Skip to main content

Find Accounts

Find accounts. The command uses the PV_ACCOUNT public view to find data. Any filters passed should be passed on this public view.

GET https://instance.securid.com/aveksa/command.submit?cmd=findAccounts

Request

Parameters

findAccounts
format

properties - (Default) key=value. Most useful when requesting a single object. If multiple objects are returned, values are CSV. ie key=value1,value2,value3 where value1 is the value for the first object, value2 for the 2nd, etc.

json - Useful for parsing into JavaScript or other languages. See www.json.org for details.

csv - Comma separated values

tsv - Tab separated values

xml - Extensible Markup Language
delimiterThe delimiter to use between values for csv and properties formats
returnColumns

The names of the columns to return. returnColumns may be a CSV list of multiple column names. The parameter may also be listed multiple times (ie returnColumns=col1,col2&returnColumns=col3,col4)

Refer to Columns table below.
returnMaxRowsThe maximum number of objects to return
distincttrue, false Returns only distinct values, equivalent to the distinct keyword in SQL.
sortByColumns

The results will be sorted based on the columns listed using comma as the delimiter if multiple columns are specified.

Refer to Columns table below.
sortDirectionDetermines sorting order. asc for ascending, desc for descending. If not specified, the natural order returned by the database is used.
includeHeaderRowtrue, false Include column headers when the return format is csv or tsv. (Default) true
ignoreCasetrue, false Returns case-insensitive search results for specified filter parameters. (Default) false

Columns

id[Primary Key] Unique account identifier
nameAccount name
creation_dateDate stamp when this account was created.
deletion_dateThe date stamp when this account was removed.
application_id[Foreign Key referencing APPLICATION.ID] Application/Directory id.
adc_id[Foreign Key referencing ACCOUNT_COLLECTOR.ID] Account collector id.
adc_nameAccount collector name.
is_sharedWhether this account is shared by multiple users.
last_login_dateLast time when a user logged in using this account.
orphaned_dateDate an account became orphaned.
is_lockedTrue, False Indicates if the current account is locked.
is_disabledTrue, False Indicates if the current account is disabled.
object_sidHolds a unique string formatted value for an account created from Active Directory. This unique account value is used in resolving Active Directory 'Foreign Security Principles' group memberships.
expiration_dateThe date on which the account expires.
last_loginLast login.
user_nameUser name.
property_1Account property 1.
property_2Account property 2.
property_3Account property 3.
property_4Account property 4.
user_account_controlUser account control flags.
external_idExternal identifier for the account.
statusStatus of the account.
last_reviewed_dateLast reviewed date.
cad1Value of custom date type attributes configured on the instance represented by their reference names.
cas3Value of custom string type attributes configured on the instance represented by their reference names.
cas4Value of custom string type attributes configured on the instance represented by their reference names.
cas5Value of custom string type attributes configured on the instance represented by their reference names.
cas6Value of custom string type attributes configured on the instance represented by their reference names.
cas7Value of custom string type attributes configured on the instance represented by their reference names.
cas8Value of custom string type attributes configured on the instance represented by their reference names.
cas9Value of custom string type attributes configured on the instance represented by their reference names.
cas20Value of custom string type attributes configured on the instance represented by their reference names.

Headers

Bearer token
Acceptapplication/json
Content-Typeapplication/json

Response

Parameters

The API returns the requested columns specified by returnColumns as output. If returnColumns is unspecified then all columns listed will be returned.

Examples

All columns

Omit returnColumns to return every field for each account.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findAccounts&format=json&returnMaxRows=2" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json"

Response

{
"findAccounts": [
{
"id": "3",
"name": "user01",
"creation_date": "2024-03-15 06:03:50.0",
"deletion_date": "",
"application_id": "2",
"adc_id": "4",
"adc_name": "Corporate AD Collector",
"is_shared": "n",
"last_login_date": "",
"orphaned_date": "",
"is_locked": "0",
"is_disabled": "0",
"object_sid": "",
"expiration_date": "",
"last_login": "",
"user_name": "",
"property_1": "",
"property_2": "",
"property_3": "",
"property_4": "",
"user_account_control": "NORMAL_ACCOUNT",
"external_id": "CN=user01,OU=Professional Services,OU=Users,OU=corp,DC=example,DC=securid,DC=com",
"status": "",
"last_reviewed_date": "",
"cad1": "",
"cas3": "",
"cas4": "",
"cas5": "",
"cas6": "",
"cas7": "",
"cas8": "NORMAL_ACCOUNT",
"cas9": "CN=user01,OU=Professional Services,OU=Users,OU=corp,DC=example,DC=securid,DC=com",
"cas20": ""
},
{
"id": "4",
"name": "user02",
"creation_date": "2024-03-15 06:03:50.0",
"deletion_date": "",
"application_id": "2",
"adc_id": "4",
"adc_name": "Corporate AD Collector",
"is_shared": "n",
"last_login_date": "",
"orphaned_date": "",
"is_locked": "0",
"is_disabled": "0",
"object_sid": "",
"expiration_date": "",
"last_login": "",
"user_name": "",
"property_1": "",
"property_2": "",
"property_3": "",
"property_4": "",
"user_account_control": "NORMAL_ACCOUNT,DONT_EXPIRE_PASSWORD",
"external_id": "CN=user02,OU=Professional Services,OU=Users,OU=corp,DC=example,DC=securid,DC=com",
"status": "",
"last_reviewed_date": "",
"cad1": "",
"cas3": "",
"cas4": "",
"cas5": "",
"cas6": "",
"cas7": "",
"cas8": "NORMAL_ACCOUNT,DONT_EXPIRE_PASSWORD",
"cas9": "CN=user02,OU=Professional Services,OU=Users,OU=corp,DC=example,DC=securid,DC=com",
"cas20": ""
}
]
}

Specific columns

Use returnColumns to limit the response to the fields you need.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findAccounts&format=json" \
"&returnColumns=id,name,application_id,adc_id,adc_name&returnMaxRows=3" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json"

Response

{
"findAccounts": [
{
"id": "3",
"name": "user01",
"application_id": "2",
"adc_id": "4",
"adc_name": "Corporate AD Collector"
},
{
"id": "4",
"name": "user02",
"application_id": "2",
"adc_id": "4",
"adc_name": "Corporate AD Collector"
},
{
"id": "7",
"name": "user03",
"application_id": "2",
"adc_id": "4",
"adc_name": "Corporate AD Collector"
}
]
}

Filter by a single value

Pass any column name as a query parameter to filter results. Only accounts that match the value are returned.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findAccounts&format=json" \
"&returnColumns=id,name,adc_id,adc_name&returnMaxRows=3&adc_id=4" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json"

Response

{
"findAccounts": [
{
"id": "47",
"name": "user47",
"adc_id": "4",
"adc_name": "Corporate AD Collector"
},
{
"id": "27",
"name": "user27",
"adc_id": "4",
"adc_name": "Corporate AD Collector"
},
{
"id": "244654",
"name": "user244",
"adc_id": "4",
"adc_name": "Corporate AD Collector"
}
]
}

Filter with OR logic

Repeat the same parameter with different values to match any of them.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findAccounts&format=json" \
"&returnColumns=id,name,adc_id&returnMaxRows=3&adc_id=1&adc_id=4" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json"

Response

{
"findAccounts": [
{
"id": "53",
"name": "AveksaAdmin",
"adc_id": "1"
},
{
"id": "57",
"name": "user57",
"adc_id": "1"
},
{
"id": "245056",
"name": "user27",
"adc_id": "1"
}
]
}

Case-insensitive filter

Set ignoreCase=true to match regardless of case. The example passes name=USER01 in uppercase and returns the lowercase account user01.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findAccounts&format=json" \
"&returnColumns=id,name,adc_id&name=USER01&ignoreCase=true" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json"

Response

{
"findAccounts": [
{
"id": "3",
"name": "user01",
"adc_id": "4"
}
]
}

Sort ascending

Set sortDirection=asc with sortByColumns to order results from lowest to highest.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findAccounts&format=json" \
"&returnColumns=id,name,adc_id&returnMaxRows=3&sortByColumns=id&sortDirection=asc" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json"

Response

{
"findAccounts": [
{
"id": "3",
"name": "user01",
"adc_id": "4"
},
{
"id": "4",
"name": "user02",
"adc_id": "4"
},
{
"id": "7",
"name": "user03",
"adc_id": "4"
}
]
}

Sort descending

Set sortDirection=desc to reverse the order.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findAccounts&format=json" \
"&returnColumns=id,name,adc_id&returnMaxRows=3&sortByColumns=id&sortDirection=desc" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json"

Response

{
"findAccounts": [
{
"id": "2894873",
"name": "svc01@example.com",
"adc_id": "815"
},
{
"id": "2894872",
"name": "svc02@example.com",
"adc_id": "815"
},
{
"id": "2894871",
"name": "svc03@example.com",
"adc_id": "815"
}
]
}

CSV with custom delimiter

Set format=csv and use delimiter to change the separator character.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findAccounts&format=csv" \
"&returnColumns=id,name,adc_id&returnMaxRows=3&delimiter=~" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json"

Response

id~name~adc_id
3~user01~4
4~user02~4
7~user03~4

CSV without header row

Set includeHeaderRow=false when your downstream system expects raw data rows without a header.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findAccounts&format=csv" \
"&returnColumns=id,name,adc_id&returnMaxRows=3&includeHeaderRow=false" \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json"

Response

3,user01,4
4,user02,4
7,user03,4

Error responses

A 401 is returned when the token is missing, invalid, or expired. A 412 is returned when returnColumns includes a column that does not exist in the PV_ACCOUNT public view.

<html>
<head><title>Error</title></head>
<body>The token is not valid for the command 'findAccounts'. Token is invalid or expired</body>
</html>

Verified with RSA Governance & Lifecycle version 8.0.0.188886 P10_HF01.