Create a Dimension
Documentation Index
Fetch the complete documentation index at: https://docs.provisionr.io/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Body
CreateDirectoryDimensionRequestData
Title Case human readable name
63"Sales Region"
alpha-dash string that is similar to the name or uses shorthand abbreviations. If not set, the name will be converted to alpha-dash format. This is used for generating group names in email addresses or URL paths
55"sales-region"
Number of days that users are still a manifest user after being deprecated for a graceful transition. This dimension-level value is inherited by child attributes and rulesets as the default. If not set, this value is inherited from the global workspace value
0 <= x <= 109530
By default (false) the status is set to STAGED. Set to true to set to ACTIVE. This allows the resource to be created and then activated in a separate step. This prevents the resource from being activated before it is fully configured
Response
DirectoryDimensionDetailedResponseData
"drdim_01hq8xyzabc123def456ghi789"
The state of the directory dimension
staged The record is staged and is only visible to administrators or in the API. Use the activate method during your change window. |
active The record is active. |
expiring The expires_at value is set in the future for the record. You can run the activate action to remove the scheduled expiration. |
expired The expires_at value is in the past and the record was deactivated. |
deactivated The record was deactivated manually by an administrator. |
staged, active, expiring, expired, deactivated The name of the key from the Workspace Integration that is in the Identity metadata array to get values from
"department"
The display name of the dimension. Any dimensions that are imported from the Integration are formatted with Headline/Title case
"Department"
The alpha dash, lowercase abbreviated name of the dimension that is safe to use in email handles and URL paths
"dept"
If enabled, a Directory Attribute record is automatically created for each Dimension Attribute value from the unique Identity metadata profile_key values
If disabled, Attributes in this Dimension will not appear in the list of available options when creating a Rule Condition.
This is used when you want to have metadata about users but do not want future maintenance burden with rulesets using this data
Users will be automatically deprecated if they no longer qualify for at least one rule in the ruleset.
The expires_after_days value determines how many days after they no longer qualify that they still
have access for a graceful transition period when users change job roles.
The value is inherited from the Workspace > Dimension > Attribute/Resource > Rule and can be overridden at
any level to provide shorter revoke time controls when needed.
If the value is 0, this skips the grace period and revokes access immediately after expires_at.
By default, users have perpetual access (as Policy Users) as long as their attributes continue to match
the conditions for the rule. If the rule is designed for just-in-time or short term access, you can
set the expires_at date for all conditional users to be deprecated at that time.
You can use expires_at and expires_after_days=0 together to revoke access immediately.
Best Practice: You should the "low risk" sensible default (ex. 30 days) at the Dimension level and set more strict values at the Attribute/Resource levels where an exception needs to be granted
30
The dimension's custom key/value metadata added by someone or automation in your organization
The timestamps for the directory dimension record
Counts of related resources.
directory_attributes: int|null workspace_logs_parent: int|null, workspace_logs_record: int|null, workspace_logs_related: int|null, }
Included related resources
API hyperlinks related to the directory dimension record