Skip to main content

Find Directories

Find directories in the identity store. The command uses the PV_DIRECTORY public view to find data. Any filters passed should apply to this public view.

GET https://instance.securid.com/aveksa/command.submit?cmd=findDirectories

Request

Parameters

findDirectories
formatproperties - (Default) Returns the response as key=value pairs. When multiple objects are returned, values are comma-delimited: key=value1,value2,value3.

json - Returns the response as JSON.

csv - Returns the response as comma-separated values.

tsv - Returns the response as tab-separated values.

xml - Returns the response as XML.
delimiterThe delimiter to use between values for csv and properties formats
returnColumns

The names of the columns to return. returnColumns may be a CSV list of multiple column names. The parameter may also be listed multiple times (ie returnColumns=col1,col2&returnColumns=col3,col4)

Refer to Columns table below.
returnMaxRowsThe maximum number of objects to return
distincttrue, false Returns only distinct values, equivalent to the distinct keyword in SQL.
sortByColumns

The results will be sorted based on the columns listed using comma as the delimiter if multiple columns are specified.

Refer to Columns table below.
sortDirectionDetermines sorting order. asc for ascending, desc for descending. If not specified, the natural order returned by the database is used.
includeHeaderRowtrue, false Include column headers when the return format is csv or tsv. (Default) true
ignoreCasetrue, false Returns case-insensitive search results for specified filter parameters. (Default) false

Filter Parameters

Any column listed in the Columns table can be passed as a filter parameter to narrow results. Filters are matched against the PV_DIRECTORY public view.

Query logic

ScenarioBehavior
Two different parameters: category=REST&name=HRAND. Returns directories with category REST that are also named HR.
Same parameter repeated: name=HR&name=WorkdayOR within that field. Returns directories named HR or Workday.
Mixed: category=REST&name=HR&name=Workday(category is REST) AND (name is HR or Workday)
OR logic across different parameters is not supported

A single API call cannot return directories where category=REST OR name=HR. OR logic between different filter parameters is not supported.

Workaround: Make separate requests for each filter condition. Merge and deduplicate the results client-side.

Columns

id[Primary Key] Unique directory identifier
nameDisplay name of the directory
alt_nameAlternate name for the directory
descriptionFull description of the directory
short_descShort description for this directory
long_descLong description for this directory
categoryConnector type used for this directory. Common values: REST, LDAP, CSV, JDBC
sensitivitySensitivity classification of the directory
ownershipOwnership classification of the directory
localityGeographical or organizational locality of the directory
business_criticalityBusiness criticality level assigned to this directory
business_unit_id[Foreign Key referencing BUSINESS_UNIT.ID] Business unit the directory belongs to
business_owner[Foreign Key referencing USERS.ID] User ID of the business owner
business_owner_nameDisplay name of the business owner
backup_business_owner[Foreign Key referencing USERS.ID] User ID of the backup business owner
technical_owner[Foreign Key referencing USERS.ID] User ID of the technical owner
technical_owner_nameDisplay name of the technical owner
backup_technical_owner[Foreign Key referencing USERS.ID] User ID of the backup technical owner
exception_manager[Foreign Key referencing USERS.ID] User ID of the exception manager
exception_manager_nameDisplay name of the exception manager
url_refURL reference or help link for this directory
user_countNumber of users loaded from this directory
account_countNumber of accounts loaded from this directory
orphaned_account_countNumber of orphaned accounts in this directory
entitlement_countNumber of entitlements loaded from this directory
is_activeWhether the directory is currently active
editableTRUE, FALSE Whether the directory configuration can be edited in the UI
contains_privileged_access0, 1 Whether this directory contains privileged access entitlements
privileged_flag0, 1 Whether the directory is flagged as privileged
exclude_from_normal_add_accessN, Y Whether this directory is excluded from normal add-access workflows
allow_create_entitlementN, Y Whether entitlements can be created manually in this directory
allow_manual_activityN, Y Whether manual fulfillment activities are allowed for this directory
allow_disabled_accountstrue, false Whether disabled accounts are permitted in this directory
allow_locked_accountstrue, false Whether locked accounts are permitted in this directory
ents_require_accountTRUE, FALSE Whether entitlements in this directory require an account
directory_for_accountsThe directory used to provision accounts when entitlements are granted
attr_sync_enabledtrue, false Whether attribute synchronization is enabled for this directory
rules_account_template_idAccount template used for rules-based provisioning
roles_account_template_idAccount template used for role-based provisioning
created_by[Foreign Key referencing USERS.ID] User ID of who created the directory record
creation_dateDate and time the directory record was created
decommissioning_dateDate and time the directory was or is scheduled to be decommissioned
cau1 … cauNCustom user-type attribute values. Reference names are configured per instance.
cad1 … cadNCustom date-type attribute values. Reference names are configured per instance.
cas1 … casNCustom string-type attribute values. Reference names are configured per instance.

Headers

Bearer token
Acceptapplication/json
Content-Typeapplication/json

Response

Parameters

The API returns the requested columns specified by returnColumns as output. If returnColumns is unspecified then all columns listed will be returned.

Examples

All columns

Omit returnColumns to return every field for each directory.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findDirectories&format=json&returnMaxRows=2" \
-H "Authorization: Bearer <token>"

Response

{
"findDirectories": [
{
"id": "489",
"name": "Microsoft Entra ID",
"created_by": "0",
"creation_date": "2025-08-07 14:47:32.0",
"description": "Microsoft Entra ID (Azure AD) is Microsoft's cloud-based identity and access management service.",
"sensitivity": "",
"ownership": "",
"locality": "",
"business_owner": "0",
"technical_owner": "0",
"exception_manager": "0",
"business_unit_id": "",
"alt_name": "Microsoft Entra ID",
"short_desc": "",
"long_desc": "",
"url_ref": "",
"user_count": "0",
"account_count": "81347",
"orphaned_account_count": "81347",
"entitlement_count": "4633",
"category": "REST",
"exclude_from_normal_add_access": "N",
"allow_create_entitlement": "N",
"allow_manual_activity": "N",
"ents_require_account": "TRUE",
"directory_for_accounts": "",
"rules_account_template_id": "",
"attr_sync_enabled": "false",
"allow_disabled_accounts": "true",
"allow_locked_accounts": "false",
"roles_account_template_id": "",
"business_owner_name": "AveksaAdmin,",
"technical_owner_name": "AveksaAdmin,",
"exception_manager_name": "AveksaAdmin,",
"editable": "TRUE",
"backup_business_owner": "",
"backup_technical_owner": "",
"contains_privileged_access": "0",
"decommissioning_date": "",
"is_active": "",
"business_criticality": "None",
"cau1": "",
"cau2": "",
"privileged_flag": "0",
"cad1": "",
"cas1": ""
},
{
"id": "509",
"name": "Active Directory - db.pvt",
"created_by": "0",
"creation_date": "2025-05-01 19:33:52.0",
"description": "Active Directory domain for Dave and Buster's",
"sensitivity": "",
"ownership": "",
"locality": "",
"business_owner": "0",
"technical_owner": "0",
"exception_manager": "0",
"business_unit_id": "",
"alt_name": "Active Directory - db.pvt",
"short_desc": "",
"long_desc": "",
"url_ref": "",
"user_count": "",
"account_count": "",
"orphaned_account_count": "",
"entitlement_count": "",
"category": "",
"exclude_from_normal_add_access": "N",
"allow_create_entitlement": "N",
"allow_manual_activity": "N",
"ents_require_account": "TRUE",
"directory_for_accounts": "",
"rules_account_template_id": "",
"attr_sync_enabled": "false",
"allow_disabled_accounts": "true",
"allow_locked_accounts": "true",
"roles_account_template_id": "",
"business_owner_name": "AveksaAdmin,",
"technical_owner_name": "AveksaAdmin,",
"exception_manager_name": "AveksaAdmin,",
"editable": "TRUE",
"backup_business_owner": "",
"backup_technical_owner": "",
"contains_privileged_access": "0",
"decommissioning_date": "",
"is_active": "",
"business_criticality": "None",
"cau1": "",
"cau2": "",
"privileged_flag": "0",
"cad1": "",
"cas1": ""
}
]
}

Specific columns

Use returnColumns to limit the response to the fields you need. The example returns five columns covering common directory reporting needs.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findDirectories&format=json&returnMaxRows=3&returnColumns=id,name,description,category,account_count" \
-H "Authorization: Bearer <token>"

Response

{
"findDirectories": [
{
"id": "489",
"name": "Microsoft Entra ID",
"description": "Microsoft Entra ID (Azure AD) is Microsoft's cloud-based identity and access management service.",
"category": "REST",
"account_count": "81347"
},
{
"id": "509",
"name": "Active Directory - db.pvt",
"description": "Active Directory domain for Dave and Buster's",
"category": "",
"account_count": ""
},
{
"id": "29",
"name": "HR",
"description": "HR Directory",
"category": "",
"account_count": ""
}
]
}

Filter by a single value

Pass any column name as a query parameter to filter results. Only directories that match the value are returned. The example returns directories where category is REST.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findDirectories&format=json&returnMaxRows=5&returnColumns=id,name,category,account_count&category=REST" \
-H "Authorization: Bearer <token>"

Response

{
"findDirectories": [
{
"id": "489",
"name": "Microsoft Entra ID",
"category": "REST",
"account_count": "81347"
},
{
"id": "34",
"name": "SecZetta",
"category": "REST",
"account_count": ""
},
{
"id": "35",
"name": "ServiceNow (Scripted REST)",
"category": "REST",
"account_count": ""
}
]
}

Filter with OR logic

Repeat the same parameter with different values to match any of them. The example returns directories where name is HR or Workday.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findDirectories&format=json&returnMaxRows=5&returnColumns=id,name,category&name=HR&name=Workday" \
-H "Authorization: Bearer <token>"

Response

{
"findDirectories": [
{
"id": "29",
"name": "HR",
"category": ""
},
{
"id": "37",
"name": "Workday",
"category": "REST"
}
]
}

Case-insensitive filter

Filters are case-sensitive by default. Set ignoreCase=true to match regardless of case. The example passes category=rest in lowercase and still returns directories with category=REST.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findDirectories&format=json&returnMaxRows=3&returnColumns=id,name,category&category=rest&ignoreCase=true" \
-H "Authorization: Bearer <token>"

Response

{
"findDirectories": [
{
"id": "489",
"name": "Microsoft Entra ID",
"category": "REST"
},
{
"id": "34",
"name": "SecZetta",
"category": "REST"
},
{
"id": "35",
"name": "ServiceNow (Scripted REST)",
"category": "REST"
}
]
}

Sort ascending

Use sortByColumns with a column name and sortDirection=asc to sort results from A to Z. The example sorts by name.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findDirectories&format=json&returnMaxRows=3&returnColumns=id,name,category&sortByColumns=name&sortDirection=asc" \
-H "Authorization: Bearer <token>"

Response

{
"findDirectories": [
{
"id": "26",
"name": "Active Directory",
"category": ""
},
{
"id": "509",
"name": "Active Directory - db.pvt",
"category": ""
},
{
"id": "709",
"name": "BUK HR",
"category": ""
}
]
}

Sort descending

Set sortDirection=desc to reverse the order.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findDirectories&format=json&returnMaxRows=3&returnColumns=id,name,category&sortByColumns=name&sortDirection=desc" \
-H "Authorization: Bearer <token>"

Response

{
"findDirectories": [
{
"id": "596",
"name": "ZingHR",
"category": ""
},
{
"id": "37",
"name": "Workday",
"category": "REST"
},
{
"id": "36",
"name": "UltiPro",
"category": ""
}
]
}

CSV with custom delimiter

Set format=csv for a comma-separated response. Use delimiter to change the separator character.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findDirectories&format=csv&returnMaxRows=3&returnColumns=id,name,category&delimiter=~" \
-H "Authorization: Bearer <token>"

Response

id~name~category
489~Microsoft Entra ID~REST
509~Active Directory - db.pvt~
29~HR~

CSV without header row

Set includeHeaderRow=false when your downstream system expects raw data rows without a header.

Request

curl -K -X GET \
"https://instance.securid.com/aveksa/command.submit?cmd=findDirectories&format=csv&returnMaxRows=3&returnColumns=id,name,category&includeHeaderRow=false" \
-H "Authorization: Bearer <token>"

Response

489,Microsoft Entra ID,REST
509,Active Directory - db.pvt,
29,HR,

Error responses

A 401 is returned when the token is missing, invalid, or expired. A 412 is returned when returnColumns includes a column name that does not exist in the PV_DIRECTORY public view.

<html>
<head><title>Error</title></head>
<body>The token is not valid for the command 'findDirectories'. Token is invalid or expired</body>
</html>

Verified with RSA Governance & Lifecycle version 8.0.0.188886 P10_HF01.