BSIDCA endpoints

The WSDL BSIDCA API is a SafeNet management web API that is used for connecting and managing accounts using operator/account manager credentials as configured in the console. This web service requires the session state to function.

The following BSIDCA endpoints are supported.

Accounts

GetAccount Get the account details of a single child account.

GetAccountManagers Get a list of account managers in the given account.

GetAccounts Get a table of all accounts under the account that the current operator belongs to. This list will be automatically filtered for the operator scope.

Authentication activity and metrics

GetAuthenticationActivity Get authentication activity for the account. User name is optional. AuthResult can be none for all results.

GetAuthenticationMetrics Get a summary of recent authentication activity for the current day, week to date, last week, month to date, last month, year to date and last year. User name is optional.

GetSimpleAuthMetrics Gets a simple list of pass/fail/total authentications for a user's token.

Auth nodes

AddAuthNode Adds an auth node to the account. IP addresses associated with the auth node must be system wide unique. Nodes can be used to add realms and provide common authentication points for child accounts.

GetAuthNode Get an auth node in the account.

GetAuthNodes Get a table of the auth nodes in the account.

RemoveAuthNode Remove an auth node from the account.

UpdateAuthNode Update an auth node in the account

Capacity

AllocateCapacity Allocate capacity to a child account.

DeallocateCapacity De-allocate capacity from a child account.

Connection

Connect Connect to BlackShield. Mandatory first call for using this webservice. Used to authenticate an operator with permissions to use the control API.

PingConnection ServicePing

Containers

AddContainer Add container to the account

GetContainers Get a list of containers in the account

RemoveContainer Remove a container from an account

UpdateContainer Update the container

Delegation code

ActivateDelegationCode Activate a delegation code that has been used by another account and is waiting approval.

CreateDelegationCode Create a new delegation code for external management of another account.

GetDelegationCodes Get a list of delegation codes in the account.

RemoveDelegationCode Remove a delegation code and all associated rights from the account.

Enrollment

GetEnrollmentURL Gets the self-enrollment URL for a given user's provisioning task.

GetFileForShortCode This function is used to provide the token files for download for any mobile devices. The short code will be passed as a parameter to the web page that uses this function. The resource URL is the web directory in which support files for mobile tokens (such as the Blackberry JAuthenticator.jar) is located. Pass in null to use the default resource URL.

GetSelfEnrollmentPolicy Get the self enrollment policy that affects the given enrollment request

ProcessEnrollment This function can be used to enroll a provisioned token to a user. To begin, call with the enrollment code. Return codes will prompt for more information for next call or end in a terminating state.

ProcessEnrollmentWithHost This function can be used to enroll a provisioned token to a user. To begin, call with the enrollment code. Return codes will prompt for more information for next call or end in a terminating state.

SelectEnrollmentSoftwareType This function is used to select the kind of deployment to use for software token provisioning.

SendEnrollmentEMail This function is used to send any e-mail messages that you were told to send when either selecting the software token type or while processing the enrollment. The message and mobile are optional and defaults will be used if they are not provided. The short code URL is a URL of a web site that the user may be redirected to from their mobile device. If you provide this URL, the page indicated must take a post parameter of 'sc' for the short code. This page should then send the contents of the file provided by GetFileForShortCode()

SendEnrollmentSMS This function is used to send any SMS messages that you were told to send when either selecting the software token type or while processing the enrollment. The message and mobile are optional and defaults will be used if they are not provided. The short code URL is a URL of a web site that the user may be redirected to from their mobile device. If you provide this URL, the page indicated must take a post parameter of 'sc' for the short code. This page should then send the contents of the file provided by GetFileForShortCode()

GrIDsure tokens

AllocateGrIDsure Allocate GrIDsure tokens to a child account.

AuthenticateGrIDsureToken Authenticate a GrIDsure token.

DeallocateGrIDsure De-allocate GrIDsure tokens from a child account.

GetGrIDsurechallenge Get a GrIDsure token challenge.

ProvisionUsersGrIDsureTokens Provisions a list of users a token of a given class. SMS tokens will be instantly provisioned, all other types will have provisioning tasks added for the users.

ResetGrIDsureTokenPIP Reset the PIP for a GrIDsure token using an initialization key from getGrIDsureTokenInitKey and the correct response.

getGrIDsureToken Get the GrIDsure token for a given user.

getGrIDsureTokenInitKey Get the initialization kSey for a GrIDsure token.## Hardware tokens

Groups

AddGroup Add a group to the account.

AddUsersToGroup User becomes a member of the group. Group membership is explicit by name. Read only or writable does not matter.

GetGroups Get a list of the groups in the account.

RemoveGroup Remove a writable group from the account.

RemoveUserFromGroup Removes users group membership.

UpdateGroup Update a group in the account. Applies to writable groups only.

Hardware tokens

AllocateHardware Allocate hardware tokens to a child account. This includes KT, RB and OATH tokens.

DeallocateHardware De-allocate hardware tokens from a child account. This includes KT, RB and OATH tokens.

MobilePASS tokens

AllocateMobilePASS Allocate software tokens to a child account. This is for MobilePASS tokens only.

DeallocateMobilePASS De-allocate software tokens from a child account. This is for MobilePASS tokens only.

GetMobilePASSProvisioningActivationCode Gets the base64 activation code for a user's MobilePASS provisioning task.

Operators

AddExternalOperator Add an External Operator using a delegation code for external management of another account.

AddOperator Adds an operator to a child account. If the account is a service provider, the created operator will have administrator permissions on the account as well.

GetExternalOperators Get a list of external operators in the given account.

GetOperators Get a list of operators in the given account.

Organizations

AddOrganization Add a new organization under the current account. Current account must be a service provider.

GetBmcFile Get BMC file for the organization

RemoveOrganization Remove an existing organization from the system. All tokens and capacity must be de-allocated before being removed.

UpdateOrganization Update the account details of a child account.

Passwords

AssignStaticPassword Assigns a static password to a user.

GetPasswordPolicy Return the static password policy

RevokeStaticPassword Revokes a user's static password.

PINs

GetRandomTokenPIN Get a random server side PIN that complies with the current server side PIN policy.

GetServerPINPolicy Get the server side PIN policy for tokens.

SetTokenPIN Set a token's server side PIN, optionally requiring a PIN change.

Provisioning requests

AddCustomTypeProvisioningRequest Adds a user's request to be provisioned a token. Gets added to the pending provisioning request list.

AddProvisioningRequest Adds a user's request to be provisioned a token. Gets added to the pending provisioning request list.

DenyProvisioningRequest Denies a pending provisioning request.

GetPendingProvisioningRequests Gets a table of all pending provisioning requests for the organization you are logged in to.

UpdateProvisioningRequest Updates a provisioning request.

Provisioning tasks

GetProvisioningTaskCount Gets the number of provisioning tasks in the organization.

GetProvisioningTaskDetails Gets detailed information on a specific provisioning task.

GetProvisioningTasks Gets a list of all provisioning tasks in the organization.

GetProvisioningTasksForUser Gets a list of all provisioning tasks in the organization.

GetProvisioningTasksForUserCount Gets the number of provisioning tasks in the organization.

RemoveProvisioningTask Removes an existing provisioning task, optionally sending a notification e-mail to all the users that this affects.

RemoveUsersFromProvisioningTask Removes specific users from a given provisioning task, optionally sending a notification e-mail to them.

UpdateProvisioningStopDate Updates the expiry date of a provisioning task for the given users. Used to extent a provisioning task that users may not have had the time to complete.

RADIUS

AddRADIUSAttributeToGroup Add RADIUS attribute to a group. To add a multi value attribute, add the attribute once for each value of the attribute.

AddRADIUSAttributeToUser Add a RADIUS attribute to a user. To add a multi value attribute, add the attribute once for each value of the attribute.

GetRADIUSAttribute Get a RADIUS attribute by vendor name and attribute name.

GetRADIUSAttributesForGroup Get a list of RADIUS attributes associated with a group. Multi value attributes appear as multiple attributes of the same type/ID with different values.

GetRADIUSAttributeForVendor Get a list of all RADIUS attributes for the vendor.

GetRADIUSAttributesForUser Get a list of RADIUS attributes associated with a user. Multi value attributes appear as multiple attributes of the same type/ID with different values.

GetRADIUSVendors Gets a list of all vendors for which RADIUS attributes are available.

RemoveRADIUSAttributeFromGroup Remove a RADIUS attribute from a group. Exact value to remove must be specified.

RemoveRADIUSAttributeFromUser Remove a RADIUS attribute from a user. Exact value to remove must be specified.

Reports

GetAvailableReport Get an available report to edit and save. Note: Report columns and report filter definitions are read only except for the report columns .IsIncluded property.

GetAvailableReports Get All report available at a given level to customize. Optionally filter by report class.

GetFinishedReports Get a table of all reports that have been run.

GetReportOutput Get the results of a report. Returned information is UTF-8 encoded text. Output can be in CSV, TSV, or HTML Table format. scheduledTime parameter MUST be a string representing DateTimeOffset in ISO-8601 format (yyyy-MM-ddTHH:mm:ss.fffffffzzzz). C# .Net Example: System.DateTimeOffset datef = System.DateTimeOffset.ParseExact('2015-06-11T00:00:00.0000000-04:00', 'o', CultureInfo.InvariantCulture); string dtf = datef.ToString('yyyy-MM-ddTHH:mm:ss.fffffffzzzz');

GetSavedReport Get a previously saved report.

GetSavedReports Get a table of all previously saved reports.

GetScheduledReport Get a report that was previously scheduled.

GetScheduledReports Get a table of all report scheduled to run.

RemoveFinishedReport Remove a finished report from the system.
NOTE: The results of this report will no longer be available after removal. scheduledTime parameter MUST be a string representing DateTimeOffset in ISO-8601 format (yyyy-MM-ddTHH:mm:ss.fffffffzzzz). C# .Net Example: System.DateTimeOffset datef = System.DateTimeOffset.ParseExact('2015-06-11T00:00:00.0000000-04:00', 'o', CultureInfo.InvariantCulture); string dtf = datef.ToString('yyyy-MM-ddTHH:mm:ss.fffffffzzzz');

RemoveReport Remove a report that had been previously saved.

RemoveScheduledReport Remove a scheduled report.

SaveReport Save a customized report. This allows the report to scheduled. All reports must have at least one operator/account manager/external operator. Note: Report columns and report filter definitions are read only except for the report columns .IsIncluded property.

ScheduleReport Schedule a report to run at a given time. Note: Report columns and report filter definitions are read only except for the report columns .IsIncluded property.

ScheduleReportToRunNow Schedule a report to run as soon as possible.

UpdateReport Update a saved report with new information. Note: Report columns and report filter definitions are read only except for the report columns .IsIncluded property.

UpdateScheduledReport Update a previously scheduled report. Note: Report columns and report filter definitions are read only except for the report columns .IsIncluded property.

SMS

AllocateSMSCredits Allocate SMS credits to a child account. SMS credits are not only required for SMS tokens, but for all SMS notification generated by the system. If your account has it's own SMS configuration, allocation of SMS credits does not require SMS credits.

DeallocateSMSCredits De-allocate SMS credits from a child account.

RequestSMS Used to request that a new SMS message be sent to a user. This requires their PIN for validation.

Software tokens

AllocateSoftware Allocate software tokens to a child account. This is for MP tokens only. (SMS tokens are MP tokens issued to a SMS end point.)

DeallocateSoftware De-allocate software tokens from a child account. This is for MP tokens only. (SMS tokens are MP tokens issued to an SMS end point.)

Tokens

ActivateToken Activates a token and optionally forces a PIN change/resets the current PIN.

AssignToken Assigns a token to a user.

ConfirmRequestToken Mark a token request as confirmed.

GetChallengeImage Returns a JPG image for custom token challenges (if applicable).

GetFixSerial Converts a user input serial number into a server serial number using any custom type tokens that a user has as a reference point. Used when asking a user to input a serial number into a self service style web page.

GetToken Get a token.

GetTokenChallenge Gets a challenge to use for resyncing a token.

GetTokenEventCounter Gets the token event counter value for a token. For Event Based tokens, pass in the serial number and the org name.

GetTokenRequestTable Gets a table of token types that are requestable.

GetTokenSubTargets This function can be used to get a list of available sub targets for the desired software target.

GetTokenTargets This function can be used to get a list of available sub targets for the desired software target.

GetTokenTemplateForToken Get the template settings for a token.

GetToken Get token details.

GetTokens Gets a table of tokens filtered by State/Type/Serial/Container. Paging available.

GetTokensByOwner Gets a list of serial numbers of all tokens assigned to a user.

GetTotalTokens Gets the total number of tokens filtered by State/Type/Serial/Container.

ImportTokens Import a BTK file of tokens. Can optionally apply the server side PIN settings to all tokens with no PIN. Can optionally overwrite all existing tokens of the same serial number.

MoveTokens Move tokens from one container to another. Assigned tokens can not be moved.

RemoveToken Remove a token from the system. This only applies to hardware tokens that you own.

RequestToken Request a token.

ResyncToken Resyncs a token against a given challenge. For Timebased, OATH or SecurID tokens, pass in one OTP in the challenge, and the next OTP in the OTP.

ResyncTokenUsingCounter Updates token event counter against a given serial number of token.

RevokeToken Revoke an assigned token from a user.

SuspendToken Suspend a user's token and optionally assigns a temporary static password.

TestToken Tests a token for authentication.

Users

AddUser Add a new user to the given organization. User name must be unique in the organization to which it is added.

AddUserWithAlias Add a new user with alias to the given organization. User name must be unique in the organization to which it is added.

GetUser Gets a user.

GetUserAlias Gets a user's alias.

GetUserInOperatorOrganization Gets a user in the same organization as the current operator.

GetUsers Gets a table of user information matching the provided filters.

GetUsersForContainer Get a list of users in the container

GetUsersForGroup Gets a list of users based on search criteria. Can search for all members of a group or all users who are not a member of a given group.

MoveUsers Moves users and their tokens to a new container.

ProvisionUsers Provisions a list of users a token of a given class. SMS tokens will be instantly provisioned, all other types will have provisioning tasks added for the users.

RemoveUser Removes an existing user and revokes their tokens.

UpdateUser Updates an existing user in the system.

UpdateUserWithAlias Updates an existing user with alias in the system.

Deprecated endpoints

Deprecated endpoints are no longer supported and may also no longer be functional.

ICE tokens

AllocateICE Allocate ICE capacity to a child account. ICE tokens will automatically be allocated to the child account if required and available to be allocated.

DeallocateICE De-allocate ICE capacity from a child account.

MobilePASS

GetTokenFile Gets a token file. Used for issuing MP-1 tokens that are assigned to users. NOTE: Calling this function will re-initialize the MP on the server.

RSA SecurID tokens

AllocateRSA Allocate RSA SecurID tokens to a child account.

DeallocateRSA De-allocate RSA SecurID tokens from a child account.

Shibboleth

AddShibbolethNode Create a new Shibboleth Node.

RemoveShibbolethNode Remove a Shibboleth Node.

SIM tokens

ReprovisionAllSIMTokens Reprovision all of a SIM's tokens.

RevokeAllSIMTokens Revokes all of a SIM's tokens.

Users

AddSamlUserExtension Add a SAML service to a user.