Skip to main content

General information

You can use the Axidian Access API to integrate with applications.

This section describes the main points and common parameters that are required for using the Axidian API.

API request

To access a method, you need to perform a POST request, or for some methods a GET request, to http(s)://<dns_axidian_server>/am/core/<url_api_method>, where:

  • dns_axidian_server — the full DNS name of the server where Axidian Access Server is deployed;
  • url_api_method — the address of the corresponding method; the addresses are specified in the method documentation, or in Swagger.

Example for the authenticateByWindowsToken method, where the DNS name of the Axidian Access server is axidian.access.local:

https://axidian.access.local/am/core/api/v5/logon/authenticateByWindowsToken
Important!

When using the HTTPS protocol, upload a valid certificate to the Axidian Access server.

UserId

This parameter specifies the unique identifier of the user from the Axidian system.

The identifier consists of a string ID specified in the AM web.config in the userId parameter, and the user's objectGuid from Active Directory.

For example, the userId parameter specifies the user's GUID value 10efa04f-7ba9-47d8-89db-56e166f1679f. The user's UserId will be UserId\_10efa04f-7ba9-47d8-89db-56e166f1679f.

To obtain the userId, you can use the [POST]/api/v5/user/searchUserId method.

modeId

The unique identifier of an Axidian authentication method.

Authentication methods:

  • Windows Password Provider {CF189AF5-01C5-469D-A859-A8F2F41ED153}
  • Smart Card Provider {0AF65AD8-DB77-4B64-B489-958D9B36E28C}
    • +PIN {42456525-8EC1-4AB1-97B8-45AF8635D10F}
  • IronLogic Z2USB Provider {CB5109DA-B575-422C-8805-524FE12B02F5}
    • +PIN {1EDFD6E1-FD66-4A5B-971A-CBA0C611BA9B}
  • OMNIKEY Provider {4B15AF52-A795-4CA6-B7CD-CDB8ABF2D2C2}
    • +PIN {199B8FA8-FA9D-4ED8-941D-F86A5C681E0C}
  • Futronic Provider {A0EF00AD-1EEB-4D48-8BCF-06E19CD5585F}
  • Passcode Provider {F696F05D-5466-42b4-BF52-21BEE1CB9529}
  • Email OTP Provider {093F612B-727E-44E7-9C95-095F07CBB94B}
  • Hardware TOTP Provider {CEB3FEAF-86ED-4A5A-BD3F-6A7B6E60CA05}
  • HOTP Provider {CEB3FEAF-86ED-4A5A-BD3F-6A7B6E60CA05}
  • Storage SMS OTP Provider {3F2C1156-B5AF-4643-BFCB-9816012F3F34}
  • Telegram Provider {CA4645CC-5896-485E-A6CA-011FCC20DF1D}
  • SMS OTP Provider {EBB6F3FA-A400-45F4-853A-D517D89AC2A3}
  • Software OTP Provider {0FA7FDB4-3652-4B55-B0C0-469A1E9D31F0}
  • Axidian Key Provider {DEEF0CB8-AD2F-4B89-964A-B6C7ECA80C68}
  • MFA Provider {070719BA-EB57-4EA8-BB4D-D15A33E7363D}

To obtain all the authentication methods installed on the Axidian Access server, you can use the [GET]/api/v5/authenticationProvider/getAll method.

ApplicationId

Internal module

Important!

A license is not required to work with an internal module; it is enough to have rights to the operations provided by the internal modules.

The functionality of Access Manager is divided into groups that are handled by internal modules. They implement the internal business logic of the solution. Their string identifiers are used to access different parts of the Core Server API.

Internal modules of Core Server:

  • User Profile Setting Management,
  • User Access Control Management,
  • Hardware Devices Management,
  • License Management,
  • Authenticator Management,
  • Authenticator Enrollment,
  • User Accounts Management,
  • Policy Management,
  • User Cache Management,
  • Business Applications Management.

In addition, there is also a set of internal applications:

  • Enterprise Management Console,
  • Self Service,
  • Native Enroller.

Integration module

Important!

To work with integration modules, a license for the corresponding module is required.

This is a module that implements the interconnection of Access Manager and external systems with which the integration is performed. These include:

  • Windows Logon,
  • Enterprise SSO,
  • IIS Extension,
  • NPS RADIUS Extension,
  • Identity Provider,
  • ADFS Extension,
  • RDP Windows Logon,
  • Authentication API.

Integration modules can be a single business application, for example Windows Logon, or can have a set of business applications that can be added or removed, for example the Enterprise SSO module. It provides the ability to integrate with different types of user applications (desktop or web applications), and for each one you need to create a separate ESSO business application: 1C, Lotus Notes, and so on.

Policy identifier

To find out the policy identifier, do the following:

  1. Open the Management Console.
  2. Go to the Policies tab.
  3. Select the target policy.
  4. Copy the policy identifier from the policyId parameter in the URL.