Teams

List all Servers for a Team
Admin roles:
  • access_user
  • access_admin
  • server_admin
  • reporting_user

Lists all Servers in your Team. This only returns Servers available to the requesting User.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

query Parameters
offset
string

The UUID of an object used as an offset for pagination

count
integer <int32>

Controls the number of objects listed per page

descending
boolean

If 'true', the most recent results are listed first

prev
boolean

Controls the direction of paging

project_name
string

A Project name

hostname
string

A hostname

bastion
string

A bastion hostname

canonical_name
string

A canonical name

cloud_provider
string

A Cloud provider: 'aws' or 'gce'

cloud_account
string

The id of the cloud account associated with this server

instance_id
string

The instance ids of the servers

alt_names_contains
string

Include Servers that contain the value of 'alt_name_contains' in their 'alt_names'

state
string

State of the Server: 'ACTIVE' or 'INACTIVE'

selector
string

Server selectors. Syntax is selector=key1=value1,key2=value2

managed
string

If 'true', only include managed servers. If 'false', only include unmanaged servers

AdServers
string

If 'true', only include AD servers. If 'false', only include Non AD servers

credentialed
string

If 'true', only include unmanaged servers with credential issuance enabled. If 'false', only include unmanaged servers with credential issuance disabled.

id
string

Include only servers with the given IDs. Only usable for PAM administrative views of servers, not end user server views.

Responses
200

OK

get/v1/teams/{team_name}/servers
Request samples 
Response samples 
application/json
{
  • "list": [
    • {
      },
    • {
      }
    ]
}
Update a Server for a Team
Admin roles: 
  • access_admin
  • server_admin
Updates a Server for your Team. This is used by the PolicySync feature, see PolicySync: Attribute-Based Access Control.


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your Team


 
server_id
required
string
The UUID of the Server


 
Request Body schema: application/json
required
object or null
(Optional) A map of key value pairs. These labels overwrite all labels previously supplied through the API for this server. You can only update labels from other sources using that source. If you don't supply the prefix 'api.', it is automatically prepended.


 
property name*
additional property
string
 
Responses 
204
No Content


put/v1/teams/{team_name}/servers/{server_id}
Request samples 
application/json
{
  • "labels": {
    • "foo": "bar"
    }
}
Retrieve settings for a Team
Admin roles: 
  • access_user
  • access_admin
Retrieves Team-level settings for your Team


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your Team


 
Responses 
200
OK


get/v1/teams/{team_name}/settings
Request samples 
Response samples 
application/json
{
  • "approve_device_without_interaction": false,
  • "client_session_duration": 36000,
  • "post_device_enrollment_url": null,
  • "post_login_url": null,
  • "post_logout_url": null,
  • "reactivate_users_via_idp": false,
  • "team": "william-faulkner",
  • "user_provisioning_exact_username": null,
  • "web_session_duration": 36000
}
Update settings for a Team
Admin roles: 
  • access_admin
Updates Team-level settings for your Team. Partial updates are permitted. To disable a setting, set the value to null.


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your Team


 
Request Body schema: application/json
required
approve_device_without_interaction
boolean or null
If true, devices are automatically approved for authenticated Users


 
client_session_duration
integer or null <int32>   [ 3600 .. 90000 ] 
The maximum time before a Client session expires. The duration can be from 3600 – 90000 seconds.


 
post_device_enrollment_url
string or null  <= 8096 characters 
If specified, redirects a User to the URL after they enroll a device


 
post_login_url
string or null  <= 8096 characters 
If specified, redirects a User to the URL after they authenticate through the IdP


 
post_logout_url
string or null  <= 8096 characters 
If specified, redirects a User to the URL after they sign out


 
reactivate_users_via_idp
boolean or null
If true, previously deleted or disabled Users are reenabled if they authenticate through the IdP


 
user_provisioning_exact_username
boolean or null
 Deprecated 
DEPRECATED.  This setting has no effect.


 
web_session_duration
integer or null <int32>   [ 1800 .. 90000 ] 
The maximum time before a web session expires. The duration can be from 1800 – 90000 seconds.


 
Responses 
204
No Content


put/v1/teams/{team_name}/settings
Request samples 
application/json
{
  • "approve_device_without_interaction": false,
  • "client_session_duration": 600,
  • "post_device_enrollment_url": null,
  • "post_login_url": null,
  • "post_logout_url": null,
  • "reactivate_users_via_idp": false,
  • "team": "william-faulkner",
  • "user_provisioning_exact_username": null,
  • "web_session_duration": 600
}
Retrieve statistics for a Team
Admin roles: 
  • access_admin
Retrieves statistics about your Team


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your Team


 
Responses 
200
OK


get/v1/teams/{team_name}/team_stats
Request samples 
Response samples 
application/json
{
  • "num_af_applications": 0,
  • "num_clients": 0,
  • "num_gateways": 0,
  • "num_groups": 1,
  • "num_human_users": 1,
  • "num_oidc_applications": 0,
  • "num_projects": 2,
  • "num_servers": 1,
  • "num_service_users": 0
}