          ERROR_DISPLAY: '#/components/schemas/FormFieldErrorDisplay'
          FLOW_LINK: '#/components/schemas/FormFieldFlowLink'
          FLOW_BUTTON: '#/components/schemas/FormFieldFlowButton'
          RECAPTCHA_V2: '#/components/schemas/FormFieldRecaptchaV2'
          QR_CODE: '#/components/schemas/FormFieldQrCode'
          SOCIAL_LOGIN_BUTTON: '#/components/schemas/FormFieldSocialLoginButton'
    FormFieldCommon:
      type: object
      properties:
        type:
          $ref: '#/components/schemas/EnumFormFieldType'
        position:
          type: object
          properties:
            row:
              type: integer
              description: An integer that specifies the number of rows (maximum number is 50).
              maximum: 50
            col:
              type: integer
              description: An integer that specifies the number of columns (min = 0; max = 4).
              minimum: 0
              maximum: 4
            width:
              type: integer
              description: An integer that specifies the width of the field (in percentage).
          required:
            - row
            - col
      required:
        - type
        - position
    FormFieldText:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormElement'
        - type: object
          properties:
            layout:
              $ref: '#/components/schemas/EnumFormElementLayout'
            options:
              type: array
              description: An array of objects (label/value pairs) that specifies the unique list of options. This is a required property when the type is `RADIO`, `CHECKBOX`, or `DROPDOWN`.
              items:
                $ref: '#/components/schemas/FormElementOption'
            validation:
              $ref: '#/components/schemas/FormElementValidation'
          required:
            - validation
    FormFieldPassword:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormElement'
        - type: object
          properties:
            layout:
              $ref: '#/components/schemas/EnumFormElementLayout'
            options:
              type: array
              description: An array of objects (label/value pairs) that specifies the unique list of options. This is a required property when the type is `RADIO`, `CHECKBOX`, or `DROPDOWN`.
              items:
                $ref: '#/components/schemas/FormElementOption'
            showPasswordRequirements:
              type: boolean
              description: A boolean that specifies whether the password requirements are displayed.
            validation:
              $ref: '#/components/schemas/FormElementValidation'
    FormFieldPasswordVerify:
      allOf:
        - $ref: '#/components/schemas/FormFieldPassword'
        - $ref: '#/components/schemas/FormElementPasswordVerify'
    FormFieldRadio:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormElement'
        - type: object
          properties:
            layout:
              $ref: '#/components/schemas/EnumFormElementLayout'
            options:
              type: array
              description: An array of objects (label/value pairs) that specifies the unique list of options. This is a required property when the type is `RADIO`, `CHECKBOX`, or `DROPDOWN`.
              items:
                $ref: '#/components/schemas/FormElementOption'
            validation:
              $ref: '#/components/schemas/FormElementValidation'
          required:
            - layout
            - options
    FormFieldCheckbox:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormElement'
        - type: object
          properties:
            layout:
              $ref: '#/components/schemas/EnumFormElementLayout'
            options:
              type: array
              description: An array of objects (label/value pairs) that specifies the unique list of options. This is a required property when the type is `RADIO`, `CHECKBOX`, or `DROPDOWN`.
              items:
                $ref: '#/components/schemas/FormElementOption'
            validation:
              $ref: '#/components/schemas/FormElementValidation'
          required:
            - layout
            - options
    FormFieldDropdown:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormElement'
        - type: object
          properties:
            layout:
              $ref: '#/components/schemas/EnumFormElementLayout'
            options:
              type: array
              description: An array of objects (label/value pairs) that specifies the unique list of options. This is a required property when the type is `RADIO`, `CHECKBOX`, or `DROPDOWN`.
              items:
                $ref: '#/components/schemas/FormElementOption'
            validation:
              $ref: '#/components/schemas/FormElementValidation'
          required:
            - options
    FormFieldCombobox:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormElement'
        - type: object
          properties:
            layout:
              $ref: '#/components/schemas/EnumFormElementLayout'
            options:
              type: array
              description: An array of objects (label/value pairs) that specifies the unique list of options. This is a required property when the type is `RADIO`, `CHECKBOX`, or `DROPDOWN`.
              items:
                $ref: '#/components/schemas/FormElementOption'
            validation:
              $ref: '#/components/schemas/FormElementValidation'
          required:
            - options
    FormFieldDivider:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormItem'
    FormFieldEmptyField:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormItem'
    FormFieldTextblob:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormItem'
    FormFieldSlateTextblob:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormItem'
    FormFieldSubmitButton:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormSubmit'
    FormFieldErrorDisplay:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormItem'
    FormFieldFlowLink:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormFlowLink'
    FormFieldFlowButton:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormFlowButton'
    FormFieldRecaptchaV2:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormRecaptchaV2'
    FormFieldQrCode:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormQrCode'
    FormFieldSocialLoginButton:
      allOf:
        - $ref: '#/components/schemas/FormFieldCommon'
        - $ref: '#/components/schemas/FormSocialLoginButton'
    FormFlowButton:
      type: object
      properties:
        key:
          type: string
          description: A string that specifies an identifier for the field component.
        label:
          type: string
          description: A string that specifies the button label.
        styles:
          $ref: '#/components/schemas/FormStyles'
      required:
        - key
        - label
    FormFlowLink:
      type: object
      properties:
        key:
          type: string
          description: A string that specifies an identifier for the field component.
        label:
          type: string
          description: A string that specifies the link label.
        styles:
          type: object
          properties:
            alignment:
              $ref: '#/components/schemas/EnumFormItemAlignment'
            textColor:
              type: string
              description: A string that specifies the link text color. The value must be a valid hexadecimal color.
            enabled:
              type: boolean
              description: A boolean that specifies whether the link is enabled.
            padding:
              $ref: '#/components/schemas/FormStylesPadding'
      required:
        - key
        - label
    FormItem:
      type: object
      properties:
        content:
          type: string
          description: A string that specifies the field content.
    FormRecaptchaV2:
      type: object
      properties:
        size:
          $ref: '#/components/schemas/EnumFormRecaptchaV2Size'
        theme:
          $ref: '#/components/schemas/EnumFormRecaptchaV2Theme'
        alignment:
          $ref: '#/components/schemas/EnumFormItemAlignment'
      required:
        - size
        - theme
        - alignment
    FormStyles:
      type: object
      properties:
        alignment:
          $ref: '#/components/schemas/EnumFormItemAlignment'
        backgroundColor:
          type: string
          description: A string that specifies the button background color. The value must be a valid hexadecimal color.
        textColor:
          type: string
          description: A string that specifies the button text color. The value must be a valid hexadecimal color.
        borderColor:
          type: string
          description: A string that specifies the button border color. The value must be a valid hexadecimal color.
        enabled:
          type: boolean
          description: A boolean that specifies whether the button is enabled.
        height:
          type: integer
        padding:
          $ref: '#/components/schemas/FormStylesPadding'
        width:
          type: integer
          description: An integer that specifies the button width. Set as a percentage.
        widthUnit:
          $ref: '#/components/schemas/EnumFormStylesWidthUnit'
    FormStylesPadding:
      type: object
      properties:
        top:
          type: integer
        bottom:
          type: integer
        left:
          type: integer
        right:
          type: integer
    FormSocialLoginButton:
      type: object
      properties:
        key:
          type: string
          description: A string that specifies an identifier for the field component.
        label:
          type: string
          description: A string that specifies the social login button label.
        styles:
          $ref: '#/components/schemas/FormStyles'
        idpType:
          $ref: '#/components/schemas/EnumFormSocialLoginIdpType'
        idpName:
          type: string
          description: A string that specifies the external identity provider name.
        idpId:
          type: string
          description: A string that specifies the external identity provider's ID.
        idpEnabled:
          type: boolean
          description: A boolean that specifies whether the external identity provider is enabled.
      required:
        - label
        - idpType
        - idpName
        - idpId
        - idpEnabled
    FormSubmit:
      type: object
      properties:
        key:
          type: string
          description: A string that specifies an identifier for the field component.
        label:
          type: string
          description: A string that specifies the button label.
        styles:
          $ref: '#/components/schemas/FormStyles'
      required:
        - label
    FormQrCode:
      type: object
      properties:
        key:
          type: string
          description: A string that specifies an identifier for the field component.
        qrCodeType:
          $ref: '#/components/schemas/EnumFormQrCodeType'
        alignment:
          $ref: '#/components/schemas/EnumFormItemAlignment'
        showBorder:
          type: boolean
          description: A boolean that specifies the border visibility.
      required:
        - key
        - qrCodeType
        - alignment
    Gateway:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          readOnly: true
          description: A string that specifies the instance ID of the gateway. The gateway instance ID is created by the gateway when it starts up.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        credentials:
          type: array
          readOnly: true
          items:
            $ref: '#/components/schemas/GatewayCredential'
        name:
          type: string
          description: A string that specifies the resource name, which must be provided and must be unique within an environment. Valid characters are any Unicode letter, mark, numeric character, forward slash, dot, apostrophe, underscore, space, or hyphen.
        description:
          type: string
          description: A string that specifies the description of the resource.
        type:
          $ref: '#/components/schemas/EnumGatewayType'
        enabled:
          type: boolean
          description: A boolean that specifies whether the gateway is enabled. This is a required property.
        supportedVersions:
          type: array
          description: An array that lists the LDAP gateway versions associated with this gateway resource. This information is returned on a GET {{apiPath}}/environments/{{environmentID}}/gateways request, and it is used to trigger alerts if the gateway tries to connect with an unsupported version (or a version that is not the latest or recommended version).
          readOnly: true
          items:
            type: object
            properties:
              version:
                type: string
                description: A string that specifies the gateway version number.
              image:
                type: string
                description: A string that identifies the gateway image path.
              recommended:
                type: boolean
                description: A boolean that specifies whether this is the recommended LDAP gateway version.
              latest:
                type: boolean
                description: A boolean that specifies whether this is the latest LDAP gateway version.
              supportEndsOn:
                type: string
                format: date-time
              daysUntilSupportEnds:
                type: integer
        currentAlerts:
          type: array
          readOnly: true
          items:
            type: object
      required:
        - name
        - type
        - enabled
    GatewayTypeLDAP:
      allOf:
        - $ref: '#/components/schemas/Gateway'
        - type: object
          properties:
            bindDN:
              type: string
              description: A string that specifies the distinguished name information to bind to the LDAP database (for example, uid=pingone,dc=example,dc=com).
            bindPassword:
              type: string
              format: password
              description: A string that specifies the bind password for the LDAP database. This is a required property.
            connectionSecurity:
              $ref: '#/components/schemas/EnumGatewayTypeLDAPSecurity'
            kerberos:
              type: object
              description: Contains the Kerberos authentication settings. Set this to null to disable Kerberos authentication.
              properties:
                serviceAccountPassword:
                  type: string
                  format: password
                  description: The password for the Kerberos service account.
                serviceAccountUserPrincipalName:
                  type: string
                  description: The Kerberos service account user principal name (for example, `username@domain.com`).
                minutesToRetainPreviousCredentials:
                  type: integer
                  description: The number of minutes for which the previous credentials are persisted.
              required:
                - serviceAccountUserPrincipalName
            serversHostAndPort:
              type: array
              items:
                type: string
              description: An array of strings that specifies the LDAP server host name and port number (for example, [`ds1.example.com:389`, `ds2.example.com:389`]).
            userTypes:
              type: array
              description: An array of the userTypes properties for the users to be provisioned in PingOne. userTypes specifies which user properties in PingOne correspond to the user properties in an external LDAP directory. You can use an LDAP browser to view the user properties in the external LDAP directory.
              items:
                type: object
                properties:
                  allowPasswordChanges:
                    type: boolean
                    description: Defaults to false if this property isn't specified in the request. If false, the user cannot change the password in the remote LDAP directory. In this case, operations for forgotten passwords or resetting of passwords are not available to a user referencing this gateway.
                  updateUserOnSuccessfulAuthentication:
                    type: boolean
                    description: If set to true, when users sign on through an LDAP Gateway client, user attributes are updated based on responses from the LDAP server. Defaults to false if this property isn't specified in the request.
                  id:
                    type: string
                    description: The UUID of the user type. This correlates to the password.external.gateway.userType.id User property.
                  name:
                    type: string
                    description: The name of the user type.
                  newUserLookup:
                    type: object
                    description: The configurations for initially authenticating new users who will be migrated to PingOne. Note If there are multiple users having the same user name, only the first user processed is provisioned.
                    properties:
                      attributeMappings:
                        type: array
                        description: A list of objects supplying a mapping of PingOne attributes to external LDAP attributes. One of the entries must be a mapping for "username`. This is required for the PingOne user schema.
                        items:
                          type: object
                          properties:
                            name:
                              type: string
                              description: The PingOne username attribute. See Users properties for the complete list of PingOne user attributes.
                            value:
                              type: string
                              description: A placeholder reference to the corresponding external LDAP attribute for name.
                          required:
                            - name
                            - value
                      ldapFilterPattern:
                        type: string
                        description: The LDAP user search filter to use to match users against the entered user identifier at login. For example, (((uid=${identifier})(mail=${identifier})). Alternatively, this can be a search against the user directory.
                      population:
                        type: object
                        description: The PingOne population to use to create user entries during lookup.
                        properties:
                          id:
                            type: string
                            description: The ID of the population to use to create user entries during lookup.
                        required:
                          - id
                    required:
                      - attributeMappings
                      - ldapFilterPattern
                      - population
                  orderedCorrelationAttributes:
                    type: array
                    description: A map of key/value entries used to persist the external LDAP directory attributes.
                    items:
                      type: string
                  passwordAuthority:
                    $ref: '#/components/schemas/EnumGatewayPasswordAuthority'
                  searchBaseDn:
                    type: string
                    description: The LDAP base domain name (DN) for this user type.
                required:
                  - name
                  - passwordAuthority
                  - searchBaseDn
                  - orderedCorrelationAttributes
            validateTlsCertificates:
              type: boolean
              description: A boolean that specifies whether or not to trust all SSL certificates (defaults to true). If this value is false, TLS certificates are not validated. When the value is set to true, only certificates that are signed by the default JVM CAs, or the CA certs that the customer has uploaded to the certificate service are trusted.
            vendor:
              $ref: '#/components/schemas/EnumGatewayVendor'
            followReferrals:
              type: boolean
              readOnly: true
          required:
            - bindDN
            - bindPassword
            - vendor
            - serversHostAndPort
    GatewayTypeRADIUS:
      allOf:
        - $ref: '#/components/schemas/Gateway'
        - type: object
          properties:
            davinci:
              type: object
              properties:
                policy:
                  type: object
                  properties:
                    id:
                      type: string
                      description: The ID of the Davinci flow policy to use.
                  required:
                    - id
              required:
                - policy
            defaultSharedSecret:
              type: string
              format: password
              description: Value to use for the shared secret if the shared secret is not provided for one or more of the RADIUS clients specified.
            networkPolicyServer:
              type: object
              description: If specified, the RADIUS gateway authenticates using the MS-CHAP v2 protocol.
              properties:
                ip:
                  type: string
                  description: The IP address of the Network Policy Server (NPS).
                port:
                  type: integer
                  description: The port number of the NPS.
              required:
                - ip
                - port
            radiusClients:
              type: array
              description: Collection of RADIUS clients.
              items:
                type: object
                properties:
                  ip:
                    type: string
                    description: The IP of the RADIUS client.
                  sharedSecret:
                    type: string
                    format: password
                    description: The shared secret for the RADIUS client. If this value is not provided, the shared secret specified with `defaultSharedSecret` is used. If you are not providing a shared secret for the client, leave out `sharedSecret` or set it to null.
                required:
                  - ip
          required:
            - davinci
            - radiusClients
    GatewayCredential:
      type: object
      properties:
        id:
          type: string
          readOnly: true
          description: A string that specifies the auto-generated ID for this credential. This is the JWT's jti claim. This is a required property.
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: A date that specifies the date the credential was created in Coordinated Universal Time (UTC). This is a required property.
        lastUsedAt:
          type: string
          format: date-time
          readOnly: true
          description: A date that specifies the date the credential was last used in UTC. This is a required property.
        credential:
          type: string
          format: password
          readOnly: true
          description: A string that specifies the signed JWT for the gateway credential. This property is present only when the gateway credential is created.
    GatewayInstance:
      type: object
      properties:
        connected:
          type: boolean
          description: A boolean that specifies whether or not the gateway instance has one or more connections. This is a required property.
        id:
          type: string
          readOnly: true
          description: A string that specifies the instance ID of the gateway. The gateway instance ID is created by the gateway when it starts up.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        gateway:
          type: object
          readOnly: true
          properties:
            id:
              type: string
              description: A string that specifies the gateway ID.
        credential:
          type: object
          readOnly: true
          properties:
            id:
              type: string
              description: A string that specifies the credential ID.
        currentErrors:
          type: array
          description: An array of strings that lists the messages that are maintained by the gateway instance.
          items:
            type: string
        healthStatus:
          $ref: '#/components/schemas/EnumHealthStatus'
        hostname:
          type: string
          description: A string that specifies the hostname of the container running in the customer’s infrastructure. This is a required property.
        initializedAt:
          type: string
          description: A timestamp that specifies when gateway was initialized (when the first connect to PingOne was made).
        lastReportedAt:
          type: string
          description: A timestamp that specifies the last reported timestamp, heartbeat, or other message.
        version:
          type: object
          description: An object containing the version of the gateway running for the instance.
          properties:
            versionNumber:
              type: string
              description: A string that specifies the version number of the gateway running for the instance. This is a required property.
            updateStatus:
              $ref: '#/components/schemas/EnumUpdateStatus'
        busyPercentage:
          type: integer
          description: An integer that specifies the gateway instance's busy percentage. When this percentage is high, then more instances should be added.
        operationsPerSecond:
          type: number
          description: A number that specifies the recent throughput of the gateway instance.
        responseTimeMillis:
          type: number
          description: A number that specifies the processing time of the gateway instance in milliseconds.
    Group:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          readOnly: true
          description: The unique identifier for the group. Search all groups for a specific group ID with a SCIM filter on GET /environments/{environmentID}/groups. Retrieve all the group IDs associated with a user with GET /environments/{environmentID}/users/{userID}?include=memberOfGroupIDs.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        displayName:
          type: string
          readOnly: true
          description: For external groups, set during user creation/update. For groups created on PingOne, this parameter is identical to `name`.
        population:
          type: object
          description: The population to assign the group to
          properties:
            id:
              type: string
              description: The population ID
          required:
            - id
        name:
          type: string
          description: The group name. A group name can be reused across populations, but the same user cannot belong to multiple groups with the same group name. Population groups cannot share a group name with an environment group. Search all groups for a specific group name with a SCIM filter on GET /environments/{environmentID}/groups. Retrieve all the group names associated with a user with GET /environments/{environmentID}/users/{userID}?include=memberOfGroupNames. Use this operation to determine group membership in attribute mappings for claims and assertions.
        userFilter:
          type: string
          description: A SCIM filter that determines which users are dynamically added to the group. For more information, see Adding users to a group and Removing users from a group.
        description:
          type: string
          description: The group description.
        externalId:
          type: string
          description: A user-defined identifier for the group. Use this propertry to syncronize a group in PingOne with the same group in an external system. PingOne does not directly use this property. Search all groups for a specific external ID with a SCIM filter on GET /environments/{environmentID}/groups
        customData:
          type: object
          description: Optional User-defined custom data.
        sourceId:
          type: string
          readOnly: true
          description: External groups only. Set during user creation/update.
        sourceType:
          $ref: '#/components/schemas/EnumGroupSourceType'
        directMemberCounts:
          type: object
          readOnly: true
          description: An object containing a users (int) property. This property lists the number of users explicitly added to the group with POST /environments/{environmentID}/users/{userID}/memberOfGroups. Since these members were explicitly added to the group, they can be removed from the group with DELETE /environments/{environmentID}/users/{userID}/memberOfGroups/{groupID}.
          properties:
            users:
              type: integer
              description: Number of users with direct membership
        totalMemberCounts:
          type: object
          readOnly: true
          description: An object containing a users (int) property. This property lists the total number of users added to the group. You must use GET /environments/{environmentID}/groups with the include=totalMemberCounts query parameter to retrieve this property. This property is not returned with a list of groups.
          properties:
            users:
              type: integer
              description: Number of users with direct membership
      required:
        - name
    GroupMembership:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        '_embedded':
          type: object
          properties:
            group:
              $ref: '#/components/schemas/Group'
        id:
          type: string
          description: ID of the group to assign
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        name:
          type: string
          description: A string that specifies the group name assigned to the user.
          readOnly: true
        type:
          $ref: '#/components/schemas/EnumGroupMembershipType'
      required:
        - id
    GroupNesting:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          description: ID of the group to nest
        type:
          type: string
          description: The type of the group nesting
          readOnly: true
      required:
       - id
    IdentityPropagationPlan:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          readOnly: true
          description: The unique identifier for the group. Search all groups for a specific group ID with a SCIM filter on GET /environments/{environmentID}/groups. Retrieve all the group IDs associated with a user with GET /environments/{environmentID}/users/{userID}?include=memberOfGroupIDs.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        name:
          type: string
          description: Unique name of the propagation plan
        status:
          $ref: '#/components/schemas/EnumIdentityPropagationPlanStatus'
      required:
        - name
    IdentityProvider:
      oneOf:
        - $ref: '#/components/schemas/IdentityProviderFacebook'
        - $ref: '#/components/schemas/IdentityProviderClientIDClientSecret'
        - $ref: '#/components/schemas/IdentityProviderOIDC'
        - $ref: '#/components/schemas/IdentityProviderApple'
        - $ref: '#/components/schemas/IdentityProviderPaypal'
        - $ref: '#/components/schemas/IdentityProviderSAML'
    IdentityProviderAttribute:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        mappingType:
          $ref: '#/components/schemas/EnumIdentityProviderAttributeMappingType'
        name:
          type: string
          description: The user attribute, which is unique per provider. The attribute must not be defined as read only from the user schema or of type COMPLEX based on the user schema. Valid examples username, and name.first. The following attributes may not be used account, id, created, updated, lifecycle, mfaEnabled, and enabled.
        value:
          type: string
          description: A placeholder referring to the attribute (or attributes) from the provider. Placeholders must be valid for the attributes returned by the IdP type and use the ${} syntax (for example, username=`${email}`). For SAML, any placeholder is acceptable, and it is mapped against the attributes available in the SAML assertion after authentication. The ${samlAssertion.subject} placeholder is a special reserved placeholder used to refer to the subject name ID in the SAML assertion response.
        update:
          $ref: '#/components/schemas/EnumIdentityProviderAttributeMappingUpdate'
        id:
          type: string
          readOnly: true
          description: The unique identifier for the resource.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        identityProvider:
          type: object
          properties:
            id:
              type: string
          readOnly: true
        createdAt:
          type: string
          description: The time the resource was created.
          readOnly: true
        updatedAt:
          type: string
          description: The time the resource was last updated.
          readOnly: true
      required:
        - name
        - value
        - update
    IdentityProviderCommon:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        description:
          type: string
          description: The description of the IdP.
        enabled:
          type: boolean
          description: The current enabled state of the IdP.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        icon:
          type: object
          properties:
            id:
              type: string
              description: The ID for the IdP icon.
            href:
              type: string
              description: The HREF for the IdP icon.
        id:
          type: string
          readOnly: true
          description: The resource ID.
        loginButtonIcon:
          type: object
          properties:
            id:
              type: string
              description: The image ID for the IdP login button icon. For Facebook, Google, and LinkedIn IdPs, updates to the login button are ignored to preserve the IdP branding rules.
            href:
              type: string
              description: The HREF for the IdP login button icon image file. For Facebook, Google, and LinkedIn IdPs, updates to the login button are ignored to preserve the IdP branding rules.
        name:
          type: string
          description: The name of the IdP.
        registration:
          type: object
          properties:
            population:
              type: object
              properties:
                id:
                  type: string
                  description: An external IdP to use as authoritative. Setting this attribute gives management of linked users to the IdP and also triggers just-in-time provisioning of new users. These users are created in the population indicated with registration.population.id.
        type:
          $ref: '#/components/schemas/EnumIdentityProviderExt'
        createdAt:
          type: string
          description: The time the resource was created.
          readOnly: true
        updatedAt:
          type: string
          description: The time the resource was last updated.
          readOnly: true
      required:
        - enabled
        - name
        - type
    IdentityProviderFacebook:
      allOf:
        - $ref: '#/components/schemas/IdentityProviderCommon'
        - type: object
          properties:
            appId:
              type: string
              description: A string that specifies the application ID from Facebook. This is a required property.
            appSecret:
              type: string
              format: password
              description: A string that specifies the application secret from Facebook. This is a required property.
          required:
            - appId
            - appSecret
    IdentityProviderClientIDClientSecret:
      allOf:
        - $ref: '#/components/schemas/IdentityProviderCommon'
        - type: object
          properties:
            clientId:
              type: string
              description: A string that specifies the application ID from the provider. This is a required property.
            clientSecret:
              type: string
              format: password
              description: A string that specifies the application secret from the provider. This is a required property.
          required:
            - clientId
            - clientSecret
    IdentityProviderOIDC:
      allOf:
        - $ref: '#/components/schemas/IdentityProviderCommon'
        - type: object
          properties:
            authorizationEndpoint:
              type: string
              description: A string that specifies the the OIDC identity provider's authorization endpoint. This value must be a URL that uses https. This is a required property.
            clientId:
              type: string
              description: A string that specifies the application ID from the OIDC identity provider. This is a required property.
            clientSecret:
              type: string
              format: password
              description: A string that specifies the application secret from the OIDC identity provider. This is a required property.
            discoveryEndpoint:
              type: string
              description: A string that specifies the OIDC identity provider's discovery endpoint. This value must be a URL that uses https.
            issuer:
              type: string
              description: A string that specifies the issuer to which the authentication is sent for the OIDC identity provider. This value must be a URL that uses https. This is a required property.
            jwksEndpoint:
              type: string
              description: A string that specifies the OIDC identity provider's jwks endpoint. This value must be a URL that uses https. This is a required property.
            scopes:
              type: array
              description: An array that specifies the scopes to include in the authentication request to the OIDC identity provider. This is a required property.
              items:
                type: string
            tokenEndpoint:
              type: string
              description: A string that specifies the OIDC identity provider's token endpoint. This is a required property.
            tokenEndpointAuthMethod:
              $ref: '#/components/schemas/EnumIdentityProviderOIDCTokenAuthMethod'
            userInfoEndpoint:
              type: string
              description: A string that specifies the OIDC identity provider's userInfo endpoint.
            pkceMethod:
              $ref: '#/components/schemas/EnumIdentityProviderPKCEMethod'
          required:
            - authorizationEndpoint
            - clientId
            - clientSecret
            - issuer
            - jwksEndpoint
            - scopes
            - tokenEndpoint
            - tokenEndpointAuthMethod
    IdentityProviderApple:
      allOf:
        - $ref: '#/components/schemas/IdentityProviderCommon'
        - type: object
          properties:
            clientId:
              type: string
              description: A string that specifies the application ID from Apple. This is the identifier obtained after registering a services ID in the Apple developer portal. This is a required property.
            clientSecretSigningKey:
              type: string
              format: password
              description: A string that specifies the private key that is used to generate a client secret. This is a required property.
            keyId:
              type: string
              description: A 10-character string that Apple uses to identify an authentication key. This is a required property.
            teamId:
              type: string
              description: A 10-character string that Apple uses to identify teams. This is a required property.
          required:
            - clientId
            - clientSecretSigningKey
            - keyId
            - teamId
    IdentityProviderPaypal:
      allOf:
        - $ref: '#/components/schemas/IdentityProviderCommon'
        - type: object
          properties:
            clientId:
              type: string
              description: A string that specifies the application ID from PayPal. This is a required property.
            clientSecret:
              type: string
              format: password
              description: A string that specifies the application secret from PayPal. This is a required property.
            clientEnvironment:
              type: string
              description: A string that specifies the PayPal environment. Options are sandbox, and live. This is a required property.
          required:
            - clientId
            - clientSecret
            - clientEnvironment
    IdentityProviderSAML:
      allOf:
        - $ref: '#/components/schemas/IdentityProviderCommon'
        - type: object
          properties:
            authnRequestSigned:
              type: boolean
              description: A boolean that specifies whether the SAML authentication request will be signed when sending to the identity provider. Set this to true if the external IDP is included in an authentication policy to be used by applications that are accessed using a mix of default URLS and custom Domains URLs.
            idpEntityId:
              type: string
              description: A string that specifies the entity ID URI that is checked against the issuerId tag in the incoming response.
            idpVerification:
              type: object
              properties:
                certificates:
                  type: array
                  description: A array that specifies the identity provider's certificate IDs used to verify the signature on the signed assertion from the identity provider. Signing is done with a private key and verified with a public key.
                  items:
                    type: object
                    properties:
                      id:
                        type: string
                    required:
                      - id
              required:
                - certificates
            spEntityId:
              type: string
              description: A string that specifies the service provider's entity ID, used to look up the application.
            spSigning:
              type: object
              properties:
                algorithm:
                  $ref: '#/components/schemas/EnumIdentityProviderSAMLSigningAlgorithm'
                key:
                  type: object
                  properties:
                    id:
                      type: string
                      description: A string that specifies the service provider's signing key ID.
                  required:
                    - id
              required:
                - key
            ssoBinding:
              $ref: '#/components/schemas/EnumIdentityProviderSAMLSSOBinding'
            ssoEndpoint:
              type: string
              description: A string that specifies the SSO endpoint for the authentication request.
            sloBinding:
              $ref: '#/components/schemas/EnumIdentityProviderSAMLSLOBinding'
            sloEndpoint:
              type: string
              description: The logout endpoint URL. This is an optional property. However, if a `sloEndpoint` logout endpoint URL is not defined, logout actions result in an error.
            sloResponseEndpoint:
              type: string
              description: The endpoint URL to submit the logout response. If a value is not provided, the `sloEndpoint` property value is used to submit SLO response.
            sloWindow:
              type: integer
              description: Defines how long PingOne can exchange logout messages with the application, specifically a `LogoutRequest` from the application, since the initial request. PingOne can also send a `LogoutRequest` to the application when a single logout is initiated by the user from other session participants, such as an application or identity provider. This setting is per application. The SLO logout is separate from the user session logout that revokes all tokens.
          required:
            - idpEntityId
            - spEntityId
            - idpVerification
            - ssoBinding
            - ssoEndpoint
    Image:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          readOnly: true
          description: A string that specifies the resource’s unique identifier.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was created.
        targets:
          type: object
          readOnly: true
          properties:
            original:
              type: object
              readOnly: true
              properties:
                href:
                  type: string
                  readOnly: true
                  description: A string that specifies the URL or fully qualified path to the image source file.
                id:
                  type: string
                  readOnly: true
                  description: A string that specifies the UUID of the target image.
                type:
                  $ref: '#/components/schemas/EnumImageFormat'
                  readOnly: true
                width:
                  type: integer
                  readOnly: true
                  description: The width of the image (in pixels).
                height:
                  type: integer
                  readOnly: true
                  description: The height of the image (in pixels).
    Integration:
      type: object
      properties:
        categories:
          type: array
          items:
            type: string
          description: The list of categories used to classify the integration. Valid strings include alphanumeric characters, underscore, hyphen, and space.
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: Creation date of the integration.
        description:
          type: string
          description: The description of the integration in HTML to be used for the integration listing. You can use class and style attributes for inline styling. There's a 4000 character limit for the description.
        id:
          type: string
          description: The platform-generated ID of this integration.
          readOnly: true
        logo:
          type: object
          description: A logo to use for the integration. If specified, the associated properties are required.
          properties:
            href:
              type: string
              description: The href to the absolute URL of the image.
            id:
              type: string
              description: The image ID generated by the Image service.
          required:
            - id
            - href
        marketingLandingPageUrl:
          type: string
          description: Absolute URL link to the marketing landing page.
        name:
          type: string
          description: Name of the integration.
        pingProductNames:
          type: array
          items:
            $ref: '#/components/schemas/EnumIntegrationPingProductName'
          description: The Ping product associated with the integration. Can include `PINGID`, `PINGONE_ENTERPRISE`, `PINGONE`, `PINGACCESS`, `PINGFEDERATE`, `PINGDIRECTORY`, `PINGDATAGOVERNANCE`, `PINGINTELLIGENCE_FOR_APIS` or `PINGONE_ADVANCED_SERVICES`
        publisher:
          type: string
          description: Name of the publisher.
        tags:
          type: array
          items:
            $ref: '#/components/schemas/EnumIntegrationTag'
          description: Tags to apply to the integration metadata. Can include `SSO`, `AUTHENTICATION`, `MFA`, `INTELLIGENCE`, `GOVERNANCE`, `IDAAS`, `ACCESS`, `DIRECTORY`, or `PROVISIONING`.
        thirdParty:
          type: object
          description: Metadata that defines the third party related to this integration.
          properties:
            companyName:
              type: string
              description: Name of the third party company for the listing.
            products:
              type: array
              items:
                type: string
              description: Names of the third party products for the integration.
          required:
            - companyName
      required:
        - name
        - pingProductNames
        - publisher
    IntegrationVersion:
      oneOf:
      - $ref: '#/components/schemas/IntegrationVersionIntegrationKit'
      - $ref: '#/components/schemas/IntegrationVersionSAML'
      discriminator:
        propertyName: type
        mapping:
          PRODUCT_INTEGRATION_KIT: '#/components/schemas/IntegrationVersionIntegrationKit'
          SAML: '#/components/schemas/IntegrationVersionSAML'
    IntegrationVersionAttribute:
      type: object
      properties:
        id:
          type: string
          readOnly: true
          description: Auto-generated ID of this attribute.
        integration:
          type: object
          readOnly: true
          description: The parent integration of the integration version.
          properties:
            id:
              type: string
              readOnly: true
              description: The platform-generated ID of the parent integration.
          required:
            - id
        name:
          type: string
          description: Attribute name the application expects. Unique within the integration version and in the form `urn:oasis:names:tc:SAML:2.0:attrname-format:uri`.
        required:
          type: boolean
          description: Whether or not the attribute is required. If true, the value property must be set with a non-empty value. Default is false.
        schema:
          type: string
          description: A JSON schema describing the current attribute mapping.
        version:
          type: object
          readOnly: true
          description: The relationship to the parent integration version.
          properties:
            id:
              type: string
              description: The platform-generated ID of the parent integration version.
          required:
            - id
      required:
        - schema
    IntegrationVersionCommon:
      type: object
      properties:
        configuration:
          type: object
          description: The configuration of the integration version. If specified, configuration.schema and configuration.properties is required.
          properties:
            schema:
              type: object
              description: Contains a JSON schema defining the integration version.
            properties:
              type: object
              description: Contains the property names and assigned values for the integration version.
          required:
            - schema
            - properties
        description:
          type: string
          description: Unicode characters. The description of this integration metadata version.
        id:
          type: string
          readOnly: true
          description: The platform-generated ID of this integration metadata version.
        integration:
          type: object
          description: The parent integration of the integration version.
          readOnly: true
          properties:
            id:
              type: string
              description: The platform-generated ID of the parent integration.
          required:
            - id
        name:
          type: string
          description: A unique name for the integration metadata version.
        number:
          type: string
          description: A unique number for the integration version.
        type:
          $ref: '#/components/schemas/EnumIntegrationVersionType'
      required:
        - name
        - number
    IntegrationVersionIntegrationKit:
      allOf:
        - $ref: '#/components/schemas/IntegrationVersionCommon'
        - type: object
          properties:
            documentationUrl:
              type: string
              description: Absolute URL to the documentation.
            endOfLifeOn:
              type: string
              format: date
              description: EOL support date in the form yyyy-mm-dd.
            integratedWith:
              type: object
              description: Ping product integration details.
              properties:
                name:
                  $ref: '#/components/schemas/EnumIntegrationVersionIntegrationKitIntegratedWithName'
                minVersion:
                  type: string
                  description: Earliest version of the integrated Ping product.
                maxVersion:
                  type: string
                  description: Latest version of the integrated Ping product.
              required:
                - name
            number:
              type: string
              description: Unique number for the integration version.
            releasedOn:
              type: string
              format: date
              description: Release date in the form yyyy-mm-dd.
          required:
            - number
            - releasedOn
    IntegrationVersionSAML:
      allOf:
        - $ref: '#/components/schemas/IntegrationVersionCommon'
        - type: object
          properties:
            assertionConsumerService:
              type: string
              description: The URL to which PingOne sends SAML responses. Parameterize the URL using `${_paremter_}`. For example, `https://${subdomain}.slack.com`. The maximum length is 2000 characters.
              maxLength: 2000
            assertionEncrypted:
              type: boolean
              description: The state of assertion encryption. `true` if encrypted.
            defaultTarget:
              type: string
              description: After an IdP-initiated SSO, this URL is passed in the RelayState value in the SAML response. Informs the IdP where to send its response. Parameterize the URL using `${_paremter_}`. For example, `https://${subdomain}.slack.com`.
            entityId:
              type: string
              description: Unique ID for the application.
            nameIdFormat:
              type: string
              description: |
                This can be one of the following:
                urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
                urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
                urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
                urn:oasis:names:tc:SAML:2.0:nameid-format:transient
            protocolVersion:
              $ref: '#/components/schemas/EnumIntegrationVersionSAMLProtocolVersion'
            slo:
              type: object
              description: The Single Logout information.
              properties:
                requestEndpoint:
                  type: string
                  description: The endpoint where SLO requests are sent.
                responseEndpoint:
                  type: string
                  description: The endpoint where SLO responses are sent.
                binding:
                  $ref: '#/components/schemas/EnumIntegrationVersionSAMLSLOBinding'
            thirdParty:
              type: object
              description: Third-party IdP information.
              properties:
                metadata:
                  type: object
                  description: The third-party IdP metadata.
                  properties:
                    href:
                      type: string
                      description: URL of IdP's SAML metadata XML.
                instructions:
                  type: object
                  properties:
                    href:
                      type: string
                      description: URL of IdP's setup instructions.
          required:
            - assertionConsumerService
            - protocolVersion
    KeyRotationPolicy:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        algorithm:
          $ref: '#/components/schemas/EnumKeyRotationPolicyAlgorithm'
        currentKeyId:
          type: string
          description: The `kid` (key identifier) of the `KrpKey` designated as `CURRENT`.
          readOnly: true
        dn:
          type: string
          description: The DN this KRP will apply to generated `KrpKeys`. Is applied as both `issuerDN` and `subjectDN` because generated `KrpKeys` are self-signed.
        id:
          type: string
          description: The resource’s unique identifier.
          readOnly: true
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        keyLength:
          type: integer
          description: The number of bytes of a cryptographic key this KRP will apply to generated `KrpKeys`.
        name:
          type: string
          description: Human-readable name displayed in the admin console.
        nextKeyId:
          type: string
          description: The `kid` (key identifier) of the `KrpKey` designated as `NEXT`.
          readOnly: true
        rotatedAt:
          type: string
          format: date-time
          description: The last time this KRP was rotated.
          readOnly: true
        rotationPeriod:
          type: integer
          description: The number of days to elapse before this KRP rotates `KrpKeys`. The default value is `90` days. The minimum value is `30` days. The maximum value is 1 day less than the `validityPeriod` value.
          default: 90
          minimum: 30
        signatureAlgorithm:
          $ref: '#/components/schemas/EnumKeyRotationPolicySigAlgorithm'
        usageType:
          $ref: '#/components/schemas/EnumKeyRotationPolicyUsageType'
        validityPeriod:
          type: integer
          default: 365
          description: Controls the `startsAt` and `expiresAt` fields this KRP will apply to generated `KrpKeys`. The default value is `365` days.
      required:
        - algorithm
        - dn
        - keyLength
        - name
        - signatureAlgorithm
        - usageType
    Language:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        default:
          type: boolean
          description: Specifies whether this language is the default for the environment. This property value must be set to false when creating a language resource. It can be set to true only after the language is enabled and after the localization of an agreement resource is complete when agreements are used for the environment.
        enabled:
          type: boolean
          description: Specifies whether this language is enabled for the environment. This property value must be set to false when creating a language.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        id:
          type: string
          description: The resource’s unique identifier.
          readOnly: true
        locale:
          type: string
          description: An ISO standard language code. For more information about standard language codes, see ISO Language Code Table.
        name:
          type: string
          description: The language name. If omitted, the ISO standard name is used.
        createdAt:
          type: string
          format: date-time
          description: The time the language resource was created.
          readOnly: true
        customerAdded:
          type: boolean
          description: Specifies whether this language was added by a customer administrator.
          readOnly: true
        updatedAt:
          type: string
          format: date-time
          description: The time the language resource was last updated.
          readOnly: true
      required:
        - locale
        - default
        - enabled
    LanguageLocalizationStatus:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        createdAt:
          type: string
          format: date-time
          description: The time the language localization status resource was created.
          readOnly: true
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        id:
          type: string
          description: The resource’s unique identifier.
          readOnly: true
        locale:
          type: object
          readOnly: true
          properties:
            id:
              type: string
              description: The locale ID.
        service:
          type: string
          description: The name of the service associated with this resource.
        localizationComplete:
          type: boolean
        statusDetails:
          type: string
        updatedAt:
          type: string
          format: date-time
          description: The time the language localization status resource was last updated.
          readOnly: true
      required:
        - service
    License:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        advancedServices:
          type: object
          readOnly: true
          properties:
            pingId:
              type: object
              properties:
                included:
                  type: boolean
                type:
                  type: string                
        assignedEnvironmentsCount:
          type: integer
          description: A read-only integer that specifies the total number of environments associated with this license.
          readOnly: true
        authorize:
          type: object
          readOnly: true
          properties:
            allowApiAccessManagement:
              type: boolean
              description: A read-only boolean that specifies whether to enable the PingOne Authorize API access management feature.
            allowDynamicAuthorization:
              type: boolean
              description: A read-only boolean that specifies whether to enable the PingOne Authorize dynamic authorization feature.
        beginsAt:
          type: string
          format: date-time
          description: The date and time this license begins.
          readOnly: true
        credentials:
          type: object
          readOnly: true
          properties:
            allowCredentials:
              type: boolean
        environments:
          type: object
          readOnly: true
          properties:
            allowAddResources:
              type: boolean
            allowConnections:
              type: boolean
              description: A boolean that specifies whether the license supports creation of application connections in the specified environment.
            allowCustomDomain:
              type: boolean
              description: A read-only boolean that specifies whether the license supports creation of a custom domain in the specified environment.
            allowCustomSchema:
              type: boolean
              description: A read-only boolean that specifies whether the license supports using custom schema attributes in the specified environment.
            allowProduction:
              type: boolean
              description: A read-only boolean that specifies whether production environments are allowed.
            max:
              type: integer
              description: A read-only integer that specifies the maximum number of environments allowed.
            regions:
              type: array
              items:
                $ref: '#/components/schemas/EnumRegionCodeLicense'
        expiresAt:
          type: string
          format: date-time
          readOnly: true
          description: The date and time this license expires. TRIAL licenses stop access to PingOne services at expiration. All other licenses trigger an event to send a notification when the license expires but do not block services.
        fraud:
          type: object
          readOnly: true
          properties:
            allowBotMaliciousDeviceDetection:
              type: boolean
            allowAccountProtection:
              type: boolean
        gateways:
          type: object
          readOnly: true
          properties:
            allowLdapGateway:
              type: boolean
            allowKerberosGateway:
              type: boolean
            allowRadiusGateway:
              type: boolean
        id:
          type: string
          description: A read-only string that specifies the license resource’s unique identifier.
          readOnly: true
        intelligence:
          type: object
          readOnly: true
          properties:
            allowGeoVelocity:
              type: boolean
              description: A read-only boolean that specifies whether to use the intelligence geo-velocity feature. For `TRIAL` (unpaid) licenses, the default value is true. For `ADMIN`, `GLOBAL`, `RISK`, and `MFARISK`, the default value is true.
            allowAnonymousNetworkDetection:
              type: boolean
              description: A read-only boolean that specifies whether to use the intelligence anonymous network detection feature. For `TRIAL` (unpaid) licenses, the default value is true. For `ADMIN`, `GLOBAL`, `RISK`, and `MFARISK`, the default value is true.
            allowReputation:
              type: boolean
              description: A read-only boolean that specifies whether to use the intelligence IP reputation feature. For `TRIAL` (unpaid) licenses, the default value is true. For `ADMIN`, `GLOBAL`, `RISK`, and `MFARISK`, the default value is true.
            allowDataConsent:
              type: boolean
              description: A read-only boolean that specifies whether the customer has opted in to allow user and event behavior analytics (UEBA) data collection.
            allowRisk:
              type: boolean
              description: A read-only boolean that specifies whether your license permits you to configure risk features such as sign-on policies that include rules to detect anomalous changes to your locations (such as impossible travel). This capability is supported for TRIAL, RISK, and MFARISK license packages. Note, The sharing of user data to enable our machine-learning engine, which is integral to PingOne Risk, is captured in the license property license.intelligence.allowDataConsent, but it is not set to true by default in any license package. This license capability always requires active consent by the customer before it can be enabled, and if consent is given, then it allows the full scope of intelligence features included in PingOne Risk (and PingOne Risk plus MFA).
            allowAdvancedPredictors:
              type: boolean
        mfa:
          type: object
          readOnly: true
          properties:
            allowPushNotification:
              type: boolean
              description: A read-only boolean that specifies whether push notifications are allowed. For TRIAL (unpaid) licenses, the default value is true. For other license package types, adoption of the feature determines the default value.
            allowNotificationOutsideWhitelist:
              type: boolean
              description: A read-only boolean that specifies whether the license supports sending notifications outside of the environment's whitelist.
            allowFido2Devices:
              type: boolean
              description: A read-only boolean that specifies whether FIDO2 devices are allowed. For TRIAL (unpaid) licenses, the default value is true. For other license package types, adoption of the feature determines the default value.
            allowVoiceOtp:
              type: boolean
            allowEmailOtp:
              type: boolean
            allowSmsOtp:
              type: boolean
            allowTotp:
              type: boolean
        name:
          type: string
          description: A string that specifies a descriptive name for the license. This is a required property in a license name update request. Valid characters consists of any Unicode letter, mark, numeric character, forward slash, dot, apostrophe, underscore, space, or hyphen. The maximum length of a name is 255 characters.
        orchestrate:
          type: object
          properties:
            allowOrchestration:
              type: boolean
        organization:
          $ref: '#/components/schemas/ObjectOrganization'
        package:
          type: string
          description: A string that specifies the license template on which this license is based.
        replacesLicense:
          type: object
          description: A read-only object that specifies the license ID of the license that is replaced by this license.
          properties:
            id:
              type: string
              description: A read-only string that specifies the license ID of the license that is replaced by this license.
        replacedByLicense:
          type: object
          description: A read-only object that specifies the license ID of the license that replaces this license.
          properties:
            id:
              type: string
              description: A read-only string that specifies the license ID of the license that replaces this license.
        status:
          $ref: '#/components/schemas/EnumLicenseStatus'
        terminatesAt:
          type: string
          format: date-time
          description: An optional attribute that designates the exact date and time when this license terminates access to PingOne services. This attribute can be added to any licensing package.
        users:
          type: object
          readOnly: true
          properties:
            allowPasswordManagementNotifications:
              type: boolean
              description: A read-only boolean that specifies whether the license supports sending password management notifications.
            allowIdentityProviders:
              type: boolean
              description: A read-only boolean that specifies whether the license supports using external identity providers in the specified environment.
            allowMyAccount:
              type: boolean
              description: A read-only boolean that specifies whether the license supports using My Account capabilities in the specified environment.
            allowPasswordManagement:
              type: boolean
              description: A read-only boolean that specifies whether the license supports using password management capabilities in the specified environment.
            allowPasswordOnlyAuthentication:
              type: boolean
              description: A read-only boolean that specifies whether the license supports using password only login capabilities in the specified environment.
            allowPasswordPolicy:
              type: boolean
              description: A read-only boolean that specifies whether the license supports using password policies in the specified environment.
            allowProvisioning:
              type: boolean
              description: A read-only boolean that specifies whether the license supports using provisioning capabilities in the specified environment.
            allowInboundProvisioning:
              type: boolean
            allowRoleAssignment:
              type: boolean
              description: A read-only boolean that specifies whether the license supports role assignments in the specified environment.
            allowVerificationFlow:
              type: boolean
              description: A read-only boolean that specifies whether the license supports using verification flows in the specified environment.
            allowUpdateSelf:
              type: boolean
              description: A read-only boolean that specifies whether the license supports allowing users to update their own profile.
            entitledToSupport:
              type: boolean
              description: A read-only boolean that specifies whether the license allows PingOne support.
            max:
              type: integer
              description: An read-only integer that specifies the maximum number of users allowed per environment.
            hardLimitMax:
              type: integer
            annualActiveIncluded:
              type: integer
              description: A read-only integer that specifies a soft limit on the number of active identities across all environments on the license per year. This property is not visible if a value is not provided at the time the license is created.
            monthlyActiveIncluded:
              type: integer
              description: A read-only integer that specifies a soft limit on the number of active identities across all environments on the license per month. This property is not visible if a value is not provided at the time the license is created.
        verify:
          type: object
          readOnly: true
          properties:
            allowPushNotifications:
              type: boolean
              description: A read-only boolean that specifies whether to enable the PingOne Verify push notifications feature.
            allowDocumentMatch:
              type: boolean
              description: A read-only boolean that specifies whether to enable the PingOne Verify document matching feature.
            allowFaceMatch:
              type: boolean
              description: A read-only boolean that specifies whether to enable the PingOne Verify face matching feature.
            allowManualIdInspection:
              type: boolean
              description: A read-only boolean that specifies whether to enable the PingOne Verify manual ID inspection feature.
      required:
        - name
    LicenseName:
      type: object
      properties:
        name:
          type: string
          description: The license name
      required:
        - name
    NotificationsPolicy:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was created.
        updatedAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was last updated.
        id:
          type: string
          readOnly: true
          description: A string that specifies the resource’s unique identifier.
        name:
          type: string
          description: The name to use for the notification policy. Must be unique among the notification policies in the environment.
        default:
          type: boolean
          description: Indication of whether this policy is the default notification policy for the environment. If the parameter is not provided, the value used is `false`
          default: false
        countryLimit:
          type: object
          description: You can use the `countryLimit` object to limit the countries where you can send SMS and voice notifications.
          properties:
            type:
              $ref: '#/components/schemas/EnumNotificationsPolicyCountryLimitType'
            deliveryMethods:
              type: array
              description: The delivery methods that the defined limitation should be applied to. Content of the array can be `SMS`, `Voice`, or both. If the parameter is not provided, the default is `SMS` and `Voice`.
              items:
                $ref: '#/components/schemas/EnumNotificationsPolicyCountryLimitDeliveryMethod'
            countries:
              type: array
              description: The countries where the specified methods should be allowed or denied. Use the two-letter country codes from ISO 3166-1.
              items:
                type: string
                pattern: '^(A(D|E|F|G|I|L|M|N|O|R|S|T|Q|U|W|X|Z)|B(A|B|D|E|F|G|H|I|J|L|M|N|O|R|S|T|V|W|Y|Z)|C(A|C|D|F|G|H|I|K|L|M|N|O|R|U|V|X|Y|Z)|D(E|J|K|M|O|Z)|E(C|E|G|H|R|S|T)|F(I|J|K|M|O|R)|G(A|B|D|E|F|G|H|I|L|M|N|P|Q|R|S|T|U|W|Y)|H(K|M|N|R|T|U)|I(D|E|Q|L|M|N|O|R|S|T)|J(E|M|O|P)|K(E|G|H|I|M|N|P|R|W|Y|Z)|L(A|B|C|I|K|R|S|T|U|V|Y)|M(A|C|D|E|F|G|H|K|L|M|N|O|Q|P|R|S|T|U|V|W|X|Y|Z)|N(A|C|E|F|G|I|L|O|P|R|U|Z)|OM|P(A|E|F|G|H|K|L|M|N|R|S|T|W|Y)|QA|R(E|O|S|U|W)|S(A|B|C|D|E|G|H|I|J|K|L|M|N|O|R|T|V|Y|Z)|T(C|D|F|G|H|J|K|L|M|N|O|R|T|V|W|Z)|U(A|G|M|S|Y|Z)|V(A|C|E|G|I|N|U)|W(F|S)|Y(E|T)|Z(A|M|W))$'
          required:
            - type
            - countries
        quotas:
          type: array
          description: Collection of objects that define the SMS/Voice limits. Each object contain the following elements- `type`, `deliveryMethods`, `total`. Currently, a policy can contain ony one such object. Note that instead of `total`, you can use the pair of fields- `claimed` and `unclaimed`.
          items:
            type: object
            properties:
              type:
                $ref: '#/components/schemas/EnumNotificationsPolicyQuotaItemType'
              deliveryMethods:
                type: array
                description: |
                  The delivery methods for which the limit is being defined. The value can be `Email` or `SMS,Voice`. When you use the `SMS`, `Voice` option, it means that the combined total of SMS and voice notifications must be below the limit defined. If you are limiting both email and SMS/voice, each limit should be represented by a different object in the `quotas` array, for example:
                  `"quotas": [{"type": "USER","deliveryMethods": ["SMS","Voice"],"total": 30},{"type": "USER","deliveryMethods": ["Email"],"total": 30}]`
                items:
                  $ref: '#/components/schemas/EnumNotificationsPolicyQuotaDeliveryMethods'
              total:
                type: integer
                description: The maximum number of notifications allowed per day.
              claimed:
                type: integer
                description: The maximum number of notifications that can be received and responded to each day. Used in conjunction with unclaimed in place of the single field total.
              unclaimed:
                type: integer
                description: The maximum number of notifications that can be received and not responded to each day. Used in conjunction with claimed in place of the single field total.
            required:
              - type
              - deliveryMethods
      required:
        - name
        - quotas
    NotificationsSettings:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        updatedAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was last updated.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        deliveryMode:
          $ref: '#/components/schemas/EnumNotificationsSettingsDeliveryMode'
        restrictions:
          type: object
          properties:
            smsVoiceQuota:
              type: object
              properties:
                daily:
                  type: integer
                  description: |
                    The maximum number of SMS and voice notifications that can be sent per user per day.
                    - `restrictions.smsVoiceQuota.daily` can be set to any value between 0 and 50.
                    - Trial accounts have a default value of 30.
                    - The daily counters are reset every night at midnight UTC.
              required:
                - daily
          required:
            - smsVoiceQuota
        id:
          type: string
          readOnly: true
          description: A string that specifies the resource’s unique identifier.
        smsProvidersFallbackChain:
          type: array
          description: A list which represents the execution order of different SMS/Voice providers configured for the environment. The providers and their accounts’ configurations are represented in the list by the ID of the corresponding `PhoneDeliverySettings` resource. The only provider which is not represented by a `phoneDeliverySettingsID` is the PingOne Twilio provider. The PingOne Twilio provider is represented by the `PINGONE_TWILIO` string. If the `smsProvidersFallbackChain` list is empty, an SMS or voice message will be sent using the default Ping Twilio account. Otherwise, an SMS or voice message will be sent using the first provider in the list. If the server fails to queue the message using that provider, it will use the next provider in the list to try to send the message. This process will go on until there are no more providers in the list. If the server failed to send the message using all providers, the notification status is set to `FAILED`.
          items:
            type: string
        from:
          type: object
          properties:
            name:
              type: string
              description: A string that specifies the email's "from" name (relevant when the `deliveryMethod` is `Email`).  See [Note](https://apidocs.pingidentity.com/pingone/platform/v1/api/#notifications-settings-from-replyTo-note) for details.
            address:
              type: string
              description: A string that specifies the email's "from" address (relevant when the `deliveryMethod` is `Email`). This value must be a trusted email address.  See [Note](https://apidocs.pingidentity.com/pingone/platform/v1/api/#notifications-settings-from-replyTo-note) for details.
        replyTo:
          type: object
          properties:
            name:
              type: string
              description: A string that specifies the email's "reply to" name (relevant when `deliveryMethod` is `Email`).  See [Note](https://apidocs.pingidentity.com/pingone/platform/v1/api/#notifications-settings-from-replyTo-note) for details.
            address:
              type: string
              description: A string that specifies the email's "reply to" address (relevant when `deliveryMethod` is `Email`). This value must be a trusted email address.  See [Note](https://apidocs.pingidentity.com/pingone/platform/v1/api/#notifications-settings-from-replyTo-note) for details.
        whitelist:
          type: array
          items:
            type: object
            properties:
              user:
                type: object
                properties:
                  id:
                    type: string
                required:
                  - id
    NotificationsSettingsEmailDeliverySettings:
      oneOf:
        - $ref: '#/components/schemas/NotificationsSettingsEmailDeliverySettingsCustom'
        - $ref: '#/components/schemas/NotificationsSettingsEmailDeliverySettingsSMTP'
    NotificationsSettingsEmailDeliverySettingsCommon:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        updatedAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was last updated.
    NotificationsSettingsEmailDeliverySettingsCustom:
      allOf:
        - $ref: '#/components/schemas/NotificationsSettingsEmailDeliverySettingsCommon'
        - type: object
          properties:
            authentication:
              type: object
              description: Contains the information for authenticating with the email provider.
              properties:
                method:
                  $ref: '#/components/schemas/EnumNotificationsSettingsEmailDeliverySettingsCustomAuthenticationMethod'
                authToken:
                  type: string
                  description: If you specified `BEARER` as the authentication method, use authToken to provide the bearer token to use.
                username:
                  type: string
                  description: If you specified `BASIC` as the authentication method, use username to provide the username for authenticating with the email provider.
                password:
                  type: string
                  format: password
                  description: If you specified `BASIC` as the authentication method, use password to provide the password for authenticating with the email provider.
              required:
                - method
            from:
              type: object
              description: Contains the "from" information to use for the notifications.
              properties:
                name:
                  type: string
                  description: The "from" name to use in the notifications that are sent.
                address:
                  type: string
                  description: The "from" address to use in the notifications that are sent.
            name:
              type: string
              description: Name to use to identify the provider.
            protocol:
              $ref: '#/components/schemas/EnumNotificationsSettingsEmailDeliverySettingsCustomProtocol'
            provider:
              $ref: '#/components/schemas/EnumNotificationsSettingsEmailDeliverySettingsCustomProvider'
            replyTo:
              type: object
              description: Contains the "reply-to" information to use for the notifications.
              properties:
                name:
                  type: string
                  description: The "reply-to" name to use in the notifications that are sent.
                address:
                  type: string
                  description: The "reply-to" address to use in the notifications that are sent.
            requests:
              type: array
              description: Contains the object that is used to configure the API requests sent to the email provider.
              items:
                type: object
                properties:
                  body:
                    type: string
                    description: |
                      Required if method is set to `POST`. Use body to provide the content of the body for the request sent to the email provider. The body that you define must include the mandatory PingOne variables for notifications: `${from}`, `${to}`, and `${message}`. You can also include any optional notification variables.
                      If you are including the header `content-type: application/json` in `headers`:
                      - The content of `body` must be valid JSON
                      - You must enclose the JSON object in quotation marks and escape all quotation marks within the string, for example, `"{\"From\": \"${from}\",\"To\": \"${to}\",\"message2\": \"${message}\"}"`.
                  deliveryMethod:
                    $ref: '#/components/schemas/EnumNotificationsSettingsEmailDeliverySettingsCustomRequestsDeliveryMethod'
                  headers:
                    type: object
                    additionalProperties:
                      type: string
                    description: Use this object to specify the headers that your email provider's API expects.
                  method:
                    $ref: '#/components/schemas/EnumNotificationsSettingsEmailDeliverySettingsCustomRequestsMethod'
                  url:
                    type: string
                    description: Use url to specify the endpoint for your email provider, for example, `https://api.example.com/email`. If `method` is set to `GET`, append to the URL the various query parameters that the email provider's API requires. The URL must also include the required PingOne variables, as described for the body parameter.
                required:
                  - deliveryMethod
                  - method
                  - url
          required:
            - authentication
            - name
            - protocol
            - requests
    NotificationsSettingsEmailDeliverySettingsSMTP:
      allOf:
        - $ref: '#/components/schemas/NotificationsSettingsEmailDeliverySettingsCommon'
        - type: object
          properties:
            host:
              type: string
              description: A string that specifies the organization's SMTP server.
            port:
              type: integer
              description: An integer that specifies the port used by the organization's SMTP server to send emails (default `465`). Note that the protocol used depends upon the port specified. If you specify port `25`, `587`, or `2525`, SMTP with `STARTTLS` is used. Otherwise, `SMTPS` is used.
              default: 465
            protocol:
              type: string
              description: A string that specifies the organization's SMTP server's protocol.
              readOnly: true
            username:
              type: string
              description: A string that specifies the organization's SMTP server's username.
            password:
              type: string
              format: password
              description: A string that specifies the organization's SMTP server's password.
            from:
              type: object
              properties:
                name:
                  type: string
                  description: A string that specifies the email's "from" name.
                address:
                  type: string
                  description: A string that specifies the email's "from" address.
              required:
                - address
            replyTo:
              type: object
              properties:
                name:
                  type: string
                  description: A string that specifies the email's "reply to" name.
                address:
                  type: string
                  description: A string that specifies the email's "reply to" address.
    NotificationsSettingsPhoneDeliverySettings:
      oneOf:
        - $ref: '#/components/schemas/NotificationsSettingsPhoneDeliverySettingsCustom'
        - $ref: '#/components/schemas/NotificationsSettingsPhoneDeliverySettingsTwilioSyniverse'
    NotificationsSettingsPhoneDeliverySettingsCommon:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          readOnly: true
          description: A string that specifies the resource’s unique identifier.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        provider:
          $ref: '#/components/schemas/EnumNotificationsSettingsPhoneDeliverySettingsProvider'
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was created.
        updatedAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was last updated.
      required:
        - provider
    NotificationsSettingsPhoneDeliverySettingsCustom:
      allOf:
        - $ref: '#/components/schemas/NotificationsSettingsPhoneDeliverySettingsCommon'
        - type: object
          properties:
            name:
              type: string
              description: The customer provider's name.
            requests:
              type: array
              items:
                $ref: '#/components/schemas/NotificationsSettingsPhoneDeliverySettingsCustomRequest'
            authentication:
              type: object
              properties:
                method:
                  $ref: '#/components/schemas/EnumNotificationsSettingsPhoneDeliverySettingsCustomAuthMethod'
                username:
                  type: string
                  description: The username for the custom provider account. Required when `authentication.method=BASIC`
                password:
                  type: string
                  format: password
                  description: The password for the custom provider account. Required when `authentication.method=BASIC`
                authToken:
                  type: string
                  format: password
                  description: The authentication token for the custom provider account.  Required when `authentication.method=BEARER`
              required:
                - method
            numbers:
              type: array
              items:
                $ref: '#/components/schemas/NotificationsSettingsPhoneDeliverySettingsCustomNumbers'
          required:
            - name
            - requests
            - authentication
    NotificationsSettingsPhoneDeliverySettingsCustomNumbers:
      type: object
      properties:
        number:
          type: string
          description: The phone number, toll-free number or short code.
        type:
          $ref: '#/components/schemas/EnumNotificationsSettingsPhoneDeliverySettingsCustomNumbersType'
        selected:
          type: boolean
          description: Specifies whether the number is selected by the admin for sending messages.
        available:
          type: boolean
          description: Specifies whether the number is currently available in the provider account.
        capabilities:
          type: array
          description: A collection of the phone delivery service capabilities.
          items:
            $ref: '#/components/schemas/EnumNotificationsSettingsPhoneDeliverySettingsCustomNumbersCapability'
        supportedCountries:
          type: array
          description: |
            Specifies the `number`'s supported countries for notification recipients, depending on the phone number type:
            `SHORT_CODE`: A collection containing a single 2-character ISO country code, for example, `US`, `GB`, `CA`.
            If the custom provider is of `type=CUSTOM_PROVIDER`, `supportedCountries` must not be empty or null.
            For other custom provider types, if `supportedCountries` is null (empty is not supported), the specified short code number can only be used to dispatch notifications to United States recipient numbers.
            `TOLL_FREE`: A collection of valid 2-character country ISO codes, for example, `US`, `GB`, `CA`.
            If the custom provider is of `type=CUSTOM_PROVIDER`, `supportedCountries` must not be empty or null.
            For other custom provider types, if `supportedCountries` is null (empty is not supported), the specified toll-free number can only be used to dispatch notifications to United States recipient numbers.
            `PHONE_NUMBER`: `supportedCountries` can not be specified.
            If an SMS template has an alphanumeric `sender` ID and also has short code, the `sender` ID will be used for destination countries that support both alphanumeric senders and short codes. For Unites States and Canada that don't support alphanumeric sender IDs, a short code will be used if both an alphanumeric sender and a short code are specified.
          items:
            type: string
      required:
        - number
        - type
    NotificationsSettingsPhoneDeliverySettingsCustomRequest:
      type: object
      properties:
        deliveryMethod:
          $ref: '#/components/schemas/EnumNotificationsSettingsPhoneDeliverySettingsCustomDeliveryMethod'
        url:
          type: string
          description: |
            The provider's remote gateway or customer gateway URL.
            For requests using the POST method, use the provider's remote gateway URL.
            For requests using the GET method, use the provider's remote gateway URL, including the `${to}` and `${message}` mandatory variables, and the optional `${from}` variable, for example:
            `https://api.transmitsms.com/send-sms.json?to=${to}&from=${from}&message=${message}`
        body:
          type: string
          description: |
            The notification's request body. The body should include the ${to} and ${message} mandatory variables. For some vendors, the optional ${from} variable may also be required. For example:
            `messageType=ARN&message=${message}&phoneNumber=${to}&sender=${from}`
            In addition, you can use the following optional variables:
            `${voice}` - the type of voice configured for notifications
            `${locale}` - locale
            `${otp}` - OTP
            `${user.user.name}` - user's username
            `${user.name.given}` - user's given name
            `${user.name.family}` - user's family name
            You can also use dynamic variables in the body. For more information, see [Dynamic variables](https://apidocs.pingidentity.com/pingone/platform/v1/api/#notifications-templates-dynamic-variables).
        headers:
          type: object
          additionalProperties:
            type: string
          description: |
            A map of the notification's request headers
        method:
          $ref: '#/components/schemas/EnumNotificationsSettingsPhoneDeliverySettingsCustomRequestMethod'
        phoneNumberFormat:
          $ref: '#/components/schemas/EnumNotificationsSettingsPhoneDeliverySettingsCustomNumberFormat'
        beforeTag:
          type: string
          description: |
            For voice OTP notifications only.
            An opening tag which is commonly used by custom providers for defining a pause between each number in the OTP number string.
            Possible value: `<Say>`
        afterTag:
          type: string
          description: |
            For voice OTP notifications only.
            A closing tag which is commonly used by custom providers for defining a pause between each number in the OTP number string.
            Possible value: `</Say> <Pause length="1"/>`
      required:
        - deliveryMethod
        - url
        - method
        - phoneNumberFormat
    NotificationsSettingsPhoneDeliverySettingsTwilioSyniverse:
      allOf:
        - $ref: '#/components/schemas/NotificationsSettingsPhoneDeliverySettingsCommon'
        - type: object
          properties:
            sid:
              type: string
              description: |
                The public ID of the Twilio account.
                Relevant to Twilio only.
            authToken:
              type: string
              format: password
              description: The secret key of the Twilio or Syniverse account.
            numbers:
              type: array
              items:
                $ref: '#/components/schemas/NotificationsSettingsPhoneDeliverySettingsCustomNumbers'
          required:
            - sid
            - authToken
    ObjectApplication:
      type: object
      readOnly: true
      properties:
        id:
          type: string
          readOnly: true
          description: A string that specifies the application resource ID associated with the object.
    ObjectEnvironment:
      type: object
      readOnly: true
      properties:
        id:
          type: string
          readOnly: true
          description: A string that specifies the environment associated with the object.
    ObjectOrganization:
      type: object
      readOnly: true
      properties:
        id:
          type: string
          readOnly: true
          description: A string that specifies the organization associated with the object.
    ObjectPopulation:
      type: object
      readOnly: true
      properties:
        id:
          type: string
          readOnly: true
          description: A string that specifies the population associated with the object.
    ObjectResource:
      type: object
      readOnly: true
      properties:
        id:
          type: string
          readOnly: true
          description: A string that specifies the resource associated with the object.
    Organization:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          description: A string that specifies the resource’s unique identifier.
          readOnly: true
        name:
          type: string
          description: A string that specifies the organization name, which must be provided and must be unique among all organizations in PingOne.
          readOnly: true
        description:
          type: string
          description: A string that specifies the description of the organization.
          readOnly: true
        createdAt:
          type: string
          description: The time the resource was created.
          readOnly: true
        updatedAt:
          type: string
          description: The time the resource was last updated.
          readOnly: true
        type:
          $ref: '#/components/schemas/EnumOrganizationType'
          readOnly: true
        billingConnections:
          type: array
          items:
            type: object
            properties:
              id:
                type: string
                description: A string that specifies the list of the BillingConnection resource IDs for the organization.
                readOnly: true
          readOnly: true
    P1Error:
      type: object
      properties: 
        id:
          description: A unique identifier that is stored in log files and always included in an error response. This value can be used to track the error received by the client, with server-side activity included for troubleshooting purposes.
          type: string
        code:
          description: A general fault code which the client must handle to provide all exception handling routines and to localize messages for users. This code is common across all PingOne services and is human readable (such as a defined constant rather than a number).
          type: string
        message:
          description: A short description of the error. This message is intended to assist with debugging and is returned in English only.
          type: string
        details:
          description: Additional details about the error. Optional information to help resolve the error and to display to users.
          type: array
          items:
            type: object
            properties:
              code:
                description: A general fault code which the client must handle to provide all exception handling routines and to localize messages for users. This code is common across all PingOne services and is human readable (such as a defined constant rather than a number).
                type: string
              target:
                description: The item that caused the error (such as a form field ID or an attribute inside a JSON object).
                type: string
              message:
                description: A short description of the error. This message is intended to assist with debugging and is returned in English only.
                type: string
              innerError:
                description: Additional details to help the client developer resolve the fault (primarily for UI validation reasons).
                type: object
                properties:
                  rangeMinimumValue:
                    description: Errors that failed due to range violation. This attribute represents the minimum value of the range.
                    type: integer
                  rangeMaximumValue:
                    description: The maximum range or value of an attribute.
                    type: integer
                  allowedPattern:
                    description: A regex pattern describing an acceptable input pattern.
                    type: string
                  allowedValues:
                    description: A list describing acceptable values.
                    type: array
                    items:
                      type: string
                  maximumValue:
                    description: The maximum value allowed for the request.
                    type: integer
                  referencedValues:
                    type: array
                    items:
                      type: string
    PasswordPolicy:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        bypassPolicy:
          type: boolean
          default: false
          description: Determines whether the password policy for a user will be ignored. If this property is omitted from a CREATE Password Policy request, its value is set to false.
        createdAt:
          type: string
          description: The date and time the resource was created (format ISO-8061).
          readOnly: true
        currentPassword:
          type: string
          description: The current password to be verified before the new password is set. Required for self-change when the user already has a password (the user whose password is being changed is the same as the actor in the access token).
        default:
          type: boolean
          description: Indicates whether this password policy is enforced within the environment. When set to true, all other password policies are set to false.
        description:
          type: string
          description: Specifies the brief description of the password policy.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        excludesCommonlyUsed:
          type: boolean
          description: Set this to true to ensure the password is not one of the commonly used passwords.
        excludesProfileData:
          type: boolean
          description: Set this to true to ensure the password is not an exact match for the value of any attribute in the user’s profile, such as name, phone number, or address.
        history:
          type: object
          description: Settings to control the users password history
          properties:
            count:
              type: integer
              minimum: 1
              description: Specifies the number of prior passwords to keep for prevention of password re-use. The value must be a positive, non-zero integer.
            retentionDays:
              type: integer
              minimum: 1
              description: The length of time to keep recent passwords for prevention of password re-use. The value must be a positive, non-zero integer.
        id:
          type: string
          description: The password resource’s unique identifier.
          readOnly: true
        length:
          type: object
          description: Settings to control the user's password length
          properties:
            max:
              type: integer
              default: 255
              description: The maximum number of characters allowed for the password. Defaults to 255. This property is not enforced when not present.
            min:
              type: integer
              minimum: 8
              maximum: 32
              default: 8
              description: The minimum number of characters required for the password. This can be from 8 to 32 (inclusive). Defaults to 8 characters. This property is not enforced when not present.
        lockout:
          type: object
          description: Settings to control the user's lockout on unsuccessful authentication attempts
          properties:
            durationSeconds:
              type: integer
              minimum: 1
              description: The length of time before a password is automatically moved out of the lock out state. The value must be a positive, non-zero integer.
            failureCount:
              type: integer
              minimum: 1
              description: The number of tries before a password is placed in the lockout state. The value must be a positive, non-zero integer.
        maxAgeDays:
          type: integer
          minimum: 1
          description: The maximum number of days the same password can be used before it must be changed. The value must be a positive, non-zero integer.  The value must be greater than the sum of minAgeDays (if set) + 21 (the expiration warning interval for passwords).
        maxRepeatedCharacters:
          type: integer
          description: The maximum number of repeated characters allowed. This property is not enforced when not present.
        minAgeDays:
          type: integer
          minimum: 1
          description: The minimum number of days a password must be used before changing. The value must be a positive, non-zero integer. This property is not enforced when not present.
        minCharacters:
          type: object
          description: A set of key-value pairs where the key is contains all characters that can be included, and the value is the minimum number of times one of the characters must appear in the password. The only allowed key values are `ABCDEFGHIJKLMNOPQRSTUVWXYZ`, `abcdefghijklmnopqrstuvwxyz`, `0123456789`, and `~!@#$%^&*()-_=+[]{}\|;:,.<>/?`. This property is not enforced when not present.
          properties:
            'ABCDEFGHIJKLMNOPQRSTUVWXYZ':
              description: Count of alphabetical uppercase characters (`ABCDEFGHIJKLMNOPQRSTUVWXYZ`) that should feature in the user's password.
              type: integer
            'abcdefghijklmnopqrstuvwxyz':
              description: Count of alphabetical uppercase characters (`abcdefghijklmnopqrstuvwxyz`) that should feature in the user's password.
              type: integer
            '0123456789':
              description: Count of numeric characters (`0123456789`) that should feature in the user's password.
              type: integer
            '~!@#$%^&*()-_=+[]{}|;:,.<>/?':
              description: Count of special characters (`~!@#$%^&*()-_=+[]{}\\|;:,.<>/?`) that should feature in the user's password.
              type: integer
        minComplexity:
          type: integer
          description: The minimum complexity of the password based on the concept of password haystacks. The value is the number of days required to exhaust the entire search space during a brute force attack. This property is not enforced when not present.
        minUniqueCharacters:
          type: integer
          description: The minimum number of unique characters required. This property is not enforced when not present.
        name:
          type: string
          description: The name of the password policy. This value must be unique within the environment.
        newPassword:
          type: string
          description: The new password (must satisfy all requirements).
        notSimilarToCurrent:
          type: boolean
          description: Set this to true to ensure that the proposed password is not too similar to the user's current password based on the Levenshtein distance algorithm. The value of this parameter is evaluated only for password change actions in which the user enters both the current and the new password. By design, PingOne does not know the user's current password.
        populationCount:
          type: integer
          description: Returned in the response. The number of populations associated with the password policy.
          readOnly: true
        updatedAt:
          type: string
          description: The date and time the resource was last updated (format ISO-8061).
          readOnly: true
      required:
        - name
        - notSimilarToCurrent
        - excludesProfileData
        - excludesCommonlyUsed
    PKICAResponseFileUpload:
      type: object
      properties:
        file:
          type: string
          format: binary
      required:
        - file
    PKIFileUpload:
      type: object
      properties:
        usageType:
          type: string
          example: ENCRYPTION
        file:
          type: string
          format: binary
      required:
        - file
        - usageType
    PKIKeyFileUpload:
      type: object
      properties:
        usageType:
          type: string
          example: ENCRYPTION
        file:
          type: string
          format: binary
        password:
          type: string
      required:
        - file
        - usageType
    Population:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        createdAt:
          type: string
          description: The time the resource was created.
          readOnly: true
        default:
          type: boolean
          description: The population to use as the default population for the environment. Only one population per environment can be the default. New users are assigned to the default population if it exists, and the Population ID is not provided in the [Create User](https://apidocs.pingidentity.com/pingone/platform/v1/api/#post-create-user) request.
        description:
          type: string
          description: A string that specifies the description of the population.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        id:
          type: string
          description: A string that specifies the resource’s unique identifier.
          readOnly: true
        name:
          type: string
          description: A string that specifies the population name, which must be provided and must be unique within an environment.
        passwordPolicy:
          type: object
          description: The object reference to the password policy resource. This is an optional property.
          properties:
            id:
              type: string
              description: The ID of the password policy that is used for this population. If absent, the environment's default is used. Requried if `passwordPolicy` is used.
          required:
            - id
        updatedAt:
          type: string
          description: The time the resource was last updated.
          readOnly: true
        userCount:
          type: integer
          description: The number of users that belong to the population
          readOnly: true
      required:
        - name
    PopulationDefaultIdp:
      type: object
      properties:
        id:
          type: string
          description: The ID of the default IdP for the population.
        type:
          type: string
          description: The type of the default IdP for the population.
          readOnly: true
    PropagationStore:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        configuration:
          type: object
          description: Configuration properties specific to each identity propagation store.
          additionalProperties: true
        description:
          type: string
          description: A description for the identity propagation store.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        id:
          type: string
          readOnly: true
          description: A string that specifies the resource’s unique identifier.
        image:
          type: object
          properties:
            href:
              type: string
              description: The URL for the identity store resource image file.
            id:
              type: string
              description: The image ID for the identity store resource.
        managed:
          type: boolean
          description: Indicates whether or not to enable deprovisioning of users for a store when it is deleted. The deprovisioning occurs when a new revision is created (`POST {{apiPath}}/environments/{{envID}}/propagation/revisions`).
        name:
          type: string
          description: The name of the identity store.
        status:
          $ref: '#/components/schemas/EnumPropagationStoreStatus'
        syncStatus:
          type: object
          readOnly: true
          properties:
            details:
              type: string
              readOnly: true
              description: Details of any synchronization errors.
            failedCount:
              type: integer
              readOnly: true
              description: A count of failed synchronization events since the last revision.
            failedDeprovisionCount:
              type: integer
              readOnly: true
              description: A count of failed deprovisioning synchronization events since the last revision.
            lastSyncAt:
              type: string
              format: date-time
              readOnly: true
              description: The last synchronization in yyyy-MM-dd'T'HH:mm:ss.SSS'Z' format.
            successCount:
              type: integer
              readOnly: true
              description: A count of successful synchronization events since the last revision.
            syncState:
              $ref: '#/components/schemas/EnumPropagationStoreSyncState'
            userTotal:
              type: integer
              readOnly: true
              description: A count of users that will synchronize to the target store based on the Rule’s filter.
        type:
          $ref: '#/components/schemas/EnumPropagationStoreType'
      required:
        - configuration
        - name
        - type
    PropagationStoreConfigurationAquera:
      type: object
      properties:
        ACCESS_TOKEN:
          type: string
          description: A string specifying the access token for account authentication.
        AUTHENTICATION_METHOD:
          $ref: '#/components/schemas/EnumPropagationStoreTypeAqueraAuthenticationMethod'
        BASIC_AUTH_PASSWORD:
          type: string
          description: The password for account authentication.
        BASIC_AUTH_USER:
          type: string
          description: The user name for account authentication.
        CREATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be created.
        DISABLE_USERS:
          type: boolean
          description: Whether or not users are allowed to be disabled.
        GROUP_NAME_SOURCE:
          $ref: '#/components/schemas/EnumPropagationStoreTypeAqueraGroupSourceName'
        REMOVE_ACTION:
          $ref: '#/components/schemas/EnumPropagationStoreTypeRemoveActionDisableDelete'
        SCIM_URL:
          type: string
          description: The SCIM URL.
        UPDATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be updated.
      required:
        - AUTHENTICATION_METHOD
        - BASIC_AUTH_PASSWORD
        - BASIC_AUTH_USER
        - SCIM_URL
    PropagationStoreConfigurationAzureADSAMLV2:
      type: object
      properties:
        ClientId:
          type: string
          description: The Azure Active Directory client ID.
        ClientSecret:
          type: string
          description: The Azure Active Directory client secret.
        CREATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be created.
        DEPROVISION_USERS:
          type: boolean
          description: Whether or not users are allowed to be deprovisioned (removed) following action specified in `REMOVE_ACTION`.
        DISABLE_USERS:
          type: boolean
          description: Whether or not users are allowed to be disabled.
        PROVISION_DISABLED_USERS_PROV_OPT:
          type: boolean
          description: Whether or not disabled users can be provisioned. Defaults to `true` and, if used, must be set to `true`.
          default: true
        REMOVE_ACTION:
          $ref: '#/components/schemas/EnumPropagationStoreTypeRemoveActionDisableDelete'
        RemoveLicensesWhenSkuIdEmpty:
          type: boolean
          description: Whether or not remove licenses from user when `skuId` is empty.
        TenantDomain:
          type: string
          description: The account's Azure Active Directory domain.
        UPDATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be updated.
      required:
        - ClientId
        - ClientSecret
        - RemoveLicensesWhenSkuIdEmpty
        - TenantDomain
    PropagationStoreConfigurationGithubEMU:
      type: object
      properties:
        BASE_URL:
          type: string
          description: Base URL of the target propagation store.
        CREATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be created.
        DEPROVISION_USERS:
          type: boolean
          description: Whether or not users are allowed to be deprovisioned (removed) following action specified in `REMOVE_ACTION`.
        OAUTH_ACCESS_TOKEN:
          type: string
          description: OAuth 2 access token.
        REMOVE_ACTION:
          $ref: '#/components/schemas/EnumPropagationStoreTypeRemoveActionDisableDelete'
        UPDATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be updated.
      required:
        - BASE_URL
        - OAUTH_ACCESS_TOKEN
    PropagationStoreConfigurationGoogleApps:
      type: object
      properties:
        APPLICATION_NAME:
          type: string
          description: Name of the application using the store.
        CREATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be created.
        DEPROVISION_USERS:
          type: boolean
          description: Whether or not users are allowed to be deprovisioned (removed) following action specified in `REMOVE_ACTION`.
        DISABLE_USERS:
          type: boolean
          description: Whether or not users are allowed to be disabled.
        DOMAIN:
          type: string
          description: The account's domain name.
        OAUTH_ACCESS_TOKEN:
          type: string
          description: OAuth 2 access token.
        OAUTH_CLIENT_ID:
          type: string
          description: GoogleApps identifier of the client associated with the propagation store.
        OAUTH_CLIENT_SECRET:
          type: string
          description: GoogleApps secret of the client associated with the propagation store.
        OAUTH_REFRESH_TOKEN:
          type: string
          description: OAuth 2 refresh token.
        PROVISION_DISABLED_USERS_PROV_OPT:
          type: boolean
          description: Whether or not disabled users can be provisioned. Defaults to `true` and, if used, must be set to `true`.
          default: true
        REMOVE_ACTION:
          $ref: '#/components/schemas/EnumPropagationStoreTypeRemoveActionDisableDelete'
        UPDATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be updated.
      required:
        - APPLICATION_NAME
        - DOMAIN
        - OAUTH_ACCESS_TOKEN
        - OAUTH_CLIENT_ID
        - OAUTH_CLIENT_SECRET
        - OAUTH_REFRESH_TOKEN
    PropagationStoreConfigurationLDAPGateway:
      type: object
      properties:
        ATTRIBUTE_METADATA:
          type: string
          description: User-defined attribute metadata.
        CLIENT_ID:
          type: string
          description: Identifier of the client for authentication.
        CLIENT_SECRET:
          type: string
          description: Secret of the client for authentication.
        CREATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be created.
        DELETE_USERS:
          type: boolean
          description: Whether or not users are allowed to be deleted.
        ENVIRONMENT_ID:
          type: string
          description: Identifier, a UUID, of the environment the connector services.
        GATEWAY_BASE_URL:
          type: string
          description: Base URL of the gateway.
        GATEWAY_ID:
          type: string
          description: Identifier of the gateway to which the connector connects.
        LDAP_TYPE:
          $ref: '#/components/schemas/EnumPropagationStoreTypeLDAPGatewayLDAPType'
        OAUTH_URL:
          type: string
          description: OAuth token request endpoint.
        UPDATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be updated.
      required:
        - CLIENT_ID
        - CLIENT_SECRET
        - ENVIRONMENT_ID
        - GATEWAY_BASE_URL
        - GATEWAY_ID
        - LDAP_TYPE
        - OAUTH_URL
    PropagationStoreConfigurationPingOne:
      type: object
      properties:
        CLIENT_ID:
          type: string
          description: Unique identifier (UUID) of the PingOne client associated with the propagation store.
        CLIENT_SECRET:
          type: string
          description: The PingOne client secret.
        CREATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be created.
        DEFAULT_AUTH_METHOD:
          $ref: '#/components/schemas/EnumPropagationStoreTypePingOneDefaultAuthMethod'
        DISABLE_USERS:
          type: boolean
          description: Whether or not users are allowed to be disabled.
        ENVIRONMENT_ID:
          type: string
          description: Unique identifier (UUID) of the PingOne environment associated with the propagation store.
        MFA_USER_DEVICE_MANAGEMENT:
          type: string
          description: How to manage MFA user devices when synchronizing. Options are either Merge with devices in PingOne or Overwrite devices in PingOne.
        PROVISION_DISABLED_USERS_PROV_OPT:
          type: boolean
          description: Whether or not disabled users can be provisioned.
        REGION:
          $ref: '#/components/schemas/EnumPropagationStoreTypePingOneRegion'
        REMOVE_ACTION:
          $ref: '#/components/schemas/EnumPropagationStoreTypeRemoveActionDisableDelete'
        UPDATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be updated.
      required:
        - ENVIRONMENT_ID
        - REGION
    PropagationStoreConfigurationSalesforce:
      type: object
      properties:
        ACCOUNT_ID:
          type: string
          description: The Salesforce account ID.
        CLIENT_ID:
          type: string
          description: The Salesforce client ID.
        CLIENT_SECRET:
          type: string
          description: The Salesforce client secret.
        CREATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be created.
        DISABLE_USERS:
          type: boolean
          description: Whether or not users are allowed to be disabled.
        ENABLE_COMMUNITIES:
          type: boolean
          description: Whether or not to enable Salesforce communities.
        FREEZE_USER_FLAG:
          type: boolean
          description: Whether the user account is frozen.
        OAUTH_ACCESS_TOKEN:
          type: string
          description: OAuth access token for account authentication.
        OAUTH_REFRESH_TOKEN:
          type: string
          description: OAuth refresh token for account authentication.
        PERMISSION_SET_MANAGEMENT:
          type: string
          description: The permission sets to be merged with Salesforce.
        PROFILE_ID:
          type: string
          description: The Salesforce profile ID.
        PROVISION_DISABLED_USERS:
          type: boolean
          description: Whether or not disabled users can be provisioned.
        SALESFORCE_DOMAIN:
          type: string
          description: The account's salesforce.com domain.
        UPDATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be updated.
      required:
        - CLIENT_ID
        - CLIENT_SECRET
        - ENABLE_COMMUNITIES
        - FREEZE_USER_FLAG
        - OAUTH_ACCESS_TOKEN
        - OAUTH_REFRESH_TOKEN
        - PERMISSION_SET_MANAGEMENT
        - SALESFORCE_DOMAIN
    PropagationStoreConfigurationSalesforceContacts:
      type: object
      properties:
        ACCOUNT_ID:
          type: string
          description: The Salesforce account ID.
        CLIENT_ID:
          type: string
          description: Unique identifier (UUID) of the Salesforce client associated with the propagation store.
        CLIENT_SECRET:
          type: string
          description: The Salesforce client secret.
        CREATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be created.
        DISABLE_USERS:
          type: boolean
          description: Whether or not users are allowed to be disabled.
        ENABLE_COMMUNITIES:
          type: boolean
          description: Whether or not to enable Salesforce communities.
        FREEZE_USER_FLAG:
          type: boolean
          description: Whether the user account is frozen.
        OAUTH_ACCESS_TOKEN:
          type: string
          description: OAuth access token for account authentication.
        OAUTH_REFRESH_TOKEN:
          type: string
          description: OAuth refresh token for account authentication.
        PERMISSION_SET_MANAGEMENT:
          type: string
          description: The permission sets to be merged with Salesforce.
        PROFILE_ID:
          type: string
          description: The Salesforce profile ID.
        PROVISION_DISABLED_USERS:
          type: boolean
          description: Whether or not disabled users can be provisioned.
        RECORD_TYPE:
          $ref: '#/components/schemas/EnumPropagationStoreTypeSalesforceContactsRecordType'
        SALESFORCE_DOMAIN:
          type: string
          description: The account's salesforce.com domain.
        UPDATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be updated.
      required:
        - CLIENT_ID
        - CLIENT_SECRET
        - OAUTH_ACCESS_TOKEN
        - OAUTH_REFRESH_TOKEN
        - RECORD_TYPE
        - SALESFORCE_DOMAIN
    PropagationStoreConfigurationSCIM:
      type: object
      properties:
        AUTHENTICATION_METHOD:
          $ref: '#/components/schemas/EnumPropagationStoreTypeSCIMAuthenticationMethod'
        AUTHORIZATION_TYPE:
          type: string
          description: The authorization header type.
        BASIC_AUTH_PASSWORD:
          type: string
          description: The password for account authentication. Required when `AUTHENTICATION_METHOD` is `Basic Authentication`, otherwise optional.
        BASIC_AUTH_USER:
          type: string
          description: The user name for account authentication. Required when `AUTHENTICATION_METHOD` is `Basic Authentication`, otherwise optional.
        CREATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be created.
        DISABLE_USERS:
          type: boolean
          description: Whether or not users are allowed to be disabled.
        GROUP_NAME_SOURCE:
          $ref: '#/components/schemas/EnumPropagationStoreTypeSCIMGroupNameSource'
        GROUPS_RESOURCE:
          type: string
          description: API endpoint path to the group entity.
        OAUTH_ACCESS_TOKEN:
          type: string
          description: OAuth access token for account authentication. Required when `AUTHENTICATION_METHOD` is `OAuth 2 Bearer Token`, otherwise optional.
        OAUTH_CLIENT_ID:
          type: string
          description: OAuth client ID. Required when `AUTHENTICATION_METHOD` is `OAuth 2 Client Credentials`, otherwise optional.
        OAUTH_CLIENT_SECRET:
          type: string
          description: OAuth client secret. Required when `AUTHENTICATION_METHOD` is `OAuth 2 Client Credentials`, otherwise optional.
        OAUTH_TOKEN_REQUEST:
          type: string
          description: OAuth token request endpoint. Required when `AUTHENTICATION_METHOD` is `OAuth 2 Bearer Token`, otherwise optional.
        REMOVE_ACTION:
          $ref: '#/components/schemas/EnumPropagationStoreTypeRemoveActionDisableDelete'
        SCIM_URL:
          type: string
          description: The SCIM URL.
        SCIM_VERSION:
          type: string
          description: The SCIM version.
        UNIQUE_USER_IDENTIFIER:
          $ref: '#/components/schemas/EnumPropagationStoreTypeSCIMUniqueUserIdentifier'
        UPDATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be updated.
        USER_FILTER:
          type: string
          description: A string that specifies a SCIM filter expression.
        USERS_RESOURCE:
          type: string
          description: API endpoint path to the user entity.
      required:
        - AUTHENTICATION_METHOD
        - AUTHORIZATION_TYPE
        - SCIM_URL
        - SCIM_VERSION
        - UNIQUE_USER_IDENTIFIER
        - USER_FILTER
        - USERS_RESOURCE
    PropagationStoreConfigurationServiceNow:
      type: object
      properties:
        Administrator_Password:
          type: string
          description: Password for the administrator.
        Administrator_Username:
          type: string
          description: Username for the administrator.
        CREATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be created.
        DEPROVISION_USERS:
          type: string
          description: Whether or not users are allowed to be deprovisioned (removed) following action specified in `REMOVE_ACTION`.
        DISABLE_USERS:
          type: boolean
          description: Whether or not new users are allowed to be disabled.
        REMOVE_ACTION:
          $ref: '#/components/schemas/EnumPropagationStoreTypeRemoveActionDisable'
        ServiceNow_Url:
          type: string
          description: The URL for the ServiceNow account.
        UPDATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be updated.
      required:
        - Administrator_Password
        - Administrator_Username
        - ServiceNow_Url
    PropagationStoreConfigurationSlack:
      type: object
      properties:
        CREATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be created.
        DEPROVISION_USERS:
          type: boolean
          description: Whether or not users are allowed to be deprovisioned (removed) following action specified in `REMOVE_ACTION`.
        DISABLE_USERS:
          type: boolean
          description: Whether or not users are allowed to be disabled. Must be set to `true`.
        OAUTH_ACCESS_TOKEN:
          type: string
          description: OAuth 2 access token.
        REMOVE_ACTION:
          $ref: '#/components/schemas/EnumPropagationStoreTypeRemoveActionDisable'
        UNIQUE_USER_IDENTIFIER:
          $ref: '#/components/schemas/EnumPropagationStoreTypeSlackUniqueUserIdentifier'
        UPDATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be updated.
      required:
        - OAUTH_ACCESS_TOKEN
        - UNIQUE_USER_IDENTIFIER
    PropagationStoreConfigurationWorkday:
      type: object
      properties:
        excludeContingentWorkers:
          type: boolean
          description: Whether or not contingent workers are excluded.
        excludeEmployees:
          type: boolean
          description: Whether or not employees are excluded.
        excludeInactiveWorkers:
          type: boolean
          description: Whether or not inactive workers are excluded.
        host:
          type: string
          description: The Workday API host.
        password:
          type: string
          description: The password for account authentication.
        tenantId:
          type: string
          description: The Workday tenant ID.
        username:
          type: string
          description: The user name for account authentication.
      required:
        - password
        - tenantId
        - username
    PropagationStoreConfigurationZoom:
      type: object
      properties:
        API_KEY:
          type: string
          description: The client API key. Required when `AUTHENTICATION_METHOD` is `JWT Bearer Token`, otherwise optional.
        API_SECRET:
          type: string
          description: The client API secret. Required when `AUTHENTICATION_METHOD` is `JWT Bearer Token`, otherwise optional.
        AUTHENTICATION_METHOD:
          $ref: '#/components/schemas/EnumPropagationStoreTypeZoomAuthenticationMethod'
        CREATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be created.
        DEPROVISION_USERS:
          type: boolean
          description: Whether or not users are allowed to be removed (deprovisioned) following the action configured in `REMOVE_ACTION`.
        DISABLE_USERS:
          type: boolean
          description: Whether or not users are allowed to be disabled.
        OAUTH_ACCOUNT_ID:
          type: string
          description: OAuth account identifier. Required when `AUTHENTICATION_METHOD` is `OAuth Bearer Token`, otherwise optional.
        OAUTH_CLIENT_ID:
          type: string
          description: OAuth client identifier. Required when `AUTHENTICATION_METHOD` is `OAuth Bearer Token`, otherwise optional.
        OAUTH_CLIENT_SECRET:
          type: string
          description: OAuth client secret. Required when `AUTHENTICATION_METHOD` is `OAuth Bearer Token`, otherwise optional.
        OAUTH_TOKEN_URL:
          type: string
          description: OAuth token request endpoint. Required when `AUTHENTICATION_METHOD` is `OAuth Bearer Token`, otherwise optional.
        REMOVE_ACTION:
          $ref: '#/components/schemas/EnumPropagationStoreTypeRemoveActionDisableDelete'
        SCIM_URL:
          type: string
          description: The SCIM URL.
        UPDATE_USERS:
          type: boolean
          description: Whether or not users are allowed to be updated.
      required:
        - SCIM_URL
    RecaptchaConfiguration:
      type: object
      properties:
        created:
          type: string
          format: date-time
          readOnly: true
          description: The time the configuration was created.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        modified:
          type: string
          format: date-time
          readOnly: true
          description: The time the configuration was last updated.
        siteKey:
          type: string
          description: A string that specifies the public site key for the Recaptcha configuration provided by Google.
        secretKey:
          type: string
          description: A string that specifies the confidential secret key for the Recaptcha configuration provided by Google.
      required:
        - siteKey
        - secretKey
    Resource:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        accessTokenValiditySeconds:
          type: integer
          description: An integer that specifies the number of seconds that the access token is valid. If a value is not specified, the default is 3600. The minimum value is 300 seconds (5 minutes); the maximum value is 2592000 seconds (30 days).
        applicationPermissionsSettings:
          type: object
          description: An object that specifies whether to add application permissions to access tokens generated by PingOne.
          properties:
            claimEnabled:
              type: boolean
              description: A setting to enable application permission claims in the access token. If this property is omitted, the value is set to `false`.
        audience:
          type: string
          description: A string that specifies a URL without a fragment or `@ObjectName` and must not contain `pingone` or `pingidentity` (for example, `https://api.bxretail.org`). If a URL is not specified, the resource name is used.
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was created.
        description:
          type: string
          description: A string that specifies the description of the resource.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        resource:
          type: object
          readOnly: true
          properties:
            id:
              type: string
        id:
          type: string
          readOnly: true
          description: A string that specifies the resource’s unique identifier.
        name:
          type: string
          description: A string that specifies the resource name, which must be provided and must be unique within an environment.
        introspectEndpointAuthMethod:
          $ref: '#/components/schemas/EnumResourceIntrospectEndpointAuthMethod'
        type:
          $ref: '#/components/schemas/EnumResourceType'
        updatedAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was last updated.
      required:
        - name
    ResourceApplicationResource:
      type: object
      properties:
        description:
          type: string
          description: The application resource's description.
        id:
          type: string
          readOnly: true
          description: The resource's unique identifier.
        name:
          type: string
          description: The application resource name. The name value must be unique.
        parent:
          type: object
          readOnly: true
          description: The application resource's parent.
          properties:
            type:
              $ref: '#/components/schemas/EnumResourceApplicationResourceType'
            id:
              type: string
              description: The application resource's parent ID.
      required:
        - name
    ResourceApplicationPermission:
      type: object
      properties:
        action:
          type: string
          description: The action associated with this permission.
        description:
          type: string
          description: The resource's description.
        id:
          type: string
          description: The resource's unique identifier.
        key:
          type: string
          readOnly: true
          description: The resource.name:action pair of the permission.
        resource:
          type: object
          readOnly: true
          description: An object that identifies the associated application resource.
          properties:
            id:
              type: string
              description: The ID for the associated application resource.
            name:
              type: string
              description: The name of the associated application resource.
        resourceServer:
          type: object
          readOnly: true
          description: An object that identifies the associated application resource server.
          properties:
            id:
              type: string
              description: The ID for the associated application resource server.
            environment:
              type: object
              properties:
                id:
                  type: string
                  description: The ID for the environment associated with the application resource server.
      required:
        - action
    ResourceAttribute:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          readOnly: true
          description: A string that specifies the resource’s unique identifier.
        name:
          type: string
          description: |
            A string that specifies the name of the custom resource attribute to be included in the access token. The following are reserved names and cannot be used. Thesese reserved names are applicable only when the resource's type property is `OPENID_CONNECT`:
            - `acr`
            - `amr`
            - `aud`
            - `auth_time`
            - `client_id`
            - `env`
            - `exp`
            - `iat`
            - `iss`
            - `jti`
            - `org`
            - `p1.*` (any name starting with the p1. prefix)
            - `scope`
            - `sid`
            - `sub`
        type:
          $ref: '#/components/schemas/EnumResourceAttributeType'
        value:
          type: string
          description: A string that specifies the value of the custom resource attribute. This value can be a placeholder that references an attribute in the user schema, expressed as `${user.path.to.value}`, or it can be a static string. Placeholders must be valid, enabled attributes in the environment’s user schema. Examples fo valid values are `${user.email}`, `${user.name.family}`, and `myClaimValueString`
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        resource:
          type: object
          readOnly: true
          properties:
            id:
              type: string
        idToken:
          type: boolean
          description: A boolean that specifies whether the attribute mapping should be available in the ID Token. This property is applicable only when the application's protocol property is `OPENID_CONNECT`. If omitted, the default is `true`. Note that the `idToken` and `userInfo` properties cannot both be set to `false`. At least one of these properties must have a value of `true`.
        userInfo:
          type: boolean
          description: A boolean that specifies whether the attribute mapping should be available through the `/as/userinfo` endpoint. This property is applicable only when the application's protocol property is `OPENID_CONNECT`. If omitted, the default is `true`. Note that the `idToken` and `userInfo` properties cannot both be set to `false`. At least one of these properties must have a value of `true`.
      required:
        - name
        - value
    ResourceSecret:
      type: object
      properties:
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        secret:
          type: string
          format: password
          readOnly: true
          description: An auto-generated resource client secret. Possible characters are a-z, A-Z, 0-9, -, ., _, ~. The secret has a minimum length of 64 characters per SHA-512 requirements when using the HS512 algorithm to sign ID tokens using the secret as the key.
        previous:
          type: object
          description: An object that specifies the resource's previous secret, when it expires, and when it was last used.
          properties:
            secret:
              type: string
              format: password
              readOnly: true
              description: A string that specifies the resource's previous secret. This property is returned in the response if the previous secret is not expired.
            expiresAt:
              type: string
              format: date-time
              description: A timestamp that specifies how long this secret is saved (and can be used) before it expires. Supported time range is 1 minute to 30 days.
            lastUsed:
              type: string
              format: date-time
              readOnly: true
              description: A timestamp that specifies when the previous secret was last used.
          required:
            - expiresAt
    ResourceScope:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          readOnly: true
          description: A string that specifies the resource’s unique identifier.
        resource:
          $ref: '#/components/schemas/ObjectResource'
        name:
          type: string
          description: A string that specifies the resource scope name.
        description:
          type: string
          description: A string that specifies the description of the scope.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        schemaAttributes:
          type: array
          description: An array that specifies the user schema attributes that can be read or updated for the specified PingOne access control scope. The value is an array of schema attribute paths (such as `username`, `name.given`, `shirtSize`) that the scope controls. This property is supported only for the `p1:read:user`, `p1:update:user` and `p1:read:user:{suffix}` and `p1:update:user:{suffix}` scopes. No other PingOne platform scopes allow this behavior. Any attributes not listed in the attribute array are excluded from the read or update action. The wildcard path (*) in the array includes all attributes and cannot be used in conjunction with any other user schema attribute paths
          items:
            type: string
        mappedClaims:
          type: array
          description: A list of custom resource attribute IDs. This property applies only for the resource with its type property set to `OPENID_CONNECT`. Moreover, this property does not display predefined OpenID Connect (OIDC) mappings, such as the `email` claim in the OIDC `email` scope or the `name` claim in the `profile` scope. You can create custom attributes, and these custom attributes can be added to `mappedClaims` and will display in the response.
          items:
            type: string
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was created.
        updatedAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was last updated.
      required:
        - name
    Role:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        applicableTo:
          type: array
          readOnly: true
          description: A set of strings that specifies the scopes to which the role applies.
          items:
            $ref: '#/components/schemas/EnumRoleAssignmentScopeType'
        description:
          type: string
          readOnly: true
          description: A string that specifies the description of the role.
        id:
          type: string
          readOnly: true
          description: A string that specifies the ID of the role.
        name:
          $ref: '#/components/schemas/EnumRoleName'
        permissions:
          type: array
          readOnly: true
          description: A set of permissions assigned to the role.
          items:
            type: object
            properties:
              classifier:
                type: string
                readOnly: true
                description: A string that specifies the resource for which the permission is applicable.
              description:
                type: string
                readOnly: true
                description: A string that specifies the description of what the permission enables for the role.
              id:
                type: string
                readOnly: true
                description: The ID of a permission associated with this role.
    RoleAssignment:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        gateway:
          type: object
          readOnly: true
          properties:
            id:
              type: string
              description: A string that specifies the gateway ID.
        group:
          type: object
          readOnly: true
          properties:
            id:
              type: string
              description: A string that specifies the group ID.
        id:
          type: string
          readOnly: true
          description: A string that specifies the user role assignment ID.
        readOnly:
          type: boolean
          readOnly: true
          description: A boolean that specifies whether this role assignment can be deleted by the current actor.
        role:
          type: object
          properties:
            id:
              type: string
              description: A string that specifies the role ID.
          required:
            - id
        scope:
          type: object
          properties:
            id:
              type: string
              description: A string that specifies the role assignment scope ID.
            type:
              $ref: '#/components/schemas/EnumRoleAssignmentScopeType'
          required:
            - id
            - type
      required:
        - role
        - scope
    Schema:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        allowsContainsOperator:
          type: boolean
          readOnly: true
          description: Indicates whether or not the `contains` operator can be used. You can use the `contains` operator in a maximum of 5 custom attributes.
        attributes:
          type: array
          readOnly: true
          items:
            $ref: '#/components/schemas/SchemaAttribute'
        description:
          type: string
          readOnly: true
          description: A string that specifies the description of the schema.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        id:
          type: string
          readOnly: true
          description: A string that specifies the resource’s unique identifier.
        name:
          type: string
          readOnly: true
          description: A string that specifies the resource name.
    SchemaAttribute:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        description:
          type: string
          description: A string that specifies an optional property that specifies the description of the attribute. If provided, it must not be an empty string. Valid characters consists of any Unicode letter, mark (for example, accent or umlaut), numeric character, punctuation character, or space.
        displayName:
          type: string
          description: A string that specifies an optional property that specifies the display name of the attribute such as 'T-shirt size’. If provided, it must not be an empty string. Valid characters consist of any Unicode letter, mark (for example, accent or umlaut), numeric character, forward slash, dot, apostrophe, underscore, space, or hyphen.
        enabled:
          type: boolean
          description: A boolean that specifies whether or not the attribute is enabled. This is a required property for POST and PUT operations; it cannot be omitted or explicitly set to null. Disabled attributes are ignored on create/update and not returned on read.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        id:
          type: string
          readOnly: true
          description: A string that specifies the resource’s unique identifier.
        ldapAttribute:
          type: string
          readOnly: true
          description: A string that specifies the LDAP attribute.
        name:
          type: string
          description: A string that specifies the name of the attribute. The attribute name must be provided during creation, must not be empty and must not exceed 256 characters. It must also be unique within the schema for an environment. It must start with a letter and may be followed by letters, numbers or hyphens.
        required:
          type: boolean
          description: A boolean that specifies whether or not the attribute is required. Required attributes must be provided a value during create/update. Defaults to false if not provided.
        schema:
          type: object
          properties:
            id:
              type: string
              readOnly: true
              description: A string that specifies the identifier of the resource referenced by this relationship.
        schemaType:
          $ref: '#/components/schemas/EnumSchemaAttributeSchemaType'
        subAttributes:
          type: array
          description: The list of sub-attributes of this attribute. Only `COMPLEX` attribute types can have sub-attributes, and only one-level of nesting is allowed. The leaf attribute definition must have a type of `STRING` or `JSON`. A `COMPLEX` attribute definition must have at least one child attribute definition.
          items:
            $ref: '#/components/schemas/SchemaAttribute'
        type:
          $ref: '#/components/schemas/EnumSchemaAttributeType'
        unique:
          type: boolean
          description: A boolean that specifies whether or not the attribute must have a unique value within the environment. This is a required property for POST and PUT operations; it cannot be omitted or explicitly set to null.
        multiValued:
          type: boolean
          description: A boolean that specifies whether the attribute has multiple values or a single one. This value can only change from false to true, as changing from true to false is not allowed. Maximum number of values stored is 1,000.
        enumeratedValues:
          type: array
          items:
            type: object
            description: An object representation of an enumerated value. Maximum number of enumerations is 100.
            properties:
              value:
                type: string
                description: A string that specifies the immutable value. Values are case sensitive; two values that differ only by case are not allowed.
              archived:
                type: boolean
                description: A boolean that specifies whether the enumerated value is archived. Archived values cannot be added to a user, but existing archived values are preserved. This allows clients that read the schema to know all possible values of an attribute.
              description:
                type: string
                description: A string that specifies the description of the enumerated value.
            required:
              - value
        regexValidation:
          type: object
          description: Object representation of the optional regular expression representation of this attribute.
          properties:
            pattern:
              type: string
              description: A string that specifies the regular expression to which the attribute must conform.
            requirements:
              type: string
              description: A string that specifies a developer friendly description of the regular expression requirements.
            valuesPatternShouldMatch:
              type: array
              description: An array that specifies the list of strings matching the regular expression.
              items:
                type: string
            valuesPatternShouldNotMatch:
              type: array
              description: An array that specifies the list of strings not matching the regular expression.
              items:
                type: string
          required:
            - pattern
            - requirements
      required:
        - name
        - enabled
        - type
    SchemaAttributePatch:
      type: object
      properties:
        description:
          type: string
          description: A string that specifies an optional property that specifies the description of the attribute. If provided, it must not be an empty string. Valid characters consists of any Unicode letter, mark (for example, accent or umlaut), numeric character, punctuation character, or space.
        displayName:
          type: string
          description: A string that specifies an optional property that specifies the display name of the attribute such as 'T-shirt size’. If provided, it must not be an empty string. Valid characters consist of any Unicode letter, mark (for example, accent or umlaut), numeric character, forward slash, dot, apostrophe, underscore, space, or hyphen.
        enabled:
          type: boolean
          description: A boolean that specifies whether or not the attribute is enabled. This is a required property for POST and PUT operations; it cannot be omitted or explicitly set to null. Disabled attributes are ignored on create/update and not returned on read.
        name:
          type: string
          description: A string that specifies the name of the attribute. The attribute name must be provided during creation, must not be empty and must not exceed 256 characters. It must also be unique within the schema for an environment. It must start with a letter and may be followed by letters, numbers or hyphens.
        required:
          type: boolean
          description: A boolean that specifies whether or not the attribute is required. Required attributes must be provided a value during create/update. Defaults to false if not provided.
        schemaType:
          $ref: '#/components/schemas/EnumSchemaAttributeSchemaType'
        subAttributes:
          type: array
          description: The list of sub-attributes of this attribute. Only `COMPLEX` attribute types can have sub-attributes, and only one-level of nesting is allowed. The leaf attribute definition must have a type of `STRING` or `JSON`. A `COMPLEX` attribute definition must have at least one child attribute definition.
          items:
            $ref: '#/components/schemas/SchemaAttribute'
        type:
          $ref: '#/components/schemas/EnumSchemaAttributeType'
        unique:
          type: boolean
          description: A boolean that specifies whether or not the attribute must have a unique value within the environment. This is a required property for POST and PUT operations; it cannot be omitted or explicitly set to null.
        multiValued:
          type: boolean
          description: A boolean that specifies whether the attribute has multiple values or a single one. This value can only change from false to true, as changing from true to false is not allowed. Maximum number of values stored is 1,000.
        enumeratedValues:
          type: array
          items:
            type: object
            description: An object representation of an enumerated value. Maximum number of enumerations is 100.
            properties:
              value:
                type: string
                description: A string that specifies the immutable value. Values are case sensitive; two values that differ only by case are not allowed.
              archived:
                type: boolean
                description: A boolean that specifies whether the enumerated value is archived. Archived values cannot be added to a user, but existing archived values are preserved. This allows clients that read the schema to know all possible values of an attribute.
              description:
                type: string
                description: A string that specifies the description of the enumerated value.
            required:
              - value
        regexValidation:
          type: object
          description: Object representation of the optional regular expression representation of this attribute.
          properties:
            pattern:
              type: string
              description: A string that specifies the regular expression to which the attribute must conform.
            requirements:
              type: string
              description: A string that specifies a developer friendly description of the regular expression requirements.
            valuesPatternShouldMatch:
              type: array
              description: An array that specifies the list of strings matching the regular expression.
              items:
                type: string
            valuesPatternShouldNotMatch:
              type: array
              description: An array that specifies the list of strings not matching the regular expression.
              items:
                type: string
          required:
            - pattern
            - requirements
    SignOnPolicy:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        createdAt:
          type: string
          description: The date and time the resource was created (format ISO-8061).
          readOnly: true
        default:
          type: boolean
          default: false
          description: A boolean that specifies whether this sign-on policy is the environment's default that is used by applications that do not have application-specific sign-on policy assignments. This property can only be set to true, in which case the isDefault property of all other sign-on policies are set to false.
        description:
          type: string
          description: A string that specifies the description of the sign-on policy.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        id:
          type: string
          description: A string that specifies the sign-on policy resource’s unique identifier.
          readOnly: true
        name:
          type: string
          description: A string that specifies the resource name. The name must be unique within the environment, and can consist of either a string of alphanumeric letters, underscore, hyphen, period `^[a-zA-Z0-9_. -]+$` or an absolute URI if the string contains a `:` character.
        updatedAt:
          type: string
          description: The date and time the resource was last updated (format ISO-8061).
          readOnly: true
      required:
        - name
    SignOnPolicyAction:
      oneOf:
        - $ref: '#/components/schemas/SignOnPolicyActionLogin'
        - $ref: '#/components/schemas/SignOnPolicyActionMFA'
        - $ref: '#/components/schemas/SignOnPolicyActionIDFirst'
        - $ref: '#/components/schemas/SignOnPolicyActionIDP'
        - $ref: '#/components/schemas/SignOnPolicyActionAgreement'
        - $ref: '#/components/schemas/SignOnPolicyActionProgressiveProfiling'
        - $ref: '#/components/schemas/SignOnPolicyActionPingID'
        - $ref: '#/components/schemas/SignOnPolicyActionPingIDWinLoginPasswordless'
    SignOnPolicyActionCommonConditionGreater:
      type: object
      properties:
        greater:
          type: integer
          description: An integer that specifies the maximum number of seconds to wait since the last sign on before prompting for a new sign-on action.
          minimum: 1
        secondsSince:
          type: string
          description: A string representing a condition variable.  For more information, see documenation at https://apidocs.pingidentity.com/pingone/platform/v1/api/#sign-on-policy-actions .
      required:
        - greater
        - secondsSince
    SignOnPolicyActionCommonConditionIPRange:
      type: object
      properties:
        contains:
          type: string
        ipRange:
          type: array
          items:
            type: string
      required:
        - contains
        - ipRange
    SignOnPolicyActionCommonConditionIPRisk:
      type: object
      properties:
        ipRisk:
          type: object
          properties:
            minScore:
              type: integer
              minimum: 1
            maxScore:
              type: integer
              minimum: 1
          required:
            - minScore
            - maxScore
        valid:
          type: string
      required:
        - ipRisk
        - valid
    SignOnPolicyActionCommonConditionGeovelocity:
      type: object
      properties:
        geoVelocity:
          type: string
        valid:
          type: object
          properties:
            previousSuccessfulAuthenticationIp:
              type: string
            previousSuccessfulAuthenticationTime:
              type: string
          required:
            - previousSuccessfulAuthenticationIp
            - previousSuccessfulAuthenticationTime
      required:
        - geoVelocity
        - valid
    SignOnPolicyActionCommonConditionAnonymousNetwork:
      type: object
      properties:
        anonymousNetwork:
          type: array
          items:
            type: string
        valid:
          type: string
      required:
        - anonymousNetwork
        - valid
    SignOnPolicyActionCommonConditionEquals:
      type: object
      properties:
        value:
          type: string
        equals:
          oneOf:
            - type: string
            - type: boolean
      required:
        - value
        - equals
    SignOnPolicyActionCommonConditionOr:
      type: object
      properties:
        or:
          type: array
          items:
            oneOf:
              - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionAnd'
              - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionOr'
              - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionNot'
              - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionAggregate'
    SignOnPolicyActionCommonConditionAnd:
      type: object
      properties:
        and:
          type: array
          items:
            oneOf:
              - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionAnd'
              - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionOr'
              - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionNot'
              - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionAggregate'
    SignOnPolicyActionCommonConditionNot:
      type: object
      properties:
        not:
          $ref: '#/components/schemas/SignOnPolicyActionCommonConditionAggregate'
    SignOnPolicyActionCommonConditionAggregate:
      oneOf:
        - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionGreater'
        - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionIPRisk'
        - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionIPRange'
        - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionGeovelocity'
        - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionAnonymousNetwork'
        - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionEquals'
    SignOnPolicyActionCommon:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        condition:
          oneOf:
            - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionAnd'
            - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionOr'
            - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionNot'
            - $ref: '#/components/schemas/SignOnPolicyActionCommonConditionAggregate'
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        id:
          type: string
          description: A string that specifies the sign-on policy assignment resource’s unique identifier.
          readOnly: true
        priority:
          type: integer
          description: An integer that specifies the order in which the policy referenced by this assignment is evaluated during an authentication flow relative to other policies. An assignment with a lower priority will be evaluated first. This is a required property.
          minimum: 1
        signOnPolicy:
          type: object
          description: The sign-on policy associated with this sign-on policy assignment
          properties:
            id:
              type: string
              description: A string that specifies the sign-on policy resource's unique identifier associated with this sign-on policy assignment.
          required:
            - id
        type:
          $ref: '#/components/schemas/EnumSignOnPolicyType'
      required:
        - priority
        - type
    SignOnPolicyActionLogin:
      allOf:
        - $ref: '#/components/schemas/SignOnPolicyActionCommon'
        - type: object
          properties:
            enforceLockoutForIdentityProviders:
              type: boolean
              description: A boolean that if set to true and if the user's account is locked (the account.canAuthenticate attribute is set to false), then social sign on with an external identity provider is prevented.
            newUserProvisioning:
              type: object
              description: Enables user entries existing outside of PingOne to be provisioned in PingDirectory during login, using an external integration solution (such as a Gateway).
              properties:
                gateways:
                  type: array
                  description: Allows a set of preconfigured gateways or `userType` pairs that are specified in the [Gateway Management](https://apidocs.pingidentity.com/pingone/platform/v1/api/#gateway-management) schema to determine how to find and migrate user entries existing in an external directory.
                  items:
                    type: object
                    properties:
                      id:
                        type: string
                        description: A string referencing the UUID for the gateway.
                      type:
                        $ref: '#/components/schemas/EnumSignOnPolicyActionLoginNewUserProvisioningGatewayType'
                      userType:
                        type: object
                        description: A reference to the ID of the `userTypes` configuration set on the gateway for user account migration.
                        properties:
                          id:
                            type: string
                            description: A string referencing the UUID of `userType`.
                        required:
                          - id
                    required:
                      - id
                      - type
                      - userType
              required:
                - gateways
            recovery:
              type: object
              description: Specifies the account recovery options.
              properties:
                enabled:
                  type: boolean
                  description: A boolean that specifies the enabled/disabled state of the account recovery action. The default is disabled when creating a new policy. When enabled, it allows the use of the forgot password flow.
              required:
                - enabled
            registration:
              type: object
              description: Specifies the account registration options.
              properties:
                enabled:
                  type: boolean
                  description: A boolean that specifies the enabled/disabled state of the policy action. The default is disabled when creating a new policy. When enabled, it allows the use of the new user registration flow. This attribute should be set to true when implementing the social login sign-on policy option.
                external:
                  type: object
                  properties:
                    href:
                      type: string
                      description: A string that specifies the link to the external identity provider's identity store. This property is set when the administrator chooses to have users register in an external identity store. This attribute can be set only when the registration.enabled property is set to false.
                  required:
                    - href
                population:
                  type: object
                  properties:
                    id:
                      type: string
                      description: A string that specifies the population ID associated with the newly registered user.
                  required:
                    - id
                confirmIdentityProviderAttributes:
                  type: boolean
                  default: false
                  description: A boolean that specifies whether users must confirm data returned from an identity provider prior to registration. Users can modify the data and omit non-required attributes. Modified attributes are added to the user's profile during account creation. This is an optional property. If omitted, the default value is set to false.    
              required:
                - enabled
            socialProviders:
              type: array
              description: An array of strings that specifies the IDs of the identity providers that can be used for the social login sign-on flow.
              items:
                type: object
                properties:
                  id:
                    type: string
                    description: ID of the identity provider that can be used for the social login sign-on flow.
                required:
                  - id
    SignOnPolicyActionMFA:
      allOf:
        - $ref: '#/components/schemas/SignOnPolicyActionCommon'
        - type: object
          properties:
            authenticator:
              type: object
              deprecated: true
              description: Specifies MFA through a Time-based One-time Password (TOTP) option over a third-party authenticator application.
              properties:
                enabled:
                  type: boolean
                  default: false
                  description: A boolean that specifies the enabled/disabled state of the MFA through a Time-based One-time Password (TOTP) action. The default is disabled when creating a new policy. When enabled, it allows users to authenticate using a TOTP authenticator application.
            boundBiometrics:
              type: object
              deprecated: true
              description: Specifies MFA through a FIDO2 biometrics platform device.
              properties:
                enabled:
                  type: boolean
                  default: false
                  description: A boolean that specifies whether to permit users to authenticate with a FIDO2 biometrics platform device.
            email:
              type: object
              deprecated: true
              description: Specifies MFA through email options.
              properties:
                enabled:
                  type: boolean
                  default: false
                  description: A boolean that specifies the enabled/disabled state of the MFA through email action. The default is disbled when creating a new policy. When enabled, it allows users to receive the one-time password and authenticate through email.
            securityKey:
              type: object
              deprecated: true
              description: Specifies MFA using a FIDO2 or U2F security key device.
              properties:
                enabled:
                  type: boolean
                  default: false
                  description: A boolean that specifies whether to permit users to authenticate with a security key device.
            sms:
              type: object
              deprecated: true
              description: Specifies MFA through SMS text messaging options.
              properties:
                enabled:
                  type: boolean
                  default: false
                  description: A boolean that specifies the enabled/disabled state of the MFA through SMS action. The default is disabled when creating a new policy. When enabled, it allows users to receive the one-time password and authenticate through SMS text message.
            voice:
              type: object
              deprecated: true
              description: Specifies MFA through voice messaging options.
              properties:
                enabled:
                  type: boolean
                  default: false
                  description: A boolean that specifies the enabled/disabled state of the MFA through voice message action. The default is disabled when creating a new policy. When enabled, it allows users to receive the one-time password and authenticate through a voice message.
            applications:
              type: array
              deprecated: true
              description: The applications collection specifies all the native native applications that are allowed in the sign-on policy action.  If the applications collection is empty, a push notification is not allowed for the action.
              items:
                type: object
                properties:
                  id:
                    type: string
                  autoEnrollment:
                    type: object
                    properties:
                      enabled:
                        type: boolean
                        default: false
                        description: A boolean that specifies the enabled/disabled state of automatic MFA enrollment for the application.  When enabled, it allows automatic enrollment of the native application to MFA during the authentication flow.
                  deviceAuthorization:
                    type: object
                    properties:
                      enabled:
                        type: boolean
                        default: false
                        description: A boolean that specifies the enabled/disabled state of automatic MFA for native devices paired with the user for the specified application.
                      extraVerification:
                        $ref: '#/components/schemas/EnumSignOnPolicyExtraVerification'
                required:
                  - id
            deviceAuthenticationPolicy:
              type: object
              description: Details of the MFA policy that should be used. If it is omitted, the environment default MFA policy is used.
              properties:
                id:
                  type: string
                  description: The ID of the MFA policy that should be used.
              required:
                - id
            noDevicesMode:
              $ref: '#/components/schemas/EnumSignOnPolicyNoDeviceMode'
    SignOnPolicyActionIDFirst:
      allOf:
        - $ref: '#/components/schemas/SignOnPolicyActionCommon'
        - type: object
          properties:
            discoveryRules:
              type: array
              description: The list of IDP discovery rules that are evaluated in order when no user is associated with the user identifier. The maximum number of rules is 100. The condition on which this identity provider is used to authenticate the user is expressed using the PingOne policy condition language
              items:
                type: object
                properties:
                  condition:
                    type: object
                    properties:
                      contains:
                        type: string
                      value:
                        type: string
                    required:
                      - contains
                      - value
                  identityProvider:
                    type: object
                    properties:
                      id:
                        type: string
                        description: A string that specifies the identity provider that will be used to authenticate the user if the condition is matched.
                    required:
                      - id
                required:
                  - condition
                  - identityProvider
            enforceLockoutForIdentityProviders:
              type: boolean
              description: A boolean that if set to true and if the user's account is locked (the account.canAuthenticate attribute is set to false), then social sign on with an external identity provider is prevented.
            recovery:
              type: object
              description: Specifies the account recovery options.
              properties:
                enabled:
                  type: boolean
                  description: A boolean that specifies the enabled/disabled state of the account recovery action. The default is disabled when creating a new policy. When enabled, it allows the use of the forgot password flow.
              required:
                - enabled
            registration:
              type: object
              description: Specifies the account registration options.
              properties:
                enabled:
                  type: boolean
                  description: A boolean that specifies the enabled/disabled state of the policy action. The default is disabled when creating a new policy. When enabled, it allows the use of the new user registration flow. This attribute should be set to true when implementing the social login sign-on policy option.
                external:
                  type: object
                  properties:
                    href:
                      type: string
                      description: A string that specifies the link to the external identity provider's identity store. This property is set when the administrator chooses to have users register in an external identity store. This attribute can be set only when the registration.enabled property is set to false.
                  required:
                    - href
                population:
                  type: object
                  properties:
                    id:
                      type: string
                      description: A string that specifies the population ID associated with the newly registered user.
                  required:
                    - id
                confirmIdentityProviderAttributes:
                  type: boolean
                  default: false
                  description: A boolean that specifies whether users must confirm data returned from an identity provider prior to registration. Users can modify the data and omit non-required attributes. Modified attributes are added to the user's profile during account creation. This is an optional property. If omitted, the default value is set to false.
              required:
                - enabled
            socialProviders:
              type: array
              description: An array of strings that specifies the IDs of the identity providers that can be used for the social login sign-on flow.
              items:
                type: object
                properties:
                  id:
                    type: string
                    description: ID of the identity provider that can be used for the social login sign-on flow.
                required:
                  - id
    SignOnPolicyActionIDP:
      allOf:
        - $ref: '#/components/schemas/SignOnPolicyActionCommon'
        - type: object
          properties:
            acrValues:
              type: string
              description: A string that designates the sign-on policies included in the authorization flow request. Options can include the PingOne predefined sign-on policies, Single_Factor and Multi_Factor, or any custom defined sign-on policy names. Sign-on policy names should be listed in order of preference, and they must be assigned to the application. This property can be configured on the identity provider action and is passed to the identity provider if the identity provider is of type `SAML` or `OPENID_CONNECT`.
            identityProvider:
              type: object
              description: A reference to the external identity provider that is used to authenticate the user. This property is required.
              properties:
                id:
                  type: string
                  description: A string that specifies the ID of the external identity provider to which the user is redirected for sign-on. This property is required.
              required:
                - id
            passUserContext:
              type: boolean
              description: A boolean that specifies whether to pass in a login hint to the identity provider on the authentication request. Based on user context, the login hint is set if (1) the user is set on the flow, and (2) the user already has an account link for the identity provider. If both of these conditions are true, then the user is sent to the identity provider with a login hint equal to their externalId for the identity provider (saved on the account link). If these conditions are not true, then the API checks see if there is an OIDC login hint on the flow. If so, that login hint is used. If none of these conditions are true, the login hint parameter is not included on the authorization request to the identity provider.
            registration:
              type: object
              description: Specifies the account registration options.
              properties:
                confirmIdentityProviderAttributes:
                  type: boolean
                  default: false
                  description: A boolean that specifies whether users must confirm data returned from an identity provider prior to registration. Users can modify the data and omit non-required attributes. Modified attributes are added to the user's profile during account creation. This is an optional property. If omitted, the default value is set to false.
                enabled:
                  type: boolean
                  description: A boolean that specifies the enabled/disabled state of the policy action. The property is disabled by default when creating a new policy. When enabled, it allows the use of the new user registration flow. This attribute should be set to true when implementing the social login sign-on policy option.
                population:
                  type: object
                  properties:
                    id:
                      type: string
                      description: A string that specifies the population ID associated with the newly registered user.
                  required:
                    - id
              required:
                - enabled
          required:
            - identityProvider
    SignOnPolicyActionAgreement:
      allOf:
        - $ref: '#/components/schemas/SignOnPolicyActionCommon'
        - type: object
          properties:
            agreement:
              type: object
              description: The relationship to the agreement to which the user must consent. The agreement must exist and be enabled. An agreement cannot be disabed if an action uses it. An enabled agreement must always support the default language. This property is required.
              properties:
                id:
                  type: string
                  description: A string that specifies the ID of the agreement to which the user must consent. This property is required.
              required:
                - id
            disableDeclineOption:
              type: boolean
              description: When enabled, the `Do Not Accept` button will terminate the Flow and display an error message to the user.
          required:
            - agreement
    SignOnPolicyActionProgressiveProfiling:
      allOf:
        - $ref: '#/components/schemas/SignOnPolicyActionCommon'
        - type: object
          properties:
            attributes:
              type: array
              items:
                type: object
                properties:
                  name:
                    type: string
                    description: A string that specifies the name and path of the user profile attribute as defined in the user schema (for example, email or address.postalCode). This property is required.
                  required:
                    type: boolean
                    description: A boolean that specifies whether the user is required to provide a value for the attribute. This property is required.
                required:
                  - name
                  - required
            preventMultiplePromptsPerFlow:
              type: boolean
              description: A boolean that specifies whether the progressive profiling action will not be executed if another progressive profiling action has already been executed during the flow. This property is required.
            promptIntervalSeconds:
              type: integer
              minimum: 1
              description: An integer that specifies how often to prompt the user to provide profile data for the configured attributes for which they do not have values. This property is required.
            promptText:
              type: string
              description: A string that specifies text to display to the user when prompting for attribute values. This property is required.
          required:
            - attributes
            - preventMultiplePromptsPerFlow
            - promptIntervalSeconds
            - promptText
    SignOnPolicyActionPingID:
      $ref: '#/components/schemas/SignOnPolicyActionCommon'
    SignOnPolicyActionPingIDWinLoginPasswordless:
      allOf:
        - $ref: '#/components/schemas/SignOnPolicyActionCommon'
        - type: object
          properties:
            uniqueUserAttribute:
              type: object
              properties:
                name:
                  type: string
                  description: Schema attributes to match against the provided identifier when searching for a user in the directory. Only unique attributes may be included.
              required:
                - name
            offlineMode:
              type: object
              properties:
                enabled:
                  type: boolean
                  description: Select this option to allow users to log in when PingOne and or PingID are not available.
              required:
                - enabled
          required:
            - uniqueUserAttribute
            - offlineMode
    SignOnPolicyAssignment:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        application:
          $ref: '#/components/schemas/ObjectApplication'
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        id:
          type: string
          description: A string that specifies the sign-on policy assignment resource’s unique identifier.
          readOnly: true
        priority:
          type: integer
          description: The order in which the policy referenced by this assignment is evaluated during an authentication flow relative to other policies. An assignment with a lower priority will be evaluated first.
          minimum: 1
        signOnPolicy:
          type: object
          description: The sign-on policy associated with this sign-on policy assignment
          properties:
            id:
              type: string
              description: A string that specifies the sign-on policy resource's unique identifier associated with this sign-on policy assignment.
          required:
            - id
      required:
        - signOnPolicy
        - priority
    Subscription:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the key resource expires.The date and time at which the subscription resource was created (ISO 8601 format).
        enabled:
          type: boolean
          description: A boolean that specifies whether a created or updated subscription should be active or suspended. A suspended state (`"enabled":false`) accumulates all matched events, but these events are not delivered until the subscription becomes active again (`"enabled":true`). For suspended subscriptions, events accumulate for a maximum of two weeks. Events older than two weeks are deleted. Restarted subscriptions receive the saved events (up to two weeks from the restart date). This is a required property.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        filterOptions:
          type: object
          properties:
            includedActionTypes:
              type: array
              description: A non-empty array that specifies the list of action types that should be matched for the subscription. This is a required property.
              items:
                type: string
            includedApplications:
              type: array
              description: An array that specifies the list of applications (by ID) whose events are monitored by the subscription (maximum of 10 IDs in the array). This is an optional property. If a list of applications is not provided, events are monitored for all applications in the environment.
              items:
                type: object
                maxItems: 10
                properties:
                  id:
                    type: string
                required:
                  - id
            includedPopulations:
              type: array
              description: An array that specifies the list of populations (by ID) whose events are monitored by the subscription (maximum of 10 IDs in the array). This property matches events for users in the specified populations, as opposed to events generated in which the user in one of the populations is the actor. This is an optional property.
              items:
                type: object
                maxItems: 10
                properties:
                  id:
                    type: string
                required:
                  - id
            includedTags:
              type: array
              description: An array of tags that events must have to be monitored by the subscription. If tags are not specified, all events are monitored. Currently, the available tags are `adminIdentityEvent`. Identifies the event as the action of an administrator on other administrators.
              items:
                $ref: '#/components/schemas/EnumSubscriptionFilterIncludedTags'
            ipAddressExposed:
              type: boolean
              description: Whether the IP address of an actor should be present in the `source` section of the event.
              default: false
            userAgentExposed:
              type: boolean
              description: Whether the User-Agent HTTP header of an event should be present in the `source` section of the event.
              default: false
          required:
            - includedActionTypes
        format:
          $ref: '#/components/schemas/EnumSubscriptionFormat'
        id:
          type: string
          description: A string that specifies the user resource’s unique identifier.
          readOnly: true
        httpEndpoint:
          type: object
          properties:
            url:
              type: string
              description: A string that specifies a valid HTTPS URL to which event messages are sent. This is a required property.
            headers:
              type: object
              description: An object map of strings that specifies the headers applied to the outbound request (for example, `Authorization` `Basic usernamepassword`. The purpose of these headers is for the HTTPS endpoint to authenticate the PingOne service, ensuring that the information from PingOne is from a trusted source.
              additionalProperties:
                type: string
          required:
            - url
        name:
          type: string
          description: A string that specifies the subscription name. This is a required property.
        tlsClientAuthKeyPair:
          type: object
          description: An onject that describes the TLS client authentication key pair to use for mTLS.
          properties:
            id:
              type: string
              description: The ID of a key to be used for outbound mutual TLS (mTLS) authentication. This key is used as a client credential to authenticate the webhook. The key must have a `usageType` of `OUTBOUND_MTLS`. See [Certificate management](https://apidocs.pingidentity.com/pingone/platform/v1/api/#certificate-management) for information on creating a key. If this property is set, `verifyTlsCertificates` must be set to `true`.
        updatedAt:
          type: string
          format: date-time
          readOnly: true
          description: The date and time at which the subscription resource was last updated (ISO 8601 format).
        verifyTlsCertificates:
          type: boolean
          description: A boolean that specifies whether a certificates should be verified. If this property's value is set to false, then all certificates are trusted. (Setting this property's value to false introduces a security risk.) This is a required property.
      required:
        - enabled
        - filterOptions
        - format
        - httpEndpoint
        - name
        - verifyTlsCertificates
    Template:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          description: The template id
          readOnly: true
        displayName:
          type: string
          description: The template’s display name.
        deliveryMethods:
          type: array
          description: The delivery methods supported for this template. Valid values are `SMS`, `Voice`, `Email` and `Push`.
          items:
            type: string
            enum: [SMS, Voice, Email, Push]
        createdAt:
          type: string
          description: The time the resource was created.
          readOnly: true
        updatedAt:
          type: string
          description: The time the resource was last updated.
          readOnly: true
        description:
          type: string
          description: The description of the template.
        variables:
          type: object
          description: Lists the variables you can use in each template content. The `required` property indicates whether the variable is required in template content. If `required` is `true`, the `requiredForDeliveryMethods` property lists the `deliveryMethods` types that require the variable. Note that if `required` is `true`, but `requiredForDeliveryMethods` is not returned, all `deliveryMethods` types are required. For more information, see [Variables](https://apidocs.pingidentity.com/pingone/platform/v1/api/#notifications-templates-variables).
        allowDynamicVariables:
          type: boolean
          description: Specifies whether dynamic variables can be used in the template's contents. For more information, see [Dynamic variables](https://apidocs.pingidentity.com/pingone/platform/v1/api/#notifications-templates-dynamic-variables).
      required:
        - displayName
        - deliveryMethods
        - variables
    TemplateContent:
      oneOf:
        - $ref: '#/components/schemas/TemplateContentEmail'
        - $ref: '#/components/schemas/TemplateContentSMS'
        - $ref: '#/components/schemas/TemplateContentPush'
        - $ref: '#/components/schemas/TemplateContentVoice'
    TemplateContentCommon:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          description: The template id.
          readOnly: true
        createdAt:
          type: string
          description: The time the resource was created.
          readOnly: true
        updatedAt:
          type: string
          description: The time the resource was last updated.
          readOnly: true
        default:
          type: boolean
          description: Specifies whether the template is a predefined default template.
        locale:
          type: string
          description: |
            A valid case-insensitive locale, complying with the ISO-639 language code and ISO-3166 country code standards:
            Two-character language code, for example, "en".
            Two-character language code followed by a two-character country code, separated by an underscore or dash, for example: "en_GB", "en-GB".
            Cannot be changed after it is initially set in `POST /environments/{{envID}}/templates/{{templateName}}/contents`.
        deliveryMethod:
          $ref: '#/components/schemas/EnumTemplateContentDeliveryMethod'
        variant:
          type: string
          description: Holds the unique user-defined name for each content variant that uses the same template + `deliveryMethod` + `locale` combination. This property is case insensitive and has a limit of 100 characters. For more information, see [Creating custom contents](https://apidocs.pingidentity.com/pingone/platform/v1/api/#notifications-templates-creating-custom-contents).
      required:
        - locale
        - deliveryMethod
    TemplateContentEmail:
      allOf:
        - $ref: '#/components/schemas/TemplateContentCommon'
        - type: object
          properties:
            body:
              type: string
              description: The email text. Email text cannot be larger than 100 kB. Email text can contain HTML. If supported, this can include variables.
            from:
              type: object
              properties:
                name:
                  type: string
                  description: |
                    The email's sender name.
                    If the environment uses the Ping Identity email sender, the name "PingOne" is used.
                    You can configure other email sender names per environment.
                    See [Note](https://apidocs.pingidentity.com/pingone/platform/v1/api/#from-replyTo-note) for details.
                  default: PingOne
                address:
                  type: string
                  description: |
                    The sender email address.
                    If the environment uses the Ping Identity email sender, or if the address field is empty, the address "noreply@pingidentity.com" is used.
                    You can configure other email sender addresses per environment.
                    See [Note](https://apidocs.pingidentity.com/pingone/platform/v1/api/#from-replyTo-note) for details.
                  default: noreply@pingidentity.com
            subject:
              type: string
              description: The email's subject line. Cannot exceed 256 characters. If supported, can include variables.
              maxLength: 256
            replyTo:
              type: object
              properties:
                name:
                  type: string
                  description: |
                    The email's "reply to" name.
                    If the environment uses the Ping Identity email sender, the name "PingOne" is used.
                    You can configure other email "reply to" names per environment.
                    See [Note](https://apidocs.pingidentity.com/pingone/platform/v1/api/#from-replyTo-note) for details.
                  default: PingOne
                address:
                  type: string
                  description: |
                    The "reply to" email address.
                    If the environment uses the Ping Identity email sender, or if the address field is empty, the address "noreply@pingidentity.com" is used.
                    You can configure other email "reply to" addresses per environment.
                    See [Note](https://apidocs.pingidentity.com/pingone/platform/v1/api/#from-replyTo-note) for details.
                  default: noreply@pingidentity.com
            charset:
              type: string
              description: If not specified, `UTF-8` is the default value.
              default: UTF-8
            emailContentType:
              type: string
              description: If not specified, `text/html` is the default value.
              default: text/html
          required:
            - body
    TemplateContentSMS:
      allOf:
        - $ref: '#/components/schemas/TemplateContentCommon'
        - type: object
          properties:
            content:
              type: string
              description: |
                The SMS text.
                UC-2 encoding is used for text that contains non GSM-7 characters. UC-2 encoded text cannot exceed 67 characters. GSM-7 encoded text cannot exceed 153 characters. If supported, it can include variables.
              maxLength: 153
            sender:
              type: string
              description: The SMS sender ID. This property can contain only alphanumeric characters and spaces, and its length cannot exceed 11 characters. In some countries, it is impossible to send an SMS with an alphanumeric sender ID. For those countries, the sender ID must be empty. For SMS recipients in specific countries, refer to Twilio's documentation on [International support for Alphanumeric Sender ID](https://support.twilio.com/hc/en-us/articles/223133767-International-support-for-Alphanumeric-Sender-ID).
              maxLength: 11
          required:
            - content
    TemplateContentPush:
      allOf:
        - $ref: '#/components/schemas/TemplateContentCommon'
        - type: object
          properties:
            title:
              type: string
              description: The push title (maximum 200 characters). If supported, this can include variables.
              maxLength: 200
            body:
              type: string
              description: The push text (maximum 400 characters for push text). If supported, this can include variables.
              maxLength: 400
            pushCategory:
              $ref: '#/components/schemas/EnumTemplateContentPushCategory'
          required:
            - body
            - title
    TemplateContentVoice:
      allOf:
        - $ref: '#/components/schemas/TemplateContentCommon'
        - type: object
          properties:
            content:
              type: string
              description: |
                The voice text.  Limited to 1Kb characters.
                  The following substitution place holders can be embedded in the message:
                  * `<pause1sec>`: Pauses the message narration for 1 second.
                    The pause interval <pause1sec> cannot be modified. To pause the message narration for more than one second, repeat multiple `<pause1sec>` occurrences in succession, according to the desired pause interval duration. For example, `<pause1sec><pause1sec><pause1sec>` pauses the message narration for three seconds.
                  * `<sayCharValue> .. </sayCharValue>`: Reads the character name of each character of the enclosed string separately.
                  * `<repeatMessage val=x> .. </repeatMessage>`: Narrates the enclosed text `<val>` number of times.
                  
                  In the following message example, `${otp}` is assigned the value `"123456"`, and `${email}` is assigned the value `"joe@bxz.com"`:
                  ```
                  Hello <pause1sec> your authentication code is 
                  <sayCharValue>${otp}</​sayCharValue> 
                  <repeatMessage val=2> I repeat your code is 
                  <sayCharValue>${otp}</​sayCharValue>
                  </​repeatMessage> <pause1sec> 
                  Mail <sayCharValue>${email}</​sayCharValue> for help
                  ```
                  The narrated message on the voice call sounds like:
                  ```
                  HELLO <1 second silence> YOUR AUTHENTICATION CODE IS 
                  ONE TWO THREE FOUR FIVE SIX 
                  I REPEAT YOUR CODE IS ONE TWO THREE FOUR FIVE SIX 
                  I REPEAT YOUR CODE IS ONE TWO THREE FOUR FIVE SIX <1 second silence> 
                  MAIL JAY OH EE AT BEE EX ZEE DOT SEE OH EM FOR HELP
                  ```
            voice:
              type: string
              description: |
                Voice OTP supports vendor-specific voices.
                  * Supported Twilio voices:
                    * Man, Woman
                      Supported locales (default: en):
                      en, en_GB, es, fr, de
                    * Alice (Twilio only)
                      Supported locales (default: en US):
                      da_DK, de_DE, en_AU, en_CA, en_GB, en_US, ca_ES, es_ES, es_MX, fi_FI, fr_CA, fr_FR, it_IT, ja_JP, ko_KR, nb_NO, nl_NL, pl_PL, pt_BR, pt_PT, ru_RU, sv_SE, zh_CN, zh_HK, zh_TW
                    * Amazon Polly
                      cy_GB, ro_RO, is_IS, hi_IN tr_TR
                  * Supported Syniverse voices:
                    * Man, Woman
                      Supported locales:
                      en_US, en_GB, es_ES, es_US, fr_FR, de_DE, it_IT, en_AU, da_DK, is_IS, nl_NL, pl_PL, pt_BR, pt_PT, ru_RU, ja_JP
                    * Woman only
                      Supported locales:
                      cmn_CN, cy_GB, en_IN, fr_CA, hi_IN, nb_NO, ro_RO, sv_SE, tr_TR, ko_KR, ar
          required:
            - content
    TemplateContentBulkVariant:
      type: object
    User:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        account:
          $ref: '#/components/schemas/UserAccount'
        address:
          type: object
          properties:
            countryCode:
              type: string
              pattern: '[A-Z]{2}'
              description: A string that specifies the country name component. When specified, the value must be in ISO 3166-1 `alpha-2` code format [ISO3166]. For example, the country codes for the United States and Sweden are `US` and "SE", respectively. Valid characters consist of two upper-case letters (regex `[A-Z]{2}`).
            locality:
              type: string
              pattern: '^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$'
              minLength: 1
              maxLength: 256
              description: A string that specifies the city or locality component of the address. The string can contain any letters, numbers, combining characters, math and currency symbols, dingbats and drawing characters, and invisible whitespace (regex `^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$`). It can have a length of no more than 256 characters (min/max=1/256).
            postalCode:
              type: string
              pattern: '^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$'
              minLength: 1
              maxLength: 40
              description: A string that specifies the zip code or postal code component of the address. The string can contain any letters, numbers, combining characters, math and currency symbols, dingbats and drawing characters, and invisible whitespace (regex `^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$`). It can have a length of no more than 40 characters (min/max=1/40).
            region:
              type: string
              pattern: '^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$'
              minLength: 1
              maxLength: 256
              description: A string that specifies the state or region component of the address. The string can contain any letters, numbers, combining characters, math and currency symbols, dingbats and drawing characters, and invisible whitespace (regex `^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$`). It can have a length of no more than 256 characters (min/max=1/256).
            streetAddress:
              type: string
              pattern: '^[\p{L}\p{M}\p{N}\p{Zs}\p{P}\n\r]*$'
              minLength: 1
              maxLength: 256
              description: A string that specifies the full street address component, which may include house number, street name, P.O. box, and multi-line extended street address information. This attribute may contain newlines (regex `^[\p{L}\p{M}\p{N}\p{Zs}\p{P}\n\r]*$`). It can have a length of no more than 256 characters (min/max=1/256).
        createdAt:
          type: string
          format: date-time
          readOnly: true
          description: The time the resource was created.
        email:
          type: string
          description: A string that specifies the user’s email address, which must be provided and valid. For more information about email address formatting, see section 3.4 of RFC 2822, Internet Message Format.
        emailVerified:
          type: boolean
          readOnly: true
          description: Whether the user’s email is verified. An email address can be verified during account verification. If the email address used to request the verification code is the same as the user’s email at verification time (and the verification code is valid), then the email is verified. The value of this property can be set on user import.
        enabled:
          type: boolean
          readOnly: true
          description: A read-only boolean attribute that specifies whether the user is enabled. This attribute is set to ‘true’ by default when the user is created.
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        externalId:
          type: string
          minLength: 1
          maxLength: 1024
          description: A string that specifies an identifier for the user resource as defined by the provisioning client. This is optional. This may be explicitly set to null when updating a user to unset it. The externalId attribute simplifies the correlation of the user in PingOne with the user’s account in another system of record. The platform does not use this attribute directly in any way, but it is used by Ping Identity’s Data Sync product. It can have a length of no more than 1024 characters (min/max=1/1024).
        id:
          type: string
          description: A string that specifies the user resource’s unique identifier.
          readOnly: true
        identityProvider:
          type: object
          properties:
            id:
              type: string
              description: A mutable string that identifies the external identity provider used to authenticate the user. If not provided, PingOne is the identity provider. This attribute is required if the identity provider is authoritative for just-in-time user provisioning.
            type:
              $ref: '#/components/schemas/EnumIdentityProvider'
              readOnly: true
        lastSignOn:
          type: object
          readOnly: true
          properties:
            at:
              type: string
              format: date-time
              description: The time of the last successful login of the user through the PingOne flow API.
            remoteIp:
              type: string
              description: The IP address of the last successful login of the user through the PingOne flow API.
        lifecycle:
          type: object
          properties:
            status:
              $ref: '#/components/schemas/EnumUserLifecycleStatus'
            suppressVerificationCode:
              type: boolean
              description: Used when importing a user and the lifecycle.status is set to VERIFICATION_REQUIRED. If this property is set to true, no verification email is sent to the user. If this property is omitted or set to false, a verification email is sent automatically to the user.
        locale:
          type: string
          pattern: '^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$'
          minLength: 1
          maxLength: 256
          description: A string that specifies the user’s default location, which is optional. This may be explicitly set to null when updating a user to unset it. This is used for purposes of localizing such items as currency, date time format, or numerical representations. If provided, it must be a valid language tag as defined in RFC 5646. The following are example tags fr, en-US, es-419, az-Arab, man-Nkoo-GN. The string can contain any letters, numbers, combining characters, math and currency symbols, dingbats and drawing characters, and invisible whitespace (regex `^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$`). It can have a length of no more than 256 characters (min/max=1/256).
        memberOfGroupIDs:
          type: array
          readOnly: true
          description: A read-only array of IDs for the groups the user is a member of. This property is returned for GET /environments/{environmentID}/users/{userID} when include=memberOfGroupIDs is appended to the request. This property is not returned with a list of users.
          items:
            type: string
        memberOfGroupNames:
          type: array
          readOnly: true
          description: A read-only array of names for the groups the user is a member of. This property is returned for GET /environments/{environmentID}/users/{userID} when include=memberOfGroupNames is appended to the request. This property is not returned with a list of users.
          items:
            type: string
        mfaEnabled:
          type: boolean
          description: A boolean attribute that specifies whether multi-factor authentication is enabled. This attribute is set to false by default when the user is created. You can set mfaEnabled to true with POST CREATE User, POST CREATE User (Import), or PUT UPDATE User MFA Enabled. You cannot update mfaEnabled with PUT UPDATE User or PATCH UPDATE User.
        mobilePhone:
          type: string
          maxLength: 32
          description: A string that specifies the user’s native phone number, which is optional. This might also match the primaryPhone attribute. This may be explicitly set to null when updating a user to unset it. Valid phone numbers must have at least one number and a maximum character length of 32.
        name:
          type: object
          properties:
            family:
              type: string
              pattern: '^[\p{L}\p{M}\p{N}'' .-]*$'
              minLength: 1
              maxLength: 256
              description: A string that specifies the family name of the user, or Last in most Western languages (for example, ‘Jensen’ given the full name ‘Ms. Barbara J Jensen, III’). This may be explicitly set to null when updating a name to unset it. Valid characters consist of any Unicode letter, mark (for example, accent, umlaut), space, dot, apostrophe, or hyphen (regex `^[\p{L}\p{M}\p{N}' .-]*$`). It can have a length of no more than 256 characters (min/max=1/256).
            formatted:
              type: string
              pattern: '^[\p{L}\p{M}\p{N}'' .-]*$'
              minLength: 1
              maxLength: 256
              description: A string that specifies the fully formatted name of the user (for example ‘Ms. Barbara J Jensen, III’). This can be explicitly set to null when updating a name to unset it. Valid characters consist of any Unicode letter, mark (for example, accent, umlaut), space, dot, apostrophe, or hyphen (regex `^[\p{L}\p{M}\p{N}' .-]*$`). It can have a length of no more than 256 characters (min/max=1/256).
            given:
              type: string
              pattern: '^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$'
              minLength: 1
              maxLength: 256
              description: A string that specifies the given name of the user, or First in most Western languages (for example, ‘Barbara’ given the full name ‘Ms. Barbara J Jensen, III’). This may be explicitly set to null when updating a name to unset it. The string can contain any letters, numbers, combining characters, math and currency symbols, dingbats and drawing characters, and invisible whitespace (regex `^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$`). It can have a length of no more than 256 characters (min/max=1/256).
            honorificPrefix:
              type: string
              description: A string that specifies the honorific prefix(es) of the user, or title in most Western languages (for example, ‘Ms.’ given the full name ‘Ms. Barbara Jane Jensen, III’). This can be explicitly set to null when updating a name to unset it.
            honorificSuffix:
              type: string
              description: A string that specifies the honorific suffix(es) of the user, or suffix in most Western languages (for example, ‘III’ given the full name ‘Ms. Barbara Jane Jensen, III’). This can be explicitly set to null when updating a name to unset it.
            middle:
              type: string
              pattern: '^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$'
              minLength: 1
              maxLength: 256
              description: A string that specifies the the middle name(s) of the user (for exmple, ‘Jane’ given the full name ‘Ms. Barbara Jane Jensen, III’). This can be explicitly set to null when updating a name to unset it. The string can contain any letters, numbers, combining characters, math and currency symbols, dingbats and drawing characters, and invisible whitespace (regex `^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$`). It can have a length of no more than 256 characters (min/max=1/256).
        nickname:
          type: string
          pattern: '^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$'
          minLength: 1
          maxLength: 256
          description: A string that specifies the user’s nickname, which is optional. This can be explicitly set to null when updating a user to unset it. The string can contain any letters, numbers, combining characters, math and currency symbols, dingbats and drawing characters, and invisible whitespace (regex `^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$`). It can have a length of no more than 256 characters (min/max=1/256).
        password:
          type: object
          description: An object that specifies the user's password. This property is never returned in the response.
          properties:
            forceChange:
              type: boolean
              description: A boolean that specifies whether the user is forced to change the password on the next log in. If not provided, the property is set to false.
            value:
              type: string
              format: password
              description: A string that specifies the user's password value. The string is either in cleartext or pre-encoded format.
            external:
              type: object
              description: An object that maps the information relevant to the user’s password, and its association to external directories.
              properties:
                gateway:
                  type: object
                  description: An object containing the gateway properties. When this is value is specified, the user’s password is managed in an external directory. You can set the user password using Create User (Import) or Update Password (Set).
                  properties:
                    id:
                      type: string
                      description: The UUID of the linked gateway that references the remote directory.
                    type:
                      $ref: '#/components/schemas/EnumGatewayType'
                    userType:
                      type: object
                      description: A reference to a userType in the list of userTypes values for an LDAP gateway.
                      properties:
                        id:
                          type: string
                          description: The UUID of a user type in the list of userTypes for the LDAP gateway.
                    correlationAttributes:
                      type: object
                      description: An object that maps the external LDAP directory attributes to PingOne attributes. We use the correlationAttributes values to read the attributes from the external LDAP directory and map them to the corresponding PingOne attributes.
        photo:
          type: object
          properties:
            href:
              type: string
              description: A string that specifies the URI that is a uniform resource locator (as defined in Section 1.1.3 of RFC 3986) that points to a resource location representing the user’s image. This can be removed from a user by setting the photo attribute to null. If provided, the resource must be a file (for example, a GIF, JPEG, or PNG image file) rather than a web page containing an image. It must be a valid URL that starts with the HTTP or HTTPS scheme.
          required:
            - href
        population:
          type: object
          properties:
            id:
              type: string
              description: A string that specifies the identifier of the population resource associated with the user. This property cannot be updated using PUT {{apiPath}}/environments/{{environmentID}}/users/{{userID}}. However, it can be updated using PUT /environments/{{environmentID}}/users/{{userID}}/population.
          required:
            - id
        preferredLanguage:
          type: string
          description: A string that specifies the user’s preferred written or spoken languages, which are optional. This may be explicitly set to null when updating a user to unset it. If provided, the format of the value must be a valid language range and the same as the HTTP Accept-Language header field (not including Accept-Language:) and is specified in Section 5.3.5 of RFC 7231. For example en-US, en-gb;q=0.8, en;q=0.7.
        primaryPhone:
          type: string
          minLength: 1
          maxLength: 32
          description: A string that specifies the user’s primary phone number, which is optional. This might also match the mobilePhone attribute. This may be explicitly set to null when updating a user to unset it. Valid phone numbers must have at least one number and a maximum character length of 32.
        timezone:
          type: string
          pattern: '^\w+\/\w+$'
          description: A string that specifies the user’s time zone, which is optional. This can be explicitly set to null when updating a user to unset it. If provided, it must conform with the IANA Time Zone database format [RFC6557], also known as the `Olson` time zone database format [Olson-TZ] for example, `America/Los_Angeles` (regex `^\w+\/\w+$`).
        title:
          type: string
          pattern: '^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$'
          minLength: 1
          maxLength: 256
          description: A string that specifies the user’s title, which is optional, such as "Vice President". This can be explicitly set to null when updating a user to unset it. The string can contain any letters, numbers, combining characters, math and currency symbols, dingbats and drawing characters, and invisible whitespace (regex `^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$`). It can have a length of no more than 256 characters (min/max=1/256).
        type:
          type: string
          pattern: '^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$'
          minLength: 1
          maxLength: 256
          description: A string that specifies the user’s type, which is optional. This can be explicitly set to null when updating a user to unset it. This attribute is organization-specific and has no special meaning within the PingOne platform. It could have values of "Contractor", "Employee", "Intern", "Temp", "External", and `Unknown`. The string can contain any letters, numbers, combining characters, math and currency symbols, dingbats and drawing characters, and invisible whitespace (regex `^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$`). It can have a length of no more than 256 characters (min/max=1/256).
        updatedAt:
          type: string
          description: The time the resource was last updated.
          format: date-time
          readOnly: true
        username:
          type: string
          pattern: '^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$'
          minLength: 1
          maxLength: 128
          description: A string that specifies the user name, which must be provided and must be unique within an environment. The username must either be a well-formed email address or a string. The string can contain any letters, numbers, combining characters, math and currency symbols, dingbats and drawing characters, and invisible whitespace (regex `^[\p{L}\p{M}\p{Zs}\p{S}\p{N}\p{P}]*$`). It can have a length of no more than 128 characters (min/max=1/128).
        verifyStatus:
          $ref: '#/components/schemas/EnumUserVerifyStatus'
      required:
        - email
        - username
    UserApplicationRoleAssignment:
      type: object
      properties:
        environment:
          $ref: '#/components/schemas/ObjectEnvironment'
        id:
          type: string
          description: Specifies the application role ID to assign to the specified user.
        name:
          type: string
          description: Specifies the name of the application role assigned to the user.
        description:
          type: string
          description: Specifies the description of the application role assigned to the user.
      required:
        - id
    UserAccount:
      type: object
      properties:
        canAuthenticate:
          type: boolean
          description: A boolean that specifies whether the user can authenticate. If the value is set to `false`, the account is locked or the user is disabled, and unless specified otherwise by the administrative configuration, the user will be unable to authenticate.
        lockedAt:
          type: string
          format: date-time
          readOnly: true
          description: A string that specifies the date-time the specified user account was locked. This property might be absent if the account is unlocked or if the account was locked out automatically by failed password attempts.
        secondsUntilUnlock:
          type: integer
          readOnly: true
          description: An integer that specifies the number of seconds until the user's account is unlocked. This property is absent if the account is unlocked, or if it will not automatically unlock (and must be unlocked by an administrator).
        status:
          $ref: '#/components/schemas/EnumUserStatus'
        unlockAt:
          type: string
          format: date-time
          description: A string that specifies the time the specified user account will be unlocked. This property is absent if the account is unlocked, or if it will not automatically unlock (and must be unlocked by an administrator).
      required:
        - canAuthenticate
        - status
    UserEnabled:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        enabled:
          type: boolean
          default: true
          description: A read-only boolean attribute that specifies whether the user is enabled. This attribute is set to ‘true’ by default when the user is created.
    UserPopulation:
      type: object
      properties:
        '_links':
          $ref: '#/components/schemas/LinksHATEOAS'
        id:
          type: string
          description: A string that specifies the population ID associated with the user resource ID identified in the request URL.
      required:
        - id
  responses:
    '400':
      description: Invalid request received.  Malformed JSON, malformed HTTP request.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/P1Error'
    '401':
      description: Request failed due to authorization issue.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/P1Error'
    '403':
      description: Request failed due to authorization issue.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/P1Error'
    '404':
      description: Not found.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/P1Error'
    '405':
      description: Invalid request received.  Malformed JSON, malformed HTTP request.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/P1Error'
    '409':
      description: Conflict.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/P1Error'
    '429':
      description: Request was rate limited
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/P1Error'
    '500':
      description: Uncaught error occurred.  Platform outage
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/P1Error'
security:
  - bearer: []
tags:
  - name: Management APIs
  - name: Accounting for Latency
  - name: Active Identity Counts
  - name: Agreement Management
  - name: Agreements Resources
  - name: Agreement Languages Resources
  - name: Agreement Revisions Resources
  - name: Alerting
  - name: Applications
  - name: Application Secret
  - name: Application Resource Grants
  - name: Application Flow Policy Assignments
  - name: Application Sign-On Policy Assignments
  - name: Application Role Assignments
  - name: Application Attribute Mapping
  - name: Application MFA Push Credentials
  - name: Audit Activities
  - name: Authentications per Application
  - name: Bill of Materials (BOM)
  - name: Branding Settings
  - name: Branding Themes
  - name: Capabilities
  - name: Certificate Management
  - name: Custom Domains
  - name: Device Authentication Policy
  - name: Environments
  - name: Flow Policies
  - name: Gateway Management
  - name: Gateways
  - name: Gateway Credentials
  - name: Gateway Instances
  - name: Gateway Role Assignments
  - name: Groups
  - name: Identity Propagation (Provisioning)
  - name: Key Rotation Policies
  - name: >-
      Propagation
      Revisions
  - name: Propagation Plans
  - name: Propagation Stores
  - name: >-
      Propagation Store
      Metadata
  - name: Propagation Rules
  - name: >-
      Propagation
      Mappings
  - name: Identity Provider Management
  - name: Identity Providers
  - name: >-
      Identity Provider
      Attributes
  - name: Images
  - name: Integration Catalog
  - name: Language Management
  - name: Languages
  - name: Language Localization Status
  - name: Licenses
  - name: Notifications
  - name: Notifications Templates
  - name: Notifications Settings
  - name: Notifications Settings (SMTP)
  - name: Phone Delivery Settings
  - name: Trusted Email Domains
  - name: Trusted Email Addresses
  - name: Organizations
  - name: Password Policies
  - name: Populations
  - name: Resources
  - name: Resource Scopes
  - name: Resource Attributes
  - name: Roles
  - name: Schemas
  - name: Sign-On Policies
  - name: Sign-On Policy Actions
  - name: Subscriptions (webhooks)
  - name: Total Identities
  - name: User Activities
  - name: Users
  - name: Group Membership
  - name: Enable Users
  - name: Linked Accounts
  - name: User Populations
  - name: User Passwords
  - name: User Role Assignments
  - name: User ID Verification
  - name: User Agreement Consents
  - name: User Accounts
  - name: Sessions
paths:
  /environments:
    get:
      tags:
        - Environments
      summary: READ All Environments
      operationId: readAllEnvironments
      parameters:
        - name: limit
          in: query
          schema:
            type: integer
          description: Adding a paging value to limit the number of resources displayed per page
        - name: cursor
          in: query
          schema:
            type: string
          description: Adding a cursor value to retrieve the next page of results, used with the `limit` parameter. The cursor value is returned in the `_links.next.href` link in the response payload.
        - name: filter
          in: query
          schema:
            type: string
          description: Adding a SCIM filter for an environment to display only those resources associated with the specified environment. 'sw', 'eq' and 'and' are supported
          example: name sw "S" and license.id eq "34f0efac-21d9-4a17-8a35-196bb3362983"
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Environments
      summary: CREATE Environment (Active License)
      operationId: createEnvironmentActiveLicense
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Environment'
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Environment'
  /environments/{environmentID}:
    get:
      tags:
        - Environments
      summary: READ One Environment
      operationId: readOneEnvironment
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Environment'
    put:
      tags:
        - Environments
      summary: UPDATE Environment
      operationId: updateEnvironment
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Environment'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Environment'
    delete:
      tags:
        - Environments
      summary: DELETE Environment
      operationId: deleteEnvironment
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/activeIdentityCounts:
    get:
      tags:
        - Active Identity Counts
      summary: READ Active Identity Counts (Deprecated)
      parameters:
        - name: filter
          in: query
          schema:
            type: string
          example: startDate ge "2019-05-01T19:00:00Z" and samplingPeriod eq "10"
        - name: limit
          in: query
          schema:
            type: integer
            minimum: 1
            maximum: 100
          description: Adding a paging value to limit the number of resources displayed per page
        - name: order
          in: query
          schema:
            type: string
          example: '-startDate'
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/metrics/activeIdentityCounts:
    get:
      tags:
        - Active Identity Counts
      summary: READ Active Identity Counts by Date Range
      parameters:
        - name: filter
          in: query
          schema:
            type: string
          example: startDate ge "2020-05-01T19:00:00Z"
        - name: limit
          in: query
          schema:
            type: integer
          example: '10'
        - name: order
          in: query
          schema:
            type: string
          example: '-startDate'
        - name: samplePeriod
          in: query
          schema:
            type: string
          example: MONTH
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/adminConfig:
    get:
      tags:
        - Administrator Security
      summary: READ Administrator Security
      operationId: readAdministratorSecurity
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AdministratorSecurity'
    put:
      tags:
        - Administrator Security
      summary: UPDATE Administrator Security
      operationId: updateAdministratorSecurity
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AdministratorSecurity'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AdministratorSecurity'
  /environments/{environmentID}/agreements:
    post:
      tags:
        - Agreements Resources
      summary: CREATE Agreement
      operationId: createAgreement
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Agreement'
              example:
                name: Agreement_2
                description: Terms of service agreement
                reconsentPeriodDays: 180
                enabled: false
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Agreement'
    get:
      tags:
        - Agreements Resources
      summary: READ All Agreements
      operationId: readAllAgreements
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/agreements/{agreementID}:
    get:
      tags:
        - Agreements Resources
      summary: READ One Agreement
      operationId: readOneAgreement
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: agreementID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Agreement'
    put:
      tags:
        - Agreements Resources
      summary: UPDATE Agreement
      operationId: updateAgreement
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Agreement'
              example:
                name: Agreement_1_UPDATED_{{$timestamp}}
                reconsentPeriodDays: 360
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: agreementID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Agreement'
    delete:
      tags:
        - Agreements Resources
      summary: DELETE Agreement
      operationId: deleteAgreement
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: agreementID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/agreements/{agreementID}/languages:
    post:
      tags:
        - Agreement Languages Resources
      summary: CREATE Language
      operationId: createAgreementLanguage
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AgreementLanguage'
              example:
                locale: en-US
                displayName: Language_1
                enabled: true
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: agreementID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgreementLanguage'
    get:
      tags:
        - Agreement Languages Resources
      summary: READ All Languages
      operationId: readAllAgreementLanguages
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: agreementID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/agreements/{agreementID}/languages/{languageID}:
    get:
      tags:
        - Agreement Languages Resources
      summary: READ One Language
      operationId: readOneAgreementLanguage
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: agreementID
          in: path
          schema:
            type: string
          required: true
        - name: languageID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgreementLanguage'
    put:
      tags:
        - Agreement Languages Resources
      summary: UPDATE Language
      operationId: updateAgreementLanguage
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AgreementLanguage'
              example:
                locale: en-CH
                displayName: Language_{{$timestamp}}
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: agreementID
          in: path
          schema:
            type: string
          required: true
        - name: languageID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgreementLanguage'
    delete:
      tags:
        - Agreement Languages Resources
      summary: DELETE Language
      operationId: deleteAgreementLanguage
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: agreementID
          in: path
          schema:
            type: string
          required: true
        - name: languageID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/agreements/{agreementID}/languages/{languageID}/revisions:
    post:
      tags:
        - Agreement Revisions Resources
      summary: CREATE Revision
      operationId: createAgreementLanguageRevision
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AgreementLanguageRevision'
              example:
                effectiveAt: '2099-08-01T22:45:44.497Z'
                requireReconsent: false
                text: So, you agree to all my terms, right?
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: agreementID
          in: path
          schema:
            type: string
          required: true
        - name: languageID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgreementLanguageRevision'
    get:
      tags:
        - Agreement Revisions Resources
      summary: READ All Revisions
      operationId: readAllAgreementLanguageRevisions
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: agreementID
          in: path
          schema:
            type: string
          required: true
        - name: languageID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/agreements/{agreementID}/languages/{languageID}/revisions/{revisionID}:
    get:
      tags:
        - Agreement Revisions Resources
      summary: READ One Revision
      operationId: readOneAgreementLanguageRevision
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: agreementID
          in: path
          schema:
            type: string
          required: true
        - name: languageID
          in: path
          schema:
            type: string
          required: true
        - name: revisionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AgreementLanguageRevision'
    delete:
      tags:
        - Agreement Revisions Resources
      summary: DELETE Revision
      operationId: deleteAgreementLanguageRevision
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: agreementID
          in: path
          schema:
            type: string
          required: true
        - name: languageID
          in: path
          schema:
            type: string
          required: true
        - name: revisionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/alertChannels:
    get:
      tags:
        - Alerting
      summary: READ All Alert Channels
      operationId: readAllAlertChannels
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Alerting
      summary: CREATE Alert Channel
      operationId: createAlertChannel
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AlertChannel'
              example:
                channelType: EMAIL
                includeSeverities:
                  - ERROR
                includeAlertTypes:
                  - CERTIFICATE_EXPIRED
                excludeAlertTypes: []
                addresses:
                  - tom@example.com
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AlertChannel'
  /environments/{environmentID}/alertChannels/{alertChannelID}:
    put:
      tags:
        - Alerting
      summary: UPDATE Alert Channel
      operationId: updateAlertChannel
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AlertChannel'
              example:
                channelType: EMAIL
                includeSeverities:
                  - WARNING
                includeAlertTypes:
                  - CERTIFICATE_EXPIRED
                excludeAlertTypes: []
                addresses:
                  - tom@example.com
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: alertChannelID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AlertChannel'
    delete:
      tags:
        - Alerting
      summary: DELETE Alert Channel
      operationId: deleteAlertChannel
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: alertChannelID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/applications:
    get:
      tags:
        - Applications
      summary: READ All Applications
      operationId: readAllApplications
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Applications
      summary: CREATE Application
      operationId: createApplication
      requestBody:
        content:
          application/json:
            schema:
              oneOf:
                - $ref: '#/components/schemas/ApplicationSAML'
                - $ref: '#/components/schemas/ApplicationOIDC'
                - $ref: '#/components/schemas/ApplicationWSFED'
                - $ref: '#/components/schemas/ApplicationExternalLink'
              example:
                name: app_{{$timestamp}}
                description: this is my application
                enabled: true
                '#loginPageUrl': https://example.com
                type: WEB_APP
                protocol: SAML
                '#icon':
                  id: 04ad537e-c9cd-45c3-abfb-f41946cfe374
                  href: >-
                    https://upload.wikimedia.org/wikipedia/commons/a/a8/Baby_Jake.jpg
                assertionDuration: 60
                acsUrls:
                  - https://example.com
                sloResponseEndpoint: https://example.com
                spEntityId: test
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                oneOf:
                  - $ref: '#/components/schemas/ApplicationSAML'
                  - $ref: '#/components/schemas/ApplicationOIDC'
                  - $ref: '#/components/schemas/ApplicationWSFED'
                  - $ref: '#/components/schemas/ApplicationExternalLink'
  /environments/{environmentID}/applications/{applicationID}:
    get:
      tags:
        - Applications
      summary: READ One Application
      operationId: readOneApplication
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                oneOf:
                  - $ref: '#/components/schemas/ApplicationSAML'
                  - $ref: '#/components/schemas/ApplicationOIDC'
                  - $ref: '#/components/schemas/ApplicationWSFED'
                  - $ref: '#/components/schemas/ApplicationExternalLink'
                  - $ref: '#/components/schemas/ApplicationPingOnePortal'
                  - $ref: '#/components/schemas/ApplicationPingOneSelfService'
                  - $ref: '#/components/schemas/ApplicationPingOneAdminConsole'
    put:
      tags:
        - Applications
      summary: UPDATE Application
      operationId: updateApplication
      requestBody:
        content:
          application/json:
            schema:
              oneOf:
                - $ref: '#/components/schemas/ApplicationSAML'
                - $ref: '#/components/schemas/ApplicationOIDC'
                - $ref: '#/components/schemas/ApplicationWSFED'
                - $ref: '#/components/schemas/ApplicationExternalLink'
                - $ref: '#/components/schemas/ApplicationPingOnePortal'
                - $ref: '#/components/schemas/ApplicationPingOneSelfService'
              example:
                name: UPDATED_{{$timestamp}}
                description: this is my UPDATED client
                enabled: false
                type: WEB_APP
                protocol: SAML
                assertionDuration: 60
                acsUrls:
                  - https://example.com
                sloResponseEndpoint: https://example.com
                spEntityId: test
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                oneOf:
                  - $ref: '#/components/schemas/ApplicationSAML'
                  - $ref: '#/components/schemas/ApplicationOIDC'
                  - $ref: '#/components/schemas/ApplicationWSFED'
                  - $ref: '#/components/schemas/ApplicationExternalLink'
                  - $ref: '#/components/schemas/ApplicationPingOnePortal'
                  - $ref: '#/components/schemas/ApplicationPingOneSelfService'
                  - $ref: '#/components/schemas/ApplicationPingOneAdminConsole'
    delete:
      tags:
        - Applications
      summary: DELETE Application
      operationId: deleteApplication
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/applications/{applicationID}/secret:
    get:
      tags:
        - Application Secret
      summary: READ Application Secret
      operationId: readApplicationSecret
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApplicationSecret'
    post:
      tags:
        - Application Secret
      summary: UPDATE Application Secret
      operationId: updateApplicationSecret
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ApplicationSecret'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApplicationSecret'
    delete:
      tags:
        - Application Secret
      summary: DELETE Previous Application Secret
      operationId: deletePreviousApplicationSecret
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/applications/{applicationID}/grants:
    post:
      tags:
        - Application Resource Grants
      summary: CREATE Grant
      operationId: createApplicationGrant
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ApplicationResourceGrant'
              example:
                resource:
                  id: '{{resourceID}}'
                scopes:
                  - id: '{{scopeID}}'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApplicationResourceGrant'
    get:
      tags:
        - Application Resource Grants
      summary: READ All Grants for an Application
      operationId: readAllApplicationGrants
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/applications/{applicationID}/grants/{grantID}:
    get:
      tags:
        - Application Resource Grants
      summary: READ One Grant for an Application
      operationId: readOneApplicationGrant
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
        - name: grantID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApplicationResourceGrant'
    put:
      tags:
        - Application Resource Grants
      summary: UPDATE Grant
      operationId: updateApplicationGrant
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ApplicationResourceGrant'
              example:
                resource:
                  id: '{{resourceID}}'
                scopes:
                  - id: '{{OIDCscopeID}}'
                  - id: '{{anotherOIDCscopeID}}'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
        - name: grantID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApplicationResourceGrant'
    delete:
      tags:
        - Application Resource Grants
      summary: DELETE Grant
      operationId: deleteApplicationGrant
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
        - name: grantID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/applications/{applicationID}/signOnPolicyAssignments:
    get:
      tags:
        - >-
          Application Sign-On Policy
          Assignments
      summary: READ All SOP Assignments
      operationId: readAllSignOnPolicyAssignments
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - >-
          Application Sign-On Policy
          Assignments
      summary: CREATE SOP Assignment
      operationId: createSignOnPolicyAssignment
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SignOnPolicyAssignment'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignOnPolicyAssignment'
  /environments/{environmentID}/applications/{applicationID}/signOnPolicyAssignments/{SOPAssignmentID}:
    get:
      tags:
        - >-
          Application Sign-On Policy
          Assignments
      summary: READ One SOP Assignment
      operationId: readOneSignOnPolicyAssignment
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
        - name: SOPAssignmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignOnPolicyAssignment'
    put:
      tags:
        - >-
          Application Sign-On Policy
          Assignments
      summary: UPDATE SOP Assignment
      operationId: updateSignOnPolicyAssignment
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SignOnPolicyAssignment'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
        - name: SOPAssignmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignOnPolicyAssignment'
    delete:
      tags:
        - >-
          Application Sign-On Policy
          Assignments
      summary: DELETE SOP Assignment
      operationId: deleteSignOnPolicyAssignment
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
        - name: SOPAssignmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/applications/{applicationID}/flowPolicyAssignments:
    get:
      tags:
        - >-
          Application Flow Policy
          Assignments
      summary: READ All Flow Policy Assignments
      operationId: readAllFlowPolicyAssignments
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - >-
          Application Flow Policy
          Assignments
      summary: CREATE Flow Assignment
      operationId: createFlowPolicyAssignment
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/FlowPolicyAssignment'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/FlowPolicyAssignment'
  /environments/{environmentID}/applications/{applicationID}/flowPolicyAssignments/{flowPolicyAssignmentID}:
    get:
      tags:
        - >-
          Application Flow Policy
          Assignments
      summary: READ One Flow Policy Assignment
      operationId: readOneFlowPolicyAssignment
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
        - name: flowPolicyAssignmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/FlowPolicyAssignment'
    put:
      tags:
        - >-
          Application Flow Policy
          Assignments
      summary: UPDATE Flow Policy Assignment
      operationId: updateFlowPolicyAssignment
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/FlowPolicyAssignment'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
        - name: flowPolicyAssignmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/FlowPolicyAssignment'
    delete:
      tags:
        - >-
          Application Flow Policy
          Assignments
      summary: DELETE Flow Policy Assignment
      operationId: deleteFlowPolicyAssignment
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
        - name: flowPolicyAssignmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/applications/{applicationID}/roleAssignments:
    get:
      tags:
        - Application Role Assignments
      summary: READ Application Role Assignments
      operationId: readApplicationRoleAssignments
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Application Role Assignments
      summary: CREATE Application Role Assignments
      operationId: createApplicationRoleAssignment
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RoleAssignment'
              example:
                role:
                  id: '{{roleID}}'
                scope:
                  id: '{{environmentID}}'
                  type: ENVIRONMENT
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RoleAssignment'
  /environments/{environmentID}/applications/{applicationID}/roleAssignments/{roleAssignmentID}:
    get:
      tags:
        - Application Role Assignments
      summary: READ One Application Role Assignment
      operationId: readOneApplicationRoleAssignment
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
        - name: roleAssignmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RoleAssignment'
    delete:
      tags:
        - Application Role Assignments
      summary: DELETE Application Role Assignment
      operationId: deleteApplicationRoleAssignment
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
        - name: roleAssignmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/applications/{applicationID}/attributes:
    get:
      tags:
        - Application Attribute Mapping
      summary: READ All Application Attribute Mappings
      operationId: readAllApplicationAttributeMappings
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Application Attribute Mapping
      summary: CREATE Application Attribute Mapping
      operationId: createApplicationAttributeMapping
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ApplicationAttributeMapping'
              example:
                name: email
                value: ${user.email}
                required: false
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApplicationAttributeMapping'
  /environments/{environmentID}/applications/{applicationID}/attributes/{attrMappingID}:
    get:
      tags:
        - Application Attribute Mapping
      summary: READ One Application Attribute Mapping
      operationId: readOneApplicationAttributeMapping
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
        - name: attrMappingID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApplicationAttributeMapping'
    put:
      tags:
        - Application Attribute Mapping
      summary: UPDATE Application Attribute Mapping
      operationId: updateApplicationAttributeMapping
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ApplicationAttributeMapping'
              example:
                name: email
                value: ${user.email}
                required: true
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
        - name: attrMappingID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ApplicationAttributeMapping'
    delete:
      tags:
        - Application Attribute Mapping
      summary: DELETE Application Attribute Mapping
      operationId: deleteApplicationAttributeMapping
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: applicationID
          in: path
          schema:
            type: string
          required: true
        - name: attrMappingID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/activities:
    get:
      tags:
        - Audit Activities
      summary: GET User Activities
      parameters:
        - name: limit
          in: query
          schema:
            type: integer
          description: Adding a paging value to limit the number of resources displayed per page
        - name: filter
          in: query
          schema:
            type: string
          example: >-
            recordedat gt "2018-08-20T00:00:00Z" AND recordedat lt
            "2018-08-22T23:59:00Z"
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    post:
      tags:
        - Audit Activities
      summary: GET User Activities
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                filter: >-
                  recordedat gt "2019-01-01T22:54:12.988Z" AND recordedat lt
                  "2019-01-31T22:54:12.988Z" AND actors.user.name eq "Bill"
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/activities/{activityID}:
    get:
      tags:
        - Audit Activities
      summary: GET One User Activity
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: activityID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/applicationSignons:
    get:
      tags:
        - Authentications per Application
      summary: READ Authentications Per Application (Partial)
      parameters:
        - name: limit
          in: query
          schema:
            type: integer
          description: Adding a paging value to limit the number of resources displayed per page
        - name: samplePeriod
          in: query
          schema:
            type: integer
          example: '1'
        - name: samplePeriodCount
          in: query
          schema:
            type: integer
          example: '100'
        - name: filter
          in: query
          schema:
            type: string
          example: occurredAt ge "2019-10-03T00:00:00Z""
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/billOfMaterials:
    get:
      tags:
        - Bill of Materials (BOM)
      summary: READ One Bill of Materials
      operationId: readOneBillOfMaterials
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BillOfMaterials'
    put:
      tags:
        - Bill of Materials (BOM)
      summary: UPDATE Bill of Materials
      operationId: updateBillOfMaterials
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/BillOfMaterials'
              example:
                products:
                  - type: PING_DIRECTORY
                    description: PingOne Directory
                  - type: PING_ONE_MFA
                    description: PingOne MFA
                  - type: PING_ONE_PROVISIONING
                    description: PingOne Provisioning
                  - type: PING_ONE_RISK
                    description: PingOne Risk
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BillOfMaterials'
  /environments/{environmentID}/brandingSettings:
    get:
      tags:
        - Branding Settings
      summary: READ Branding Settings
      operationId: readBrandingSettings
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BrandingSettings'
    put:
      tags:
        - Branding Settings
      summary: UPDATE Branding Settings
      operationId: updateBrandingSettings
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/BrandingSettings'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BrandingSettings'
  /environments/{environmentID}/capabilities:
    get:
      tags:
        - Capabilities
      summary: READ Environment Capabilities
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/flowPolicies:
    get:
      tags:
        - Flow Policies
      summary: READ All Flow Policies
      operationId: readAllFlowPolicies
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: filter
          in: query
          schema:
            type: string
          example: trigger.type eq "AUTHENTICATION"
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/flowPolicies/{flowPolicyID}:
    get:
      tags:
        - Flow Policies
      summary: READ ONE Flow Policy
      operationId: readOneFlowPolicy
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: flowPolicyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/FlowPolicy'
  /environments/{environmentID}/forms:
    get:
      tags:
        - Form Management
      summary: READ All Forms
      operationId: readAllForms
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Form Management
      summary: CREATE Form
      operationId: createForm
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Form'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Form'
  /environments/{environmentID}/forms/{formID}:
    get:
      tags:
        - Form Management
      summary: READ One Form
      operationId: readForm
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: formID
          in: path
          schema:
            type: string
          required: true
        - name: include
          in: query
          schema:
            $ref: '#/components/schemas/EnumFormsIncludeParameter'
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Form'
    put:
      tags:
        - Form Management
      summary: UPDATE Form
      operationId: updateForm
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Form'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: formID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Form'
    delete:
      tags:
        - Form Management
      summary: DELETE Form
      operationId: deleteForm
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: formID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/keys:
    get:
      tags:
        - Certificate Management
      summary: GET Keys
      operationId: getKeys
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Certificate Management
      summary: CREATE Key
      operationId: createKey
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Certificate'
          multipart/form-data:
            schema:
              $ref: '#/components/schemas/PKIKeyFileUpload'
      parameters:
        - name: Content-Type
          in: header
          schema:
            type: string
          example: application/x-pkcs12-certificates
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Certificate'
  /environments/{environmentID}/keys/{keyID}:
    get:
      tags:
        - Certificate Management
      summary: GET Key
      operationId: getKey
      parameters:
        - name: Accept
          in: header
          schema:
            $ref: '#/components/schemas/EnumGetKeyAcceptHeader'
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: keyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Certificate'
            application/x-x509-ca-cert:
              schema:
                type: string
                format: byte
            application/x-pkcs7-certificates:
              schema:
                type: string
                format: binary
    put:
      tags:
        - Certificate Management
      summary: UPDATE Key
      operationId: updateKey
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CertificateKeyUpdate'
              example:
                default: true
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: keyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Certificate'
    delete:
      tags:
        - Certificate Management
      summary: DELETE Key
      operationId: deleteKey
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: keyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/keys/{keyID}/applications:
    get:
      tags:
        - Certificate Management
      summary: GET Key Applications
      operationId: getKeyApplications
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: keyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/keys/{keyID}/csr:
    get:
      tags:
        - Certificate Management
      summary: Export a certificate signing request (CSR)
      operationId: exportCSR
      parameters:
        - name: Accept
          in: header
          schema:
            $ref: '#/components/schemas/EnumCSRExportHeader'
          example: application/pkcs10
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: keyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/pkcs10:
              schema:
                type: string
                format: byte
            application/x-pem-file:
              schema:
                type: string
                format: byte
    post:
      tags:
        - Certificate Management
      summary: Import Certificate Authority (CA) Response to a CSR
      operationId: importCSRResponse
      requestBody:
        content:
          multipart/form-data:
            schema:
              $ref: '#/components/schemas/PKICAResponseFileUpload'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: keyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Certificate'
  /environments/{environmentID}/keyRotationPolicies:
    get:
      tags:
        - Key Rotation Policies
      summary: GET Key Rotation Policies
      operationId: getKeyRotationPolicies
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Key Rotation Policies
      summary: CREATE Key Rotation Policy
      operationId: createKeyRotationPolicy
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/KeyRotationPolicy'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyRotationPolicy'
  /environments/{environmentID}/keyRotationPolicies/{keyRotationPolicyID}:
    get:
      tags:
        - Key Rotation Policies
      summary: GET Key Rotation Policy
      operationId: getKeyRotationPolicy
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: keyRotationPolicyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyRotationPolicy'
    put:
      tags:
        - Key Rotation Policies
      summary: UPDATE Key Rotation Policy
      operationId: updateKeyRotationPolicy
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/KeyRotationPolicy'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: keyRotationPolicyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/KeyRotationPolicy'
    delete:
      tags:
        - Key Rotation Policies
      summary: DELETE Key Rotation Policy
      operationId: deleteKeyRotationPolicy
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: keyRotationPolicyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/certificates:
    get:
      tags:
        - Certificate Management
      summary: GET Certificates
      operationId: getCertificates
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Certificate Management
      summary: CREATE Certificate with PKCS7 or PEM File
      operationId: createCertificateFromFile
      requestBody:
        content:
          multipart/form-data:
            schema:
              $ref: '#/components/schemas/PKIFileUpload'
      parameters:
        - name: Content-Type
          in: header
          schema:
            $ref: '#/components/schemas/EnumCreateCertificateAcceptHeader'
          example: application/x-pkcs7-certificates
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '202':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Certificate'
  /environments/{environmentID}/certificates/{certID}:
    get:
      tags:
        - Certificate Management
      summary: GET Certificate
      operationId: getCertificate
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: certID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Certificate'
    delete:
      tags:
        - Certificate Management
      summary: DELETE Certificate
      operationId: deleteCertificate
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: certID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/certificates/{certID}/applications:
    get:
      tags:
        - Certificate Management
      summary: GET Certificate Applications
      operationId: getCertificateApplications
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: certID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/encryptions:
    post:
      tags:
        - Certificate Management
      summary: ENCRYPT Data
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                key:
                  id: '{keyId}'
                certificate:
                  id: '{certificateId}'
                plainText: SGVsbG8sIFdvcmxkIQ==
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/decryptions:
    post:
      tags:
        - Certificate Management
      summary: DECRYPT Data
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                key:
                  id: 40e6c099-20dd-4763-be84-a5d9fd30f3ba
                cipherText: >-
                  0kEOngncmwvmGal0pT1y71bNsfWfvllmoDQlPfUq4UxiFE/u2w0RoS0yqPieNY1samW971zFuZ+XGtqIp69id6KSd9WXaaZliE18GAk8XvnilKF4A6TW1lmkpGuezI6G6AxPaaFVMKZyPx6R8Ai90aRBkcZ+2TtOrzZjGWh0Z132R/3syiFpEzBIqmo/ksnHKcojfj0Eq8cMwaSeymLaxT/wykeCwDC4x2QrRQLVmM4yCDNM2eC/3ArkB24pjMXHKfcr5jzR9ZtHdlh7Bs8D4JpdNMyD+uI6mrJyFll+E3TLGUhRymjMc4ZiUpPPntoXVzYq4xupZdNTbbcClA6hyg==
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/signings:
    post:
      tags:
        - Certificate Management
      summary: SIGN Data
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                algorithm: SHA256withRSA
                plainText: string
                key:
                  id: '{keyId}'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/verifications:
    post:
      tags:
        - Certificate Management
      summary: VERIFY Signed Data
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                key:
                  id: '{keyId}'
                certificate:
                  id: '{certificateId}'
                plainText: SGVsbG8sIFdvcmxkIQ==
                signature: '{signature}'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/customDomains:
    get:
      tags:
        - Custom Domains
      summary: READ All Domains
      operationId: readAllDomains
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Custom Domains
      summary: CREATE Domain
      operationId: createDomain
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CustomDomain'
              example:
                domainName: custom-domain.example.com
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CustomDomain'
  /environments/{environmentID}/customDomains/{customDomainID}:
    get:
      tags:
        - Custom Domains
      summary: READ One Domain
      operationId: readOneDomain
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: customDomainID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CustomDomain'
    post:
      tags:
        - Custom Domains
      summary: Update Domain
      operationId: updateDomain
      requestBody:
        required: false
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CustomDomainCertificateRequest'
      parameters:
        - name: Content-Type
          in: header
          schema:
            $ref: '#/components/schemas/EnumCustomDomainPostHeader'
            example: application/vnd.pingidentity.certificate.import+json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: customDomainID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CustomDomain'
    delete:
      tags:
        - Custom Domains
      summary: DELETE Domain
      operationId: deleteDomain
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: customDomainID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/emailDomains:
    get:
      tags:
        - Trusted Email Domains
      summary: READ All Trusted Email Domains
      operationId: readAllTrustedEmailDomains
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Trusted Email Domains
      summary: CREATE Trusted Email Domain
      operationId: createTrustedEmailDomain
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EmailDomain'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmailDomain'
  /environments/{environmentID}/emailDomains/{emailDomainID}:
    get:
      tags:
        - Trusted Email Domains
      summary: READ One Trusted Email Domain
      operationId: readOneTrustedEmailDomain
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: emailDomainID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmailDomain'
    delete:
      tags:
        - Trusted Email Domains
      summary: DELETE Trusted Email Domain
      operationId: deleteTrustedEmailDomain
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: emailDomainID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/emailDomains/{emailDomainID}/ownership:
    get:
      tags:
        - Trusted Email Domains
      summary: READ Trusted Email Domain Ownership Status
      operationId: readTrustedEmailDomainOwnershipStatus
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: emailDomainID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmailDomainOwnershipStatus'
  /environments/{environmentID}/emailDomains/{emailDomainID}/dkim:
    get:
      tags:
        - Trusted Email Domains
      summary: READ Trusted Email Domain DKIM Status
      operationId: readTrustedEmailDomainDKIMStatus
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: emailDomainID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmailDomainDKIMStatus'
  /environments/{environmentID}/emailDomains/{emailDomainID}/spf:
    get:
      tags:
        - Trusted Email Domains
      summary: READ Trusted Email Domain SPF Status
      operationId: readTrustedEmailDomainSPFStatus
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: emailDomainID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmailDomainSPFStatus'
  /environments/{environmentID}/emailDomains/{emailDomainID}/trustedEmails/{trustedEmailId}:
    get:
      tags:
        - Trusted Email Addresses
      summary: READ One Trusted Email Address
      operationId: readOneTrustedEmailAddress
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: emailDomainID
          in: path
          schema:
            type: string
          required: true
        - name: trustedEmailId
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmailDomainTrustedEmail'
    post:
      tags:
        - Trusted Email Addresses
      summary: Resend Verification Code To Email
      operationId: resendVerificationCodeToEmail
      parameters:
        - name: Content-Type
          in: header
          schema:
            type: string
          example: application/vnd.pingidentity.trustedEmail.sendVerificationCode+json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: emailDomainID
          in: path
          schema:
            type: string
          required: true
        - name: trustedEmailId
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmailDomainTrustedEmail'
    delete:
      tags:
        - Trusted Email Addresses
      summary: DELETE Trusted Email Address
      operationId: deleteTrustedEmailAddress
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: emailDomainID
          in: path
          schema:
            type: string
          required: true
        - name: trustedEmailId
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/emailDomains/{emailDomainID}/trustedEmails:
    get:
      tags:
        - Trusted Email Addresses
      summary: READ All Trusted Email Addresses
      operationId: readAllTrustedEmailAddresses
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: emailDomainID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Trusted Email Addresses
      summary: CREATE Trusted Email Address
      operationId: createTrustedEmailAddress
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EmailDomainTrustedEmail'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: emailDomainID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EmailDomainTrustedEmail'
  /environments/{environmentID}/type:
    put:
      tags:
        - Environments
      summary: UPDATE Environment Type
      operationId: updateEnvironmentType
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                type:
                  $ref: '#/components/schemas/EnumEnvironmentType'
              example:
                type: PRODUCTION
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Environment'
  /environments/{environmentID}/gateways:
    get:
      tags:
        - Gateways
      summary: READ All Gateways
      operationId: readAllGateways
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Gateways
      summary: CREATE Gateway
      operationId: createGateway
      requestBody:
        content:
          application/json:
            schema:
              oneOf:
                - $ref: '#/components/schemas/Gateway'
                - $ref: '#/components/schemas/GatewayTypeLDAP'
                - $ref: '#/components/schemas/GatewayTypeRADIUS'
              example:
                name: PING_FED-Gateway
                description: My PingFederate Gateway
                type: PING_FEDERATE
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                oneOf:
                  - $ref: '#/components/schemas/Gateway'
                  - $ref: '#/components/schemas/GatewayTypeLDAP'
                  - $ref: '#/components/schemas/GatewayTypeRADIUS'
  /environments/{environmentID}/gateways/{gatewayID}:
    get:
      tags:
        - Gateways
      summary: READ One Gateway
      operationId: readOneGateway
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                oneOf:
                  - $ref: '#/components/schemas/Gateway'
                  - $ref: '#/components/schemas/GatewayTypeLDAP'
                  - $ref: '#/components/schemas/GatewayTypeRADIUS'
    put:
      tags:
        - Gateways
      summary: UPDATE Gateway
      operationId: updateGateway
      requestBody:
        content:
          application/json:
            schema:
              oneOf:
                - $ref: '#/components/schemas/Gateway'
                - $ref: '#/components/schemas/GatewayTypeLDAP'
                - $ref: '#/components/schemas/GatewayTypeRADIUS'
              example:
                name: PING_FED-Gateway
                description: My PingFederate Gateway
                type: PING_FEDERATE
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                oneOf:
                  - $ref: '#/components/schemas/Gateway'
                  - $ref: '#/components/schemas/GatewayTypeLDAP'
                  - $ref: '#/components/schemas/GatewayTypeRADIUS'
    delete:
      tags:
        - Gateways
      summary: DELETE Gateway
      operationId: deleteGateway
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/gateways/{gatewayID}/credentials:
    get:
      tags:
        - Gateway Credentials
      summary: READ All Gateway Credentials
      operationId: readAllGatewayCredentials
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Gateway Credentials
      summary: CREATE Gateway Credentials
      operationId: createGatewayCredential
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GatewayCredential'
  /environments/{environmentID}/gateways/{gatewayID}/credentials/{credentialID}:
    get:
      tags:
        - Gateway Credentials
      summary: READ One Gateway Credential
      operationId: readOneGatewayCredential
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayID
          in: path
          schema:
            type: string
          required: true
        - name: credentialID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GatewayCredential'
    delete:
      tags:
        - Gateway Credentials
      summary: DELETE Gateway Credentials
      operationId: deleteGatewayCredential
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayID
          in: path
          schema:
            type: string
          required: true
        - name: credentialID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/gateways/{gatewayID}/instances:
    get:
      tags:
        - Gateway Instances
      summary: READ All Gateway Instances
      operationId: readAllGatewayInstances
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/gateways/{gatewayID}/instances/{instanceID}:
    get:
      tags:
        - Gateway Instances
      summary: READ One Gateway Instance
      operationId: readOneGatewayInstance
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayID
          in: path
          schema:
            type: string
          required: true
        - name: instanceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GatewayInstance'
  /environments/{environmentID}/gateways/{gatewayID}/roleAssignments:
    get:
      tags:
        - Gateway Role Assignments
      summary: READ Gateway Role Assignments
      operationId: readGatewayRoleAssignments
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Gateway Role Assignments
      summary: CREATE Gateway Role Assignments
      operationId: createGatewayRoleAssignment
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RoleAssignment'
              example:
                role:
                  id: '{{envRoleID}}'
                scope:
                  id: '{{environmentID}}'
                  type: ENVIRONMENT
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RoleAssignment'
  /environments/{environmentID}/gateways/{gatewayID}/roleAssignments/{gatewayRoleAssignmentID}:
    get:
      tags:
        - Gateway Role Assignments
      summary: READ One Gateway Role Assignment
      operationId: readOneGatewayRoleAssignment
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayRoleAssignmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RoleAssignment'
    put:
      tags:
        - Gateway Role Assignments
      summary: UPDATE Gateway Role Assignments
      operationId: updateGatewayRoleAssignment
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                role:
                  id: '{{envRoleID}}'
                scope:
                  id: '{{environmentID}}'
                  type: ENVIRONMENT
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayRoleAssignmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RoleAssignment'
    delete:
      tags:
        - Gateway Role Assignments
      summary: DELETE Gateway Role Assignment
      operationId: deleteGatewayRoleAssignment
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayID
          in: path
          schema:
            type: string
          required: true
        - name: gatewayRoleAssignmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/groups:
    get:
      tags:
        - Groups
      summary: READ All Groups
      operationId: readAllGroups
      parameters:
        - name: filter
          in: query
          schema:
            type: string
          example: name eq "Training"
        - name: limit
          in: query
          schema:
            type: integer
            minimum: 1
            maximum: 1000
          description: Adding a paging value to limit the number of resources displayed per page
        - name: cursor
          in: query
          schema:
            type: string
          description: Adding a cursor value to retrieve the next page of results, used with the `limit` parameter. The cursor value is returned in the `_links.next.href` link in the response payload.
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Groups
      summary: CREATE Group
      operationId: createGroup
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Group'
              example:
                name: Managers
                description: This is a test group
                customData:
                  groupOwner: Tom Jones
                  securityGroup: true
                userFilter: title eq "Manager"
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Group'
  /environments/{environmentID}/groups/{groupID}:
    get:
      tags:
        - Groups
      summary: READ One Group
      operationId: readOneGroup
      parameters:
        - name: include
          in: query
          schema:
            type: string
          example: totalMemberCounts
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: groupID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Group'
    put:
      tags:
        - Groups
      summary: UPDATE Group
      operationId: updateGroup
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Group'
              example:
                name: MyGroupName1
                description: This is a group for testing.
                externalId: cn=Some Group,ou=groups,dc=some,dc=active-directory,dc=domain
                customData:
                  groupOnwer: Bill Sample
                  securityGroup: true
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: groupID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Group'
    delete:
      tags:
        - Groups
      summary: DELETE Group
      operationId: deleteGroup
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: groupID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/groups/{groupID}/memberOfGroups:
    get:
      tags:
        - Groups
      summary: READ Group Nesting
      operationId: readGroupNesting
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: groupID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Groups
      summary: CREATE Group Nesting
      operationId: createGroupNesting
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/GroupNesting'
              example:
                id: e1d6564e-bc8e-443c-ba01-70af86cf06e4
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: groupID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GroupNesting'
  /environments/{environmentID}/groups/{groupID}/memberOfGroups/{nestedGroupID}:
    get:
      tags:
        - Groups
      summary: READ One Group Nesting
      operationId: readOneGroupNesting
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: groupID
          in: path
          schema:
            type: string
          required: true
        - name: nestedGroupID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GroupNesting'
    delete:
      tags:
        - Groups
      summary: DELETE Group Nesting
      operationId: deleteGroupNesting
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: groupID
          in: path
          schema:
            type: string
          required: true
        - name: nestedGroupID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/groups/{groupID}/roleAssignments:
    get:
      tags:
        - Group Role Assignments
      summary: READ Role Assignments
      operationId: readGroupRoleAssignments
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: groupID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Group Role Assignments
      summary: CREATE Group Role Assignment
      operationId: createGroupRoleAssignment
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RoleAssignment'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: groupID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RoleAssignment'
  /environments/{environmentID}/groups/{groupID}/roleAssignments/{roleAssignmentID}:
    get:
      tags:
        - Group Role Assignments
      summary: READ One Group Assignment
      operationId: readOneGroupRoleAssignment
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: groupID
          in: path
          schema:
            type: string
          required: true
        - name: roleAssignmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RoleAssignment'
    delete:
      tags:
        - Group Role Assignments
      summary: DELETE Group's Role Assignment
      operationId: deleteGroupRoleAssignment
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: groupID
          in: path
          schema:
            type: string
          required: true
        - name: roleAssignmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/propagation/revisions:
    post:
      tags:
        - >-
          Propagation
          Revisions
      summary: CREATE Revision
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/propagation/revisions/id:latest:
    get:
      tags:
        - >-
          Propagation
          Revisions
      summary: READ Latest Revision
      parameters:
        - name: Accept
          in: header
          schema:
            type: string
          example: application/json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/propagation/revisions/{previousRevisionID}:
    get:
      tags:
        - >-
          Propagation
          Revisions
      summary: READ Previous Revision
      parameters:
        - name: Accept
          in: header
          schema:
            type: string
          example: application/json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: previousRevisionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/propagation/plans:
    get:
      tags:
        - Identity Propagation Plans
      summary: READ All Plans
      operationId: readAllPlans
      parameters:
        - name: Accept
          in: header
          schema:
            type: string
          example: application/json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Identity Propagation Plans
      summary: CREATE Plan
      operationId: createPlan
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/IdentityPropagationPlan'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IdentityPropagationPlan'
  /environments/{environmentID}/propagation/plans/{planID}:
    get:
      tags:
        - Identity Propagation Plans
      summary: READ One Plan
      operationId: readOnePlan
      parameters:
        - name: Accept
          in: header
          schema:
            type: string
          example: application/json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: planID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IdentityPropagationPlan'
    put:
      tags:
        - Identity Propagation Plans
      summary: UPDATE Plan
      operationId: updatePlan
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/IdentityPropagationPlan'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: planID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IdentityPropagationPlan'
    delete:
      tags:
        - Identity Propagation Plans
      summary: DELETE Plan
      operationId: deletePlan
      parameters:
        - name: Accept
          in: header
          schema:
            type: string
          example: application/json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: planID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/propagation/stores:
    get:
      tags:
        - Propagation Stores
      summary: READ All Stores
      operationId: readAllStores
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Propagation Stores
      summary: CREATE Propagation Store
      operationId: createPropagationStore
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PropagationStore'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PropagationStore'
  /environments/{environmentID}/propagation/stores/{storeID}:
    get:
      tags:
        - Propagation Stores
      summary: READ One Store
      operationId: readOnePropagationStore
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: storeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PropagationStore'
    put:
      tags:
        - Propagation Stores
      summary: UPDATE Store
      operationId: updatePropagationStore
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PropagationStore'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: storeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PropagationStore'
    delete:
      tags:
        - Propagation Stores
      summary: DELETE Store
      operationId: deletePropagationStore
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: storeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/propagation/stores/connection/status:
    post:
      tags:
        - Propagation Stores
      summary: TEST Connection Configuration
      operationId: testConnectionConfiguration
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PropagationStore'
      parameters:
        - name: Content-Type
          in: header
          schema:
            $ref: '#/components/schemas/EnumPropagationStoreConnectionStatusContentType'
          example: application/vnd.pingidentity.connection.check+json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
  /environments/{environmentID}/propagation/storeMetadata/scim:
    post:
      tags:
        - >-
          Propagation
          Store Metadata
      summary: Identity Propagation Store Metadata (SCIM)
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                type: scim
                configuration:
                  AUTHENTICATION_METHOD: Basic Authentication
                  USER_FILTER: username Eq "%s"
                  UNIQUE_USER_IDENTIFIER: userName
                  REMOVE_ACTION: Disable
                  USERS_RESOURCE: /user
                  SCIM_VERSION: '1.1'
                  SCIM_URL: SCIM URL
                  AUTHORIZATION_TYPE: Basic
                  BASIC_AUTH_USER: username
                  BASIC_AUTH_PASSWORD: password
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/propagation/storeMetadata/Salesforce:
    post:
      tags:
        - >-
          Propagation
          Store Metadata
      summary: Identity Propagation Store Metadata (Salesforce)
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                type: Saleforce
                configuration:
                  SALESFORCE_DOMAIN: mySalesforceDomain.salesforce.com
                  CLIENT_ID: salesforceClientID
                  CLIENT_SECRET: salesforceClientSecret
                  OAUTH_ACCESS_TOKEN: token
                  OAUTH_REFRESH_TOKEN: token
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/propagation/storeMetadata/SalesforceContacts:
    post:
      tags:
        - >-
          Propagation
          Store Metadata
      summary: Identity Propagation Store Metadata (SalesforceContacts)
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                type: SaleforceContacts
                configuration:
                  SALESFORCE_DOMAIN: my.salesforce.com
                  CLIENT_ID: yourClientID
                  CLIENT_SECRET: yourClientSecret
                  OAUTH_ACCESS_TOKEN: yourAccessToken
                  OAUTH_REFRESH_TOKEN: yourRefreshToken
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/propagation/storeMetadata/Aquera:
    post:
      tags:
        - >-
          Propagation
          Store Metadata
      summary: Identity Propagation Store Metadata (Aquera)
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                type: Aquera
                configuration:
                  AUTHENTICATION_METHOD: Basic Authentication
                  USER_FILTER: username Eq "%s"
                  UNIQUE_USER_IDENTIFIER: userName
                  REMOVE_ACTION: Disable
                  USERS_RESOURCE: /user
                  SCIM_VERSION: '1.1'
                  SCIM_URL: SCIM URL
                  AUTHORIZATION_TYPE: Basic
                  BASIC_AUTH_USER: username
                  BASIC_AUTH_PASSWORD: password
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/propagation/rules:
    get:
      tags:
        - >-
          Propagation
          Rules
      summary: READ All Rules
      parameters:
        - name: Accept
          in: header
          schema:
            type: string
          example: application/json
        - name: Authorization
          in: header
          schema:
            type: string
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    post:
      tags:
        - >-
          Propagation
          Rules
      summary: CREATE Rule
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                plan:
                  id: 9d108dd7-a97e-41ae-98dc-dbe391f68cf0
                environment:
                  id: 38b56b78-eb38-4f7a-afcc-0a1c0f5acd32
                sourceStore:
                  id: 4722a0c4-6e67-4ef5-a8f8-9b275f00bc09
                targetStore:
                  id: a09e3c58-022f-4390-8d9f-d28e9c33537c
                populations:
                  - id: 1425fb3b-476e-4cbe-9ef4-e06a52b74ab8
                deprovision: true
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/propagation/rules/{ruleID}:
    get:
      tags:
        - >-
          Propagation
          Rules
      summary: READ One Rule
      parameters:
        - name: Accept
          in: header
          schema:
            type: string
          example: application/json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: ruleID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    delete:
      tags:
        - >-
          Propagation
          Rules
      summary: DELETE Rule
      parameters:
        - name: Accept
          in: header
          schema:
            type: string
          example: application/json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: ruleID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/propagation/plans/{planID}/rules:
    get:
      tags:
        - >-
          Propagation
          Rules
      summary: READ One Plan's Rules
      parameters:
        - name: Accept
          in: header
          schema:
            type: string
          example: application/json
        - name: Content-Type
          in: header
          schema:
            type: string
          example: application/json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: planID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/propagation/rules/{storeID}:
    put:
      tags:
        - >-
          Propagation
          Rules
      summary: UPDATE Rule
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                plan:
                  id: 9d108dd7-a97e-41ae-98dc-dbe391f68cf0
                name: updated rule
                environment:
                  id: 38b56b78-eb38-4f7a-afcc-0a1c0f5acd32
                sourceStore:
                  id: 4722a0c4-6e67-4ef5-a8f8-9b275f00bc09
                targetStore:
                  id: a09e3c58-022f-4390-8d9f-d28e9c33537c
                populations:
                  - id: 1425fb3b-476e-4cbe-9ef4-e06a52b74ab8
                deprovision: true
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: storeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/propagation/mappings/{mappingID}:
    get:
      tags:
        - >-
          Propagation
          Mappings
      summary: READ One Mapping
      parameters:
        - name: Accept
          in: header
          schema:
            type: string
          example: application/json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: mappingID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    put:
      tags:
        - >-
          Propagation
          Mappings
      summary: UPDATE Mapping
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                rule:
                  id: 8c9cc5b2-4171-4804-abd4-115a8948e453
                sourceAttribute: username
                targetAttribute: accountId
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: mappingID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/propagation/rules/{ruleID}/mappings:
    get:
      tags:
        - >-
          Propagation
          Mappings
      summary: READ One Rule  Mapping
      parameters:
        - name: Accept
          in: header
          schema:
            type: string
          example: application/json
        - name: Content-Type
          in: header
          schema:
            type: string
          example: application/json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: ruleID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    post:
      tags:
        - >-
          Propagation
          Mappings
      summary: CREATE Rule Mapping
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                sourceAttribute: accountId
                targetAttribute: userName
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: ruleID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/propagation/mapping/{mappingID}:
    delete:
      tags:
        - >-
          Propagation
          Mappings
      summary: DELETE Mapping
      parameters:
        - name: Accept
          in: header
          schema:
            type: string
          example: application/json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: mappingID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/identityProviders:
    get:
      tags:
        - Identity Providers
      summary: READ All Identity Providers
      operationId: readAllIdentityProviders
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Identity Providers
      summary: CREATE Identity Provider
      operationId: createIdentityProvider
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/IdentityProvider'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IdentityProvider'
  /environments/{environmentID}/identityProviders/{providerID}:
    get:
      tags:
        - Identity Providers
      summary: READ One Identity Provider
      operationId: readOneIdentityProvider
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: providerID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IdentityProvider'
    put:
      tags:
        - Identity Providers
      summary: UPDATE Identity Provider
      operationId: updateIdentityProvider
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/IdentityProvider'
              example:
                '#accountLinking':
                  filter: SCIM filter for matching to a User
                '#description': Custom ID Provider
                enabled: false
                icon:
                  id: 9765e2ec-f958-4a20-a178-3ba5f54d6477
                  href: >-
                    https://upload.wikimedia.org/wikipedia/commons/thumb/9/96/Oxygen-user-identity-female.svg/128px-Oxygen-user-identity-female.svg.png
                name: UPDATED_{{$timestamp}}
                type: FACEBOOK
                applicationID: FBID
                appSecret: FBSecret
                '#permissions':
                  - USER_AGE_RANGE
                  - USER_BIRTHDAY
                  - USER_GENDER
                  - EMAIL
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: providerID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IdentityProvider'
    delete:
      tags:
        - Identity Providers
      summary: DELETE Identity Provider
      operationId: deleteIdentityProvider
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: providerID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/identityProviders/{providerID}/attributes:
    get:
      tags:
        - >-
          Identity Provider
          Attributes
      summary: READ All Identity Provider Attributes
      operationId: readAllIdentityProviderAttributes
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: providerID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - >-
          Identity Provider
          Attributes
      summary: CREATE Identity Provider Attribute
      operationId: createIdentityProviderAttribute
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/IdentityProviderAttribute'
              example:
                name: externalId
                value: ${providerAttributes.externalId}
                update: ALWAYS
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: providerID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IdentityProviderAttribute'
  /environments/{environmentID}/identityProviders/{providerID}/attributes/{providerAttributeID}:
    get:
      tags:
        - >-
          Identity Provider
          Attributes
      summary: READ One Identity Provider Attribute
      operationId: readOneIdentityProviderAttribute
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: providerID
          in: path
          schema:
            type: string
          required: true
        - name: providerAttributeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IdentityProviderAttribute'
    put:
      tags:
        - >-
          Identity Provider
          Attributes
      summary: UPDATE Identity Provider Attribute
      operationId: updateIdentityProviderAttribute
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/IdentityProviderAttribute'
              example:
                name: name.given
                value: ${providerAttributes.first_name}
                update: EMPTY_ONLY
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: providerID
          in: path
          schema:
            type: string
          required: true
        - name: providerAttributeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IdentityProviderAttribute'
    delete:
      tags:
        - >-
          Identity Provider
          Attributes
      summary: DELETE Identity Provider Attribute
      operationId: deleteIdentityProviderAttribute
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: providerID
          in: path
          schema:
            type: string
          required: true
        - name: providerAttributeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/images:
    post:
      tags:
        - Images
      summary: CREATE Image
      operationId: createImage
      requestBody:
        content:
          image/*:
            schema:
              type: string
              format: binary
      parameters:
        - name: Content-Type
          in: header
          schema:
            type: string
          example: image/jpeg
        - name: Content-Disposition
          in: header
          schema:
            type: string
          example: attachment; filename=name.jpg
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Image'
  /environments/{environmentID}/images/{imgID}:
    get:
      tags:
        - Images
      summary: READ Image
      operationId: readImage
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: imgID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Image'
    delete:
      tags:
        - Images
      summary: DELETE Image
      operationId: deleteImage
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: imgID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/integrations:
    get:
      tags:
        - Integration Catalog
      summary: READ All Integration Metadata
      operationId: readAllIntegrationMetadata
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: filter
          in: query
          schema:
            type: string
          example: (pingProductNames eq "PINGFEDERATE" and version.releasedOn ge "2020-05-20")
        - name: expand
          in: query
          schema:
            type: string
          example: versions
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/integrations/{integrationID}:
    get:
      tags:
        - Integration Catalog
      summary: READ One Integration Metadata
      operationId: readOneIntegrationMetadata
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: integrationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Integration'
  /environments/{environmentID}/integrations/{integrationID}/versions:
    get:
      tags:
        - Integration Catalog
      summary: Read All Integration Versions Metadata
      operationId: readIntegrationVersionMetadata
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: integrationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/integrations/{integrationID}/versions/{integrationVersionID}:
    get:
      tags:
        - Integration Catalog
      summary: READ One Integration Version Metadata
      operationId: readOneIntegrationVersionMetadata
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: integrationID
          in: path
          schema:
            type: string
          required: true
        - name: integrationVersionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IntegrationVersion'
  /environments/{environmentID}/integrations/{integrationID}/versions/{integrationVersionID}/asset:
    get:
      tags:
        - Integration Catalog
      summary: Download Integration Version Asset
      operationId: downloadOneIntegrationVersionAsset
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: integrationID
          in: path
          schema:
            type: string
          required: true
        - name: integrationVersionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/zip:
              schema:
                type: string
                format: byte
            application/x-zip-compressed:
              schema:
                type: string
                format: byte
  /environments/{environmentID}/integrations/{integrationID}/versions/{integrationVersionID}/attributes:
    get:
      tags:
        - Integration Catalog
      summary: Read All Attributes of an Integration Version (SAML only)
      operationId: readAllIntegrationVersionAttributes
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: integrationID
          in: path
          schema:
            type: string
          required: true
        - name: integrationVersionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/integrations/{integrationID}/versions/{integrationVersionID}/attributes/{integrationVersionAttributeID}:
    get:
      tags:
        - Integration Catalog
      summary: Read One Attributes of an Integration Version (SAML only)
      operationId: readOneIntegrationVersionAttributes
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: integrationID
          in: path
          schema:
            type: string
          required: true
        - name: integrationVersionID
          in: path
          schema:
            type: string
          required: true
        - name: integrationVersionAttributeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/IntegrationVersionAttribute'
  /environments/{environmentID}/languages:
    get:
      tags:
        - Languages
      summary: READ Languages
      operationId: readLanguages
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Languages
      summary: CREATE Language
      operationId: createLanguage
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Language'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Language'
  /environments/{environmentID}/languages/{languageID}:
    get:
      tags:
        - Languages
      summary: READ One Language
      operationId: readOneLanguage
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: languageID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Language'
    put:
      tags:
        - Languages
      summary: UPDATE Language
      operationId: updateLanguage
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Language'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: languageID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Language'
    delete:
      tags:
        - Languages
      summary: DELETE Language
      operationId: deleteLanguage
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: languageID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/languages/{languageID}/status:
    get:
      tags:
        - Language Localization Status
      summary: READ Language Localization Status
      operationId: readLanguageLocalizationStatus
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: languageID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/LanguageLocalizationStatus'
    post:
      tags:
        - Language Localization Status
      summary: CREATE Language Localization Status
      operationId: createLanguageLocalizationStatus
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/LanguageLocalizationStatus'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: languageID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/LanguageLocalizationStatus'
  /environments/{environmentID}/languages/{languageID}/status/{l10nStatusID}:
    get:
      tags:
        - Language Localization Status
      summary: READ One Language Localization Status
      operationId: readOneLanguageLocalizationStatus
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: languageID
          in: path
          schema:
            type: string
          required: true
        - name: l10nStatusID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/LanguageLocalizationStatus'
    put:
      tags:
        - Language Localization Status
      summary: UPDATE Language Localization Status
      operationId: updateLanguageLocalizationStatus
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/LanguageLocalizationStatus'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: languageID
          in: path
          schema:
            type: string
          required: true
        - name: l10nStatusID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/LanguageLocalizationStatus'
    delete:
      tags:
        - Language Localization Status
      summary: DELETE Language Localization Status
      operationId: deleteLanguageLocalizationStatus
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: languageID
          in: path
          schema:
            type: string
          required: true
        - name: l10nStatusID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/templates:
    get:
      tags:
        - Notifications Templates
      summary: READ All Templates
      operationId: readAllTemplates
      parameters:
        - name: limit
          in: query
          schema:
            type: integer
          description: Adding a paging value to limit the number of resources displayed per page
        - name: filter
          in: query
          schema:
            type: string
          example: (createdAt lt "2018-08-30") and (updatedAt gt "2018-07-30")
        - name: order
          in: query
          schema:
            type: string
          example: -createdAt
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/templates/{templateName}:
    get:
      tags:
        - Notifications Templates
      summary: READ One Template
      operationId: readOneTemplate
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: templateName
          in: path
          schema:
            $ref: '#/components/schemas/EnumTemplateName'
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Template'
  /environments/{environmentID}/templates/{templateName}/contents:
    get:
      tags:
        - Notifications Templates
      summary: READ All Contents
      operationId: readAllTemplateContents
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: templateName
          in: path
          schema:
            $ref: '#/components/schemas/EnumTemplateName'
          required: true
        - name: limit
          in: query
          schema:
            type: integer
          description: Adding a paging value to limit the number of resources displayed per page
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Notifications Templates
      summary: CREATE Content
      operationId: createContent
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/TemplateContent'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: templateName
          in: path
          schema:
            $ref: '#/components/schemas/EnumTemplateName'
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TemplateContent'
    patch:
      tags:
        - Notifications Templates
      summary: PATCH Bulk Variant Contents
      operationId: patchBulkVariantContents
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/TemplateContentBulkVariant'
      parameters:
        - name: filter
          in: query
          schema:
            type: string
          example: variant eq {{variantName}}
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: templateName
          in: path
          schema:
            $ref: '#/components/schemas/EnumTemplateName'
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    delete:
      tags:
        - Notifications Templates
      summary: DELETE Bulk Variant Contents
      operationId: deleteBulkVariantContents
      parameters:
        - name: filter
          in: query
          schema:
            type: string
          example: variant eq {{variantName}}
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: templateName
          in: path
          schema:
            $ref: '#/components/schemas/EnumTemplateName'
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/templates/{templateName}/contents/{contentID}:
    get:
      tags:
        - Notifications Templates
      summary: READ One Content
      operationId: readOneContent
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: templateName
          in: path
          schema:
            $ref: '#/components/schemas/EnumTemplateName'
          required: true
        - name: contentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TemplateContent'
    put:
      tags:
        - Notifications Templates
      summary: UPDATE Content
      operationId: updateContent
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/TemplateContent'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: templateName
          in: path
          schema:
            $ref: '#/components/schemas/EnumTemplateName'
          required: true
        - name: contentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/TemplateContent'
    delete:
      tags:
        - Notifications Templates
      summary: DELETE Content
      operationId: deleteContent
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: templateName
          in: path
          schema:
            $ref: '#/components/schemas/EnumTemplateName'
          required: true
        - name: contentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/notificationsSettings:
    get:
      tags:
        - Notifications Settings
      summary: READ Notifications Settings
      operationId: readNotificationsSettings
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/NotificationsSettings'
    put:
      tags:
        - Notifications Settings
      summary: UPDATE Notifications Settings
      operationId: updateNotificationsSettings
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/NotificationsSettings'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/NotificationsSettings'
    delete:
      tags:
        - Notifications Settings
      summary: DELETE Notifications Settings
      operationId: deleteNotificationsSettings
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/NotificationsSettings'
  /environments/{environmentID}/notificationsSettings/emailDeliverySettings:
    get:
      tags:
        - Notifications Settings (SMTP)
      summary: READ Email Notifications Settings
      operationId: readEmailNotificationsSettings
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/NotificationsSettingsEmailDeliverySettings'
    put:
      tags:
        - Notifications Settings (SMTP)
      summary: UPDATE Email Notifications Settings
      operationId: updateEmailNotificationsSettings
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/NotificationsSettingsEmailDeliverySettings'
              example:
                host: email-smtp.server.com
                port: 465
                username: smtp_username
                password: smtp_password
                from:
                  name: from_name
                  address: from@pingidentity.com
                replyTo:
                  name: reply_name
                  address: reply@pingidentity.com
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/NotificationsSettingsEmailDeliverySettings'
    delete:
      tags:
        - Notifications Settings (SMTP)
      summary: DELETE Email Delivery Settings
      operationId: deleteEmailDeliverySettings
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/notificationsSettings/phoneDeliverySettings:
    get:
      tags:
        - Phone Delivery Settings
      summary: READ All Phone Delivery Settings
      operationId: readAllPhoneDeliverySettings
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Phone Delivery Settings
      summary: CREATE Phone Delivery Settings
      operationId: createPhoneDeliverySettings
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/NotificationsSettingsPhoneDeliverySettings'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/NotificationsSettingsPhoneDeliverySettings'
  /environments/{environmentID}/notificationsSettings/phoneDeliverySettings/{phoneDeliverySettingsID}:
    get:
      tags:
        - Phone Delivery Settings
      summary: READ One Phone Delivery Settings
      operationId: readOnePhoneDeliverySettings
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: phoneDeliverySettingsID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/NotificationsSettingsPhoneDeliverySettings'
    put:
      tags:
        - Phone Delivery Settings
      summary: UPDATE Phone Delivery Settings
      operationId: updatePhoneDeliverySettings
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/NotificationsSettingsPhoneDeliverySettings'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: phoneDeliverySettingsID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/NotificationsSettingsPhoneDeliverySettings'
    delete:
      tags:
        - Phone Delivery Settings
      summary: DELETE Phone Delivery Settings
      operationId: deletePhoneDeliverySettings
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: phoneDeliverySettingsID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/notificationsPolicies:
    get:
      tags:
        - Notifications Policies
      summary: READ All Notifications Policies
      operationId: readAllNotificationsPolicies
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Notifications Policies
      summary: CREATE Notifications Policy
      operationId: createNotificationsPolicy
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/NotificationsPolicy'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/NotificationsPolicy'
  /environments/{environmentID}/notificationsPolicies/{notificationsPolicyID}:
    get:
      tags:
        - Notifications Policies
      summary: READ One Notifications Policy
      operationId: readOneNotificationsPolicy
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: notificationsPolicyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/NotificationsPolicy'
    put:
      tags:
        - Notifications Policies
      summary: UPDATE Notifications Policy
      operationId: updateNotificationsPolicy
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/NotificationsPolicy'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: notificationsPolicyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/NotificationsPolicy'
    delete:
      tags:
        - Notifications Policies
      summary: DELETE Notifications Policy
      operationId: deleteNotificationsPolicy
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: notificationsPolicyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/passwordPolicies:
    get:
      tags:
        - Password Policies
      summary: READ All Password Policies
      operationId: readAllPasswordPolicies
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: 
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Password Policies
      summary: CREATE Password Policy
      operationId: createPasswordPolicy
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PasswordPolicy'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PasswordPolicy'
  /environments/{environmentID}/passwordPolicies/{passwordPolicyID}:
    get:
      tags:
        - Password Policies
      summary: READ One Password Policy
      operationId: readOnePasswordPolicy
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: passwordPolicyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PasswordPolicy'
    put:
      tags:
        - Password Policies
      summary: UPDATE Password Policy
      operationId: updatePasswordPolicy
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PasswordPolicy'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: passwordPolicyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PasswordPolicy'
    delete:
      tags:
        - Password Policies
      summary: DELETE Password Policy
      operationId: deletePasswordPolicy
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: passwordPolicyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/populations:
    get:
      tags:
        - Populations
      summary: READ All Populations
      operationId: readAllPopulations
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: limit
          in: query
          schema:
            type: integer
          description: Adding a paging value to limit the number of resources displayed per page
        - name: filter
          in: query
          schema:
            type: string
          description: Adding a SCIM filter for a population ID or population name to display only those resources associated with the specified population. Only the id and name parameters are supported
          example: id eq "60971d3b-cc5a-4601-9c44-2be541f91bf1"
        - name: cursor
          in: query
          schema:
            type: string
          description: Adding a cursor value to retrieve the next page of results, used with the `limit` parameter. The cursor value is returned in the `_links.next.href` link in the response payload.
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: 
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Populations
      summary: CREATE Population
      operationId: createPopulation
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Population'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Population'
  /environments/{environmentID}/populations/{populationID}:
    get:
      tags:
        - Populations
      summary: READ One Population
      operationId: readOnePopulation
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: populationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Population'
    put:
      tags:
        - Populations
      summary: UPDATE Population
      operationId: updatePopulation
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Population'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: populationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Population'
    delete:
      tags:
        - Populations
      summary: DELETE Population
      operationId: deletePopulation
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: populationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/populations/{populationID}/defaultIdentityProvider:
    get:
      tags:
        - Populations
      summary: READ One Population Default Identity Provider
      operationId: readOnePopulationDefaultIdp
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: populationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PopulationDefaultIdp'
    put:
      tags:
        - Populations
      summary: UPDATE Population Default Identity Provider
      operationId: updatePopulationDefaultIdp
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/PopulationDefaultIdp'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: populationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/PopulationDefaultIdp'
  /environments/{environmentID}/recaptchaV2Config:
    get:
      tags:
        - Recaptcha Configuration
      summary: READ Recaptcha Configuration
      operationId: readRecaptchaConfiguration
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RecaptchaConfiguration'
    put:
      tags:
        - Recaptcha Configuration
      summary: UPDATE Recaptcha Configuration
      operationId: updateRecaptchaConfiguration
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RecaptchaConfiguration'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RecaptchaConfiguration'
    delete:
      tags:
        - Recaptcha Configuration
      summary: DELETE Recaptcha Configuration
      operationId: deleteRecaptchaConfiguration
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/resources:
    get:
      tags:
        - Resources
      summary: READ All Resources
      operationId: readAllResources
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Resources
      summary: CREATE Resource
      operationId: createResource
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Resource'
              example:
                name: CustomResource1
                description: This is my custom resource
                audience: https://api.custom.com
                accessTokenValiditySeconds: 7200
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Resource'
  /environments/{environmentID}/resources/{resourceID}:
    get:
      tags:
        - Resources
      summary: READ One Resource
      operationId: readOneResource
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Resource'
    put:
      tags:
        - Resources
      summary: UPDATE Resource
      operationId: updateResource
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Resource'
              example:
                name: CustomResource_EU
                audience: https://api.custom.eu
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Resource'
    delete:
      tags:
        - Resources
      summary: DELETE Resource
      operationId: deleteResource
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/resources/{resourceID}/applicationResources:
    get:
      tags:
        - Application Resources
      summary: READ All Application Resources
      operationId: readAllApplicationResources
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Application Resources
      summary: CREATE Application Resource
      operationId: createApplicationResource
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ResourceApplicationResource'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResourceApplicationResource'
  /environments/{environmentID}/resources/{resourceID}/applicationResources/{applicationResourceID}:
    get:
      tags:
        - Application Resources
      summary: READ One Application Resource
      operationId: readOneApplicationResource
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
        - name: applicationResourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResourceApplicationResource'
    put:
      tags:
        - Application Resources
      summary: UPDATE Application Resource
      operationId: updateApplicationResource
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ResourceApplicationResource'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
        - name: applicationResourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResourceApplicationResource'
    delete:
      tags:
        - Application Resources
      summary: DELETE Application Resource
      operationId: deleteApplicationResource
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
        - name: applicationResourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/resources/{resourceID}/applicationPermissions:
    get:
      tags:
        - Application Permissions
      summary: READ All Application Permissions
      operationId: readAllApplicationPermissions
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/resources/{resourceID}/attributes:
    get:
      tags:
        - Resource Attributes
      summary: READ All Resource Attributes
      operationId: readAllResourceAttributes
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Resource Attributes
      summary: CREATE Resource Attribute
      operationId: createResourceAttribute
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ResourceAttribute'
              example:
                name: firstName
                value: ${user.name.given}
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResourceAttribute'
  /environments/{environmentID}/resources/{resourceID}/attributes/{resourceAttrID}:
    get:
      tags:
        - Resource Attributes
      summary: READ One Resource Attribute
      operationId: readOneResourceAttribute
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
        - name: resourceAttrID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResourceAttribute'
    put:
      tags:
        - Resource Attributes
      summary: UPDATE Resource Attribute
      operationId: updateResourceAttribute
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ResourceAttribute'
              example:
                name: nickname
                value: ${user.nickname}
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
        - name: resourceAttrID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResourceAttribute'
    delete:
      tags:
        - Resource Attributes
      summary: DELETE Resource Attribute
      operationId: deleteResourceAttribute
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
        - name: resourceAttrID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/resources/{resourceID}/secret:
    get:
      tags:
        - Resource Client Secret
      summary: READ Resource Secret
      operationId: readResourceSecret
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResourceSecret'
    post:
      tags:
        - Resource Client Secret
      summary: UPDATE Resource Secret
      operationId: updateResourceSecret
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ResourceSecret'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResourceSecret'
    delete:
      tags:
        - Resource Client Secret
      summary: DELETE Previous Resource Secret
      operationId: deletePreviousResourceSecret
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/resources/{resourceID}/scopes:
    get:
      tags:
        - Resource Scopes
      summary: READ All Scopes (Resource)
      operationId: readAllResourceScopes
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Resource Scopes
      summary: CREATE PingOne access control scope
      operationId: createResourceScope
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ResourceScope'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResourceScope'
  /environments/{environmentID}/resources/{resourceID}/scopes/{scopeID}:
    get:
      tags:
        - Resource Scopes
      summary: READ One Scope
      operationId: readOneResourceScope
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
        - name: scopeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResourceScope'
    put:
      tags:
        - Resource Scopes
      summary: UPDATE PingOne access control scope
      operationId: updateResourceScope
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ResourceScope'
              example:
                name: p1:update:user
                description: >-
                  An UPDATED access control scope that includes only the user
                  schema attributes listed in the schemaAttributes property
                schemaAttributes:
                  - name.family
                  - name.given
                  - email
                  - address.streetAddress
                  - address.locality
                  - address.region
                  - address.postalCode
                  - address.countryCode
                  - primaryPhone
                  - mobilePhone
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
        - name: scopeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ResourceScope'
    delete:
      tags:
        - Resource Scopes
      summary: DELETE Scope
      operationId: deleteResourceScope
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: resourceID
          in: path
          schema:
            type: string
          required: true
        - name: scopeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/roles:
    get:
      tags:
        - Custom Admin Roles
      summary: READ All Custom Admin Roles
      operationId: readAllCustomAdminRoles
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Custom Admin Roles
      summary: CREATE Custom Role
      operationId: createCustomAdminRole
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CustomAdminRole'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CustomAdminRole'
  /environments/{environmentID}/roles/{customRoleID}:
    get:
      tags:
        - Custom Admin Roles
      summary: READ One Custom Role
      operationId: readOneCustomAdminRole
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: customRoleID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CustomAdminRole'
    put:
      tags:
        - Custom Admin Roles
      summary: UPDATE Custom Role
      operationId: updateCustomAdminRole
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CustomAdminRole'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: customRoleID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CustomAdminRole'
    delete:
      tags:
        - Custom Admin Roles
      summary: DELETE Custom Role
      operationId: deleteCustomAdminRole
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: customRoleID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/schemas:
    get:
      tags:
        - Schemas
      summary: READ All Schemas
      operationId: readAllSchemas
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/schemas/{schemaID}:
    get:
      tags:
        - Schemas
      summary: READ One Schema
      operationId: readOneSchema
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: schemaID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Schema'
  /environments/{environmentID}/schemas/{schemaID}/attributes:
    get:
      tags:
        - Schemas
      summary: READ All (Schema) Attributes
      operationId: readAllSchemaAttributes
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: schemaID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Schemas
      summary: CREATE Attribute
      operationId: createAttribute
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SchemaAttribute'
              example:
                description: >-
                  An optional property that specifies the description of the new
                  attribute.
                displayName: >-
                  An optional property that specifies the display name of the
                  attribute.
                enabled: false
                name: customAttribute-101
                required: false
                type: STRING
                unique: false
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: schemaID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SchemaAttribute'
  /environments/{environmentID}/schemas/{schemaID}/attributes/{attributeID}:
    get:
      tags:
        - Schemas
      summary: READ One Attribute
      operationId: readOneAttribute
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: schemaID
          in: path
          schema:
            type: string
          required: true
        - name: attributeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SchemaAttribute'
    patch:
      tags:
        - Schemas
      summary: UPDATE Attribute (Patch)
      operationId: updateAttributePatch
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SchemaAttributePatch'
              example:
                name: NewName
                schemaType: CORE
                type: STRING
                unique: true
                enabled: false
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: schemaID
          in: path
          schema:
            type: string
          required: true
        - name: attributeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SchemaAttribute'
    put:
      tags:
        - Schemas
      summary: UPDATE Attribute (Put)
      operationId: updateAttributePut
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SchemaAttribute'
              example:
                name: customAttribute
                unique: true
                enabled: false
                required: true
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: schemaID
          in: path
          schema:
            type: string
          required: true
        - name: attributeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SchemaAttribute'
    delete:
      tags:
        - Schemas
      summary: DELETE Attribute
      operationId: deleteAttribute
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: schemaID
          in: path
          schema:
            type: string
          required: true
        - name: attributeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/signOnPolicies:
    get:
      tags:
        - Sign-On Policies
      summary: READ All Sign On Policies
      operationId: readAllSignOnPolicies
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Sign-On Policies
      summary: CREATE Sign On Policy
      operationId: createSignOnPolicy
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SignOnPolicy'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignOnPolicy'
  /environments/{environmentID}/signOnPolicies/{policyID}:
    get:
      tags:
        - Sign-On Policies
      summary: READ One Sign On Policy
      operationId: readOneSignOnPolicy
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: policyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignOnPolicy'
    put:
      tags:
        - Sign-On Policies
      summary: UPDATE Sign On Policy
      operationId: updateSignOnPolicy
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SignOnPolicy'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: policyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignOnPolicy'
    delete:
      tags:
        - Sign-On Policies
      summary: DELETE Sign On Policy
      operationId: deleteSignOnPolicy
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: policyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/signOnPolicies/{policyID}/actions:
    get:
      tags:
        - Sign-On Policy Actions
      summary: READ All Sign-On Policy Actions
      operationId: readAllSignOnPolicyActions
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: policyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Sign-On Policy Actions
      summary: CREATE Sign-On Policy Action
      operationId: createSignOnPolicyAction
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SignOnPolicyAction'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: policyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignOnPolicyAction'
  /environments/{environmentID}/signOnPolicies/{policyID}/actions/{actionID}:
    get:
      tags:
        - Sign-On Policy Actions
      summary: READ One Sign-On Policy Action
      operationId: readOneSignOnPolicyAction
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: policyID
          in: path
          schema:
            type: string
          required: true
        - name: actionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignOnPolicyAction'
    put:
      tags:
        - Sign-On Policy Actions
      summary: UPDATE Sign-On Policy Action
      operationId: updateSignOnPolicyAction
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SignOnPolicyAction'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: policyID
          in: path
          schema:
            type: string
          required: true
        - name: actionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/SignOnPolicyAction'
    delete:
      tags:
        - Sign-On Policy Actions
      summary: DELETE Sign-On Policy Action
      operationId: deleteSignOnPolicyAction
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: policyID
          in: path
          schema:
            type: string
          required: true
        - name: actionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/subscriptions:
    post:
      tags:
        - Subscriptions (webhooks)
      summary: CREATE Subscription
      operationId: createSubscription
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Subscription'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Subscription'
    get:
      tags:
        - Subscriptions (webhooks)
      summary: READ All Subscriptions
      operationId: readAllSubscriptions
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/subscriptions/{subscriptionID}:
    get:
      tags:
        - Subscriptions (webhooks)
      summary: READ One Subscription
      operationId: readOneSubscription
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: subscriptionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Subscription'
    put:
      tags:
        - Subscriptions (webhooks)
      summary: UPDATE Subscription
      operationId: updateSubscription
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Subscription'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: subscriptionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Subscription'
    delete:
      tags:
        - Subscriptions (webhooks)
      summary: DELETE Subscription
      operationId: deleteSubscription
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: subscriptionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/themes:
    get:
      tags:
        - Branding Themes
      summary: READ Branding Themes
      operationId: readBrandingThemes
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Branding Themes
      summary: CREATE Branding Theme
      operationId: createBrandingTheme
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/BrandingTheme'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BrandingTheme'
  /environments/{environmentID}/themes/{themeID}:
    get:
      tags:
        - Branding Themes
      summary: READ One Branding Theme
      operationId: readOneBrandingTheme
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: themeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BrandingTheme'
    put:
      tags:
        - Branding Themes
      summary: UPDATE Branding Theme
      operationId: updateBrandingTheme
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/BrandingTheme'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: themeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BrandingTheme'
    delete:
      tags:
        - Branding Themes
      summary: DELETE Branding Theme
      operationId: deleteBrandingTheme
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: themeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/themes/{themeID}/default:
    get:
      tags:
        - Branding Themes
      summary: READ Branding Theme Default
      operationId: readBrandingThemeDefault
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: themeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BrandingThemeDefault'
    put:
      tags:
        - Branding Themes
      summary: UPDATE Branding Theme Default
      operationId: updateBrandingThemeDefault
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/BrandingThemeDefault'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: themeID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/BrandingThemeDefault'
  /environments/{environmentID}/totalIdentities:
    get:
      tags:
        - Total Identities
      summary: READ Total Identity Counts
      parameters:
        - name: filter
          in: query
          schema:
            type: string
          example: >-
            startDate eq "2019-05-01T19:00:00Z" and endDate eq
            "2019-05-31T19:00:00Z"
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/userActivities:
    get:
      tags:
        - User Activities
      summary: READ User Activities
      parameters:
        - name: filter
          in: query
          schema:
            type: string
          example: >-
            startDate eq "2018-02-17T09:10:12-04:00" and endDate eq
            "2018-02-23T09:10:12-04:00"
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/users:
    get:
      tags:
        - Users
      summary: READ All Users
      operationId: readAllUsers
      parameters:
        - name: filter
          in: query
          schema:
            type: string
          example: memberOfGroups[id eq "{{groupID}}"] and name.family eq "demo"
        - name: limit
          in: query
          schema:
            type: integer
            minimum: 1
            maximum: 1000
          description: Adding a paging value to limit the number of resources displayed per page
        - name: cursor
          in: query
          schema:
            type: string
          description: Adding a cursor value to retrieve the next page of results, used with the `limit` parameter. The cursor value is returned in the `_links.next.href` link in the response payload.
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - Users
      summary: CREATE User
      operationId: createUser
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/User'
              example:
                email: do-not-send@example.com
                name:
                  given: Test
                  family: User
                population:
                  id: '{{populationID}}'
                username: import-user_{{$timestamp}}
                password:
                  value: <This can be plain text or an acceptable hashed value.>
                  forceChange: false
          application/vnd.pingidentity.user.import+json:
            schema:
              $ref: '#/components/schemas/User'
      parameters:
        - name: Content-Type
          in: header
          schema:
            type: string
          example: application/vnd.pingidentity.user.import+json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'
  /environments/{environmentID}/users/{userID}:
    get:
      tags:
        - Users
      summary: READ User
      operationId: readUser
      parameters:
        - name: include
          in: query
          schema:
            $ref: '#/components/schemas/EnumUserRequestInclude'
          example: memberOfGroupIDs
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'
    post:
      tags:
        - User Accounts
      summary: User Account
      operationId: userAccount
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UserAccount'
      parameters:
        - name: content-type
          in: header
          schema:
            $ref: '#/components/schemas/EnumUserAccountContentTypeHeader'
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'
    put:
      tags:
        - Users
      summary: UPDATE User (Put)
      operationId: updateUserPut
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/User'
              example:
                username: joe@example.com
                name:
                  formatted: Joe Smith
                  given: Joe
                  middle: H.
                  family: Smith
                  honorificPrefix: Dr.
                  honorificSuffix: IV
                nickname: Putty
                title: Senior Director
                preferredLanguage: en-gb;q=0.8, en;q=0.7
                locale: en-gb
                email: joe@example.com
                primaryPhone: '+1.2225554444'
                mobilePhone: '+1.4445552222'
                photo:
                  href: <url-to-image>
                address:
                  streetAddress: 123 Main Street
                  locality: Springfield
                  region: WA
                  postalCode: '98701'
                  countryCode: US
                accountId: '5'
                type: tele
                timezone: America/Los_Angeles
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'
    patch:
      tags:
        - Users
      summary: UPDATE User (Patch)
      operationId: updateUserPatch
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/User'
              example:
                title: Manager
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/User'
    delete:
      tags:
        - Users
      summary: DELETE User
      operationId: deleteUser
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/users/{userID}/applicationRoles:
    get:
      tags:
        - User Application Role Assignments
      summary: READ User Application Role Assignments
      operationId: readUserApplicationRoleAssignments
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - User Application Role Assignments
      summary: CREATE User Application Role Assignment
      operationId: createUserApplicationRoleAssignment
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UserApplicationRoleAssignment'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserApplicationRoleAssignment'
  /environments/{environmentID}/users/{userID}/applicationRoles/{applicationRoleID}:
    delete:
      tags:
        - User Application Role Assignments
      summary: DELETE User Application Role Assignment
      operationId: deleteUserApplicationRoleAssignment
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: applicationRoleID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/users/{userID}/identityProvider:
    get:
      tags:
        - Users
      summary: READ User Identity Provider
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    put:
      tags:
        - Users
      summary: UPDATE User Identity Provider
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                identityProvider:
                  id: '{{idpID}}'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/users/{userID}/verifyStatus:
    get:
      tags:
        - Users
      summary: READ user verification status
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    put:
      tags:
        - Users
      summary: UPDATE user verification status
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                verifyStatus: ENABLED
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/users/{userID}/memberOfGroups:
    post:
      tags:
        - Group Membership
      summary: ADD User to Group
      operationId: addUserToGroup
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/GroupMembership'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GroupMembership'
    get:
      tags:
        - Group Membership
      summary: READ All Group Memberships for User
      operationId: readAllGroupMembershipsForUser
      parameters:
        - name: expand
          in: query
          schema:
            type: string
          example: group
        - name: limit
          in: query
          schema:
            type: integer
          example: '100'
        - name: cursor
          in: query
          schema:
            type: string
          description: Adding a cursor value to retrieve the next page of results, used with the `limit` parameter. The cursor value is returned in the `_links.next.href` link in the response payload.
        - name: filter
          in: query
          schema:
            type: string
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /environments/{environmentID}/users/{userID}/memberOfGroups/{groupID}:
    delete:
      tags:
        - Group Membership
      summary: REMOVE User from Group
      operationId: removeUserFromGroup
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: groupID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
    get:
      tags:
        - Group Membership
      summary: READ One Group Membership for User
      operationId: readOneGroupMembershipForUser
      parameters:
        - name: expand
          in: query
          schema:
            $ref: '#/components/schemas/EnumUserGroupAssignmentExpandParameter'
          example: group
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: groupID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/GroupMembership'
  /environments/{environmentID}/users/{userID}/enabled:
    get:
      tags:
        - Enable Users
      summary: READ User Enabled
      operationId: readUserEnabled
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserEnabled'
    put:
      tags:
        - Enable Users
      summary: UPDATE User Enabled
      operationId: updateUserEnabled
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UserEnabled'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserEnabled'
  /environments/{environmentID}/users/{userID}/linkedAccounts:
    get:
      tags:
        - Linked Accounts
      summary: READ Linked Accounts
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/users/{userID}/linkedAccounts/{linkedAccountID}:
    get:
      tags:
        - Linked Accounts
      summary: READ One Linked Account
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: linkedAccountID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    delete:
      tags:
        - Linked Accounts
      summary: DELETE Linked Account
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: linkedAccountID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/users/{userID}/pairingKeys/{pairingKeyID}:
    get:
      tags:
        - MFA Pairing Keys
      summary: READ One MFA Pairing Key
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: pairingKeyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    delete:
      tags:
        - MFA Pairing Keys
      summary: DELETE MFA Pairing Key
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: pairingKeyID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/users/{userID}/pairingKeys:
    post:
      tags:
        - MFA Pairing Keys
      summary: CREATE MFA Pairing Key
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                applications:
                  - id: '{{applicationID}}'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/users/{userID}/population:
    get:
      tags:
        - User Populations
      summary: READ User Population
      operationId: readUserPopulation
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserPopulation'
    put:
      tags:
        - User Populations
      summary: UPDATE User Population
      operationId: updateUserPopulation
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/UserPopulation'
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserPopulation'
  /environments/{environmentID}/users/{userID}/password:
    get:
      tags:
        - User Passwords
      summary: READ Password State
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    post:
      tags:
        - User Passwords
      summary: Password Locked Out
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                recoveryCode: <code>
                newPassword: VerySecure123!
      parameters:
        - name: content-type
          in: header
          schema:
            type: string
          example: application/vnd.pingidentity.password.recover+json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    put:
      tags:
        - User Passwords
      summary: UPDATE Password (Set)
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                value: >-
                  {SSHA512}UkGWfORubNKFpFBWh+Lgy4FrciclzUXneuryV+B+zBDR4Gqd5wvMqAvKRixgQWoZlZUgq8Wh40uMK3s6bWpzWt1/TqQH02hX
                forceChange: true
      parameters:
        - name: Content-Type
          in: header
          schema:
            type: string
          example: application/vnd.pingidentity.password.set+json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/users/{userID}/roleAssignments:
    get:
      tags:
        - User Role Assignments
      summary: READ Role Assignments
      operationId: readUserRoleAssignments
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
    post:
      tags:
        - User Role Assignments
      summary: CREATE User Role Assignment
      operationId: createUserRoleAssignment
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/RoleAssignment'
              example:
                role:
                  id: '{{roleID}}'
                scope:
                  id: '{{environmentID}}'
                  type: ENVIRONMENT
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RoleAssignment'
  /environments/{environmentID}/users/{userID}/roleAssignments/{roleAssignmentID}:
    get:
      tags:
        - User Role Assignments
      summary: READ One Role Assignment
      operationId: readOneUserRoleAssignment
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: roleAssignmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/RoleAssignment'
    delete:
      tags:
        - User Role Assignments
      summary: DELETE User's Role Assignment
      operationId: deleteUserRoleAssignment
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: roleAssignmentID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/users/{userID}/verifyTransactions:
    get:
      tags:
        - User ID Verification
      summary: READ All ID Verification Transaction Records for a User
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    post:
      tags:
        - User ID Verification
      summary: CREATE ID Verification Transaction Record for a User
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '201':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/users/{userID}/verifyTransactions/{transactionID}:
    get:
      tags:
        - User ID Verification
      summary: READ ID Verification Transaction Record for a User
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: transactionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    put:
      tags:
        - User ID Verification
      summary: UPDATE ID Verification Transaction Record for a User
      requestBody:
        content:
          application/json:
            schema:
              type: object
              example:
                transactionStatus:
                  status: APPROVED_NO_REQUEST
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: transactionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    delete:
      tags:
        - User ID Verification
      summary: DELETE ID Verification Transaction Record for a User
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: transactionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /environments/{environmentID}/users/{userID}/agreementConsents:
    get:
      tags:
        - User Agreement Consents
      summary: READ All User Agreement Consents
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/users/{userID}/agreementConsents/{agreementID}:
    get:
      tags:
        - User Agreement Consents
      summary: READ One User Agreement Consent
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: agreementID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    post:
      tags:
        - User Agreement Consents
      summary: Revoke Agreement
      parameters:
        - name: Content-Type
          in: header
          schema:
            type: string
          example: application/vnd.pingidentity.consent.revoke+json
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: agreementID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '405':
          $ref: '#/components/responses/405'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/users/{userID}/sessions:
    get:
      tags:
        - Sessions
      summary: READ All Sessions
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /environments/{environmentID}/users/{userID}/sessions/{sessionID}:
    get:
      tags:
        - Sessions
      summary: READ One Session
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: sessionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
    delete:
      tags:
        - Sessions
      summary: DELETE Session
      parameters:
        - name: environmentID
          in: path
          schema:
            type: string
          required: true
        - name: userID
          in: path
          schema:
            type: string
          required: true
        - name: sessionID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '204':
          description: Successful response
  /organizations:
    get:
      tags:
        - Organizations
      summary: READ All Organizations
      operationId: readAllOrganizations
      parameters:
        - name: limit
          in: query
          schema:
            type: integer
          description: Adding a paging value to limit the number of resources displayed per page
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /organizations/{organizationID}:
    get:
      tags:
        - Organizations
      summary: READ One Organization
      operationId: readOneOrganization
      parameters:
        - name: organizationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Organization'
  /organizations/{organizationID}/capabilities:
    get:
      tags:
        - Capabilities
      summary: READ Organization Capabilities
      parameters:
        - name: organizationID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /organizations/{organizationID}/licenses:
    get:
      tags:
        - Licenses
      summary: READ All Licenses
      operationId: readAllLicenses
      parameters:
        - name: organizationID
          in: path
          schema:
            type: string
          required: true
        - name: filter
          in: query
          schema:
            type: string
          description: For organizations with more than one license, you can use a filter to return the list of licenses in descending order.
          example: filter=beginsAt lt "{{now}}"
        - name: order
          in: query
          schema:
            type: string
          example: order=-beginsAt
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /organizations/{organizationID}/licenses/{licenseID}:
    get:
      tags:
        - Licenses
      summary: READ One License
      operationId: readOneLicense
      parameters:
        - name: organizationID
          in: path
          schema:
            type: string
          required: true
        - name: licenseID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/License'
  /organizations/{organizationID}/licenses/{licenseID}/name:
    get:
      tags:
        - Licenses
      summary: READ One License Name
      operationId: readOneLicenseName
      parameters:
        - name: organizationID
          in: path
          schema:
            type: string
          required: true
        - name: licenseID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/LicenseName'
    put:
      tags:
        - Licenses
      summary: Update One License Name
      operationId: updateOneLicenseName
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/LicenseName'
      parameters:
        - name: organizationID
          in: path
          schema:
            type: string
          required: true
        - name: licenseID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/LicenseName'
  /organizations/{organizationID}/licenses/{licenseID}/metrics/activeIdentityCounts:
    get:
      tags:
        - Active Identity Counts
      summary: READ Active Identity Counts by License
      operationId: readActiveIdentityCount
      parameters:
        - name: aggregatedBy
          in: query
          schema:
            type: string
          example: calendarMonth
        - name: limit
          in: query
          schema:
            type: integer
          example: '20'
        - name: order
          in: query
          schema:
            type: string
          example: '-startDate'
        - name: organizationID
          in: path
          schema:
            type: string
          required: true
        - name: licenseID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json: {}
  /roles:
    get:
      tags:
        - Roles
      summary: READ All Roles
      operationId: readAllRoles
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EntityArray'
  /roles/{roleID}:
    get:
      tags:
        - Roles
      summary: READ One Role
      operationId: readOneRole
      parameters:
        - name: roleID
          in: path
          schema:
            type: string
          required: true
      responses:
        '400':
          $ref: '#/components/responses/400'
        '401':
          $ref: '#/components/responses/401'
        '403':
          $ref: '#/components/responses/403'
        '404':
          $ref: '#/components/responses/404'
        '409':
          $ref: '#/components/responses/409'
        '429':
          $ref: '#/components/responses/429'
        '500':
          $ref: '#/components/responses/500'
        '200':
          description: Successful response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Role'