sailpoint-api-client 1.5.0 → 1.6.0

package/dist/v2025/api.d.ts

@@ -2156,6 +2156,63 @@ export interface AccessRequestDynamicApproverV2025 {
      */
     'requestedBy': AccessItemRequesterDtoV2025;
 }
+/**
+ *
+ * @export
+ * @interface AccessRequestItem1V2025
+ */
+export interface AccessRequestItem1V2025 {
+    /**
+     * The type of the item being requested.
+     * @type {string}
+     * @memberof AccessRequestItem1V2025
+     */
+    'type': AccessRequestItem1V2025TypeV2025;
+    /**
+     * ID of Role, Access Profile or Entitlement being requested.
+     * @type {string}
+     * @memberof AccessRequestItem1V2025
+     */
+    'id': string;
+    /**
+     * Comment provided by requester. * Comment is required when the request is of type Revoke Access.
+     * @type {string}
+     * @memberof AccessRequestItem1V2025
+     */
+    'comment'?: string;
+    /**
+     * Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status.
+     * @type {{ [key: string]: string; }}
+     * @memberof AccessRequestItem1V2025
+     */
+    'clientMetadata'?: {
+        [key: string]: string;
+    };
+    /**
+     * The date the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date. * Specify a date in the future. * The current SLA for the deprovisioning is 24 hours. * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration.
+     * @type {string}
+     * @memberof AccessRequestItem1V2025
+     */
+    'removeDate'?: string;
+    /**
+     * The assignmentId for a specific role assignment on the identity. This id is used to revoke that specific roleAssignment on that identity. * For use with REVOKE_ACCESS requests for roles for identities with multiple accounts on a single source.
+     * @type {string}
+     * @memberof AccessRequestItem1V2025
+     */
+    'assignmentId'?: string | null;
+    /**
+     * The \'distinguishedName\' field for an account on the identity, also called nativeIdentity. This nativeIdentity is used to revoke a specific attributeAssignment on the identity. * For use with REVOKE_ACCESS requests for entitlements for identities with multiple accounts on a single source.
+     * @type {string}
+     * @memberof AccessRequestItem1V2025
+     */
+    'nativeIdentity'?: string | null;
+}
+export declare const AccessRequestItem1V2025TypeV2025: {
+    readonly AccessProfile: "ACCESS_PROFILE";
+    readonly Role: "ROLE";
+    readonly Entitlement: "ENTITLEMENT";
+};
+export type AccessRequestItem1V2025TypeV2025 = typeof AccessRequestItem1V2025TypeV2025[keyof typeof AccessRequestItem1V2025TypeV2025];
 /**
  *
  * @export
@@ -2904,6 +2961,12 @@ export interface AccessRequestV2025 {
     'clientMetadata'?: {
         [key: string]: string;
     };
+    /**
+     * Additional submit data structure with requestedFor containing requestedItems allowing distinction for each request item and Identity. * Can only be used when \'requestedFor\' and \'requestedItems\' are not separately provided * Adds ability to specify which account the user wants the access on, in case they have multiple accounts on a source * Allows the ability to request items with different remove dates * Also allows different combinations of request items and identities in the same request
+     * @type {Array<RequestedForDtoRefV2025>}
+     * @memberof AccessRequestV2025
+     */
+    'requestedForWithRequestedItems'?: Array<RequestedForDtoRefV2025> | null;
 }
 /**
  *
@@ -4428,6 +4491,62 @@ export interface AccountInfoDtoV2025 {
      */
     'uuid'?: string;
 }
+/**
+ *
+ * @export
+ * @interface AccountInfoRefV2025
+ */
+export interface AccountInfoRefV2025 {
+    /**
+     * The uuid for the account, available under the \'objectguid\' attribute
+     * @type {string}
+     * @memberof AccountInfoRefV2025
+     */
+    'uuid'?: string;
+    /**
+     * The \'distinguishedName\' attribute for the account
+     * @type {string}
+     * @memberof AccountInfoRefV2025
+     */
+    'nativeIdentity'?: string;
+    /**
+     *
+     * @type {DtoTypeV2025}
+     * @memberof AccountInfoRefV2025
+     */
+    'type'?: DtoTypeV2025;
+    /**
+     * The account id
+     * @type {string}
+     * @memberof AccountInfoRefV2025
+     */
+    'id'?: string;
+    /**
+     * The account display name
+     * @type {string}
+     * @memberof AccountInfoRefV2025
+     */
+    'name'?: string;
+}
+/**
+ *
+ * @export
+ * @interface AccountItemRefV2025
+ */
+export interface AccountItemRefV2025 {
+    /**
+     * The uuid for the account, available under the \'objectguid\' attribute
+     * @type {string}
+     * @memberof AccountItemRefV2025
+     */
+    'accountUuid'?: string | null;
+    /**
+     * The \'distinguishedName\' attribute for the account
+     * @type {string}
+     * @memberof AccountItemRefV2025
+     */
+    'nativeIdentity'?: string;
+}
 /**
  * If an account activity item is associated with an access request, captures details of that request.
  * @export
@@ -5191,6 +5310,52 @@ export interface AccountsExportReportArgumentsV2025 {
      */
     'sourceName': string;
 }
+/**
+ *
+ * @export
+ * @interface AccountsSelectionRequestV2025
+ */
+export interface AccountsSelectionRequestV2025 {
+    /**
+     * A list of Identity IDs for whom the Access is requested.
+     * @type {Array<string>}
+     * @memberof AccountsSelectionRequestV2025
+     */
+    'requestedFor': Array<string>;
+    /**
+     *
+     * @type {AccessRequestTypeV2025}
+     * @memberof AccountsSelectionRequestV2025
+     */
+    'requestType'?: AccessRequestTypeV2025 | null;
+    /**
+     *
+     * @type {Array<AccessRequestItem1V2025>}
+     * @memberof AccountsSelectionRequestV2025
+     */
+    'requestedItems': Array<AccessRequestItem1V2025>;
+    /**
+     * Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.
+     * @type {{ [key: string]: string; }}
+     * @memberof AccountsSelectionRequestV2025
+     */
+    'clientMetadata'?: {
+        [key: string]: string;
+    };
+}
+/**
+ *
+ * @export
+ * @interface AccountsSelectionResponseV2025
+ */
+export interface AccountsSelectionResponseV2025 {
+    /**
+     * A list of available account selections per identity in the request, for all the requested items
+     * @type {Array<IdentityAccountSelectionsV2025>}
+     * @memberof AccountsSelectionResponseV2025
+     */
+    'identities'?: Array<IdentityAccountSelectionsV2025>;
+}
 /**
  *
  * @export
@@ -6513,6 +6678,7 @@ export declare const AttributeDefinitionTypeV2025: {
     readonly Long: "LONG";
     readonly Int: "INT";
     readonly Boolean: "BOOLEAN";
+    readonly Date: "DATE";
 };
 export type AttributeDefinitionTypeV2025 = typeof AttributeDefinitionTypeV2025[keyof typeof AttributeDefinitionTypeV2025];
 /**
@@ -16039,6 +16205,30 @@ export interface FeatureValueDtoV2025 {
      */
     'denominator'?: number;
 }
+/**
+ *
+ * @export
+ * @interface FederationProtocolDetailsV2025
+ */
+export interface FederationProtocolDetailsV2025 {
+    /**
+     * Federation protocol role
+     * @type {string}
+     * @memberof FederationProtocolDetailsV2025
+     */
+    'role'?: FederationProtocolDetailsV2025RoleV2025;
+    /**
+     * An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP).
+     * @type {string}
+     * @memberof FederationProtocolDetailsV2025
+     */
+    'entityId'?: string;
+}
+export declare const FederationProtocolDetailsV2025RoleV2025: {
+    readonly SamlIdp: "SAML_IDP";
+    readonly SamlSp: "SAML_SP";
+};
+export type FederationProtocolDetailsV2025RoleV2025 = typeof FederationProtocolDetailsV2025RoleV2025[keyof typeof FederationProtocolDetailsV2025RoleV2025];
 /**
  *
  * @export
@@ -17229,6 +17419,182 @@ export declare const GetActiveCampaigns200ResponseInnerV2025MandatoryCommentRequ
     readonly NoDecisions: "NO_DECISIONS";
 };
 export type GetActiveCampaigns200ResponseInnerV2025MandatoryCommentRequirementV2025 = typeof GetActiveCampaigns200ResponseInnerV2025MandatoryCommentRequirementV2025[keyof typeof GetActiveCampaigns200ResponseInnerV2025MandatoryCommentRequirementV2025];
+/**
+ *
+ * @export
+ * @interface GetCampaign200ResponseV2025
+ */
+export interface GetCampaign200ResponseV2025 {
+    /**
+     * Id of the campaign
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'id'?: string | null;
+    /**
+     * The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'name': string;
+    /**
+     * The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details.
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'description': string | null;
+    /**
+     * The campaign\'s completion deadline.  This date must be in the future in order to activate the campaign.  If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'deadline'?: string | null;
+    /**
+     * The type of campaign. Could be extended in the future.
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'type': GetCampaign200ResponseV2025TypeV2025;
+    /**
+     * Enables email notification for this campaign
+     * @type {boolean}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'emailNotificationEnabled'?: boolean;
+    /**
+     * Allows auto revoke for this campaign
+     * @type {boolean}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'autoRevokeAllowed'?: boolean;
+    /**
+     * Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
+     * @type {boolean}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'recommendationsEnabled'?: boolean;
+    /**
+     * The campaign\'s current status.
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'status'?: GetCampaign200ResponseV2025StatusV2025 | null;
+    /**
+     * The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'correlatedStatus'?: GetCampaign200ResponseV2025CorrelatedStatusV2025;
+    /**
+     * Created time of the campaign
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'created'?: string | null;
+    /**
+     * The total number of certifications in this campaign.
+     * @type {number}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'totalCertifications'?: number | null;
+    /**
+     * The number of completed certifications in this campaign.
+     * @type {number}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'completedCertifications'?: number | null;
+    /**
+     * A list of errors and warnings that have accumulated.
+     * @type {Array<CampaignAlertV2025>}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'alerts'?: Array<CampaignAlertV2025> | null;
+    /**
+     * Modified time of the campaign
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'modified'?: string | null;
+    /**
+     *
+     * @type {CampaignAllOfFilterV2025}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'filter'?: CampaignAllOfFilterV2025 | null;
+    /**
+     * Determines if comments on sunset date changes are required.
+     * @type {boolean}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'sunsetCommentsRequired'?: boolean;
+    /**
+     *
+     * @type {CampaignAllOfSourceOwnerCampaignInfoV2025}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'sourceOwnerCampaignInfo'?: CampaignAllOfSourceOwnerCampaignInfoV2025 | null;
+    /**
+     *
+     * @type {CampaignAllOfSearchCampaignInfoV2025}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'searchCampaignInfo'?: CampaignAllOfSearchCampaignInfoV2025 | null;
+    /**
+     *
+     * @type {CampaignAllOfRoleCompositionCampaignInfoV2025}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'roleCompositionCampaignInfo'?: CampaignAllOfRoleCompositionCampaignInfoV2025 | null;
+    /**
+     *
+     * @type {CampaignAllOfMachineAccountCampaignInfoV2025}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'machineAccountCampaignInfo'?: CampaignAllOfMachineAccountCampaignInfoV2025 | null;
+    /**
+     * A list of sources in the campaign that contain \\\"orphan entitlements\\\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
+     * @type {Array<CampaignAllOfSourcesWithOrphanEntitlementsV2025>}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'sourcesWithOrphanEntitlements'?: Array<CampaignAllOfSourcesWithOrphanEntitlementsV2025> | null;
+    /**
+     * Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'mandatoryCommentRequirement'?: GetCampaign200ResponseV2025MandatoryCommentRequirementV2025;
+}
+export declare const GetCampaign200ResponseV2025TypeV2025: {
+    readonly Manager: "MANAGER";
+    readonly SourceOwner: "SOURCE_OWNER";
+    readonly Search: "SEARCH";
+    readonly RoleComposition: "ROLE_COMPOSITION";
+    readonly MachineAccount: "MACHINE_ACCOUNT";
+};
+export type GetCampaign200ResponseV2025TypeV2025 = typeof GetCampaign200ResponseV2025TypeV2025[keyof typeof GetCampaign200ResponseV2025TypeV2025];
+export declare const GetCampaign200ResponseV2025StatusV2025: {
+    readonly Pending: "PENDING";
+    readonly Staged: "STAGED";
+    readonly Canceling: "CANCELING";
+    readonly Activating: "ACTIVATING";
+    readonly Active: "ACTIVE";
+    readonly Completing: "COMPLETING";
+    readonly Completed: "COMPLETED";
+    readonly Error: "ERROR";
+    readonly Archived: "ARCHIVED";
+};
+export type GetCampaign200ResponseV2025StatusV2025 = typeof GetCampaign200ResponseV2025StatusV2025[keyof typeof GetCampaign200ResponseV2025StatusV2025];
+export declare const GetCampaign200ResponseV2025CorrelatedStatusV2025: {
+    readonly Correlated: "CORRELATED";
+    readonly Uncorrelated: "UNCORRELATED";
+};
+export type GetCampaign200ResponseV2025CorrelatedStatusV2025 = typeof GetCampaign200ResponseV2025CorrelatedStatusV2025[keyof typeof GetCampaign200ResponseV2025CorrelatedStatusV2025];
+export declare const GetCampaign200ResponseV2025MandatoryCommentRequirementV2025: {
+    readonly AllDecisions: "ALL_DECISIONS";
+    readonly RevokeOnlyDecisions: "REVOKE_ONLY_DECISIONS";
+    readonly NoDecisions: "NO_DECISIONS";
+};
+export type GetCampaign200ResponseV2025MandatoryCommentRequirementV2025 = typeof GetCampaign200ResponseV2025MandatoryCommentRequirementV2025[keyof typeof GetCampaign200ResponseV2025MandatoryCommentRequirementV2025];
 /**
  * @type GetDiscoveredApplications200ResponseInnerV2025
  * @export
@@ -17790,6 +18156,43 @@ export type IdentityAccessV2025 = {
 } & AccessProfileEntitlementV2025 | {
     type: 'ROLE';
 } & AccessProfileRoleV2025;
+/**
+ *
+ * @export
+ * @interface IdentityAccountSelectionsV2025
+ */
+export interface IdentityAccountSelectionsV2025 {
+    /**
+     * Available account selections for the identity, per requested item
+     * @type {Array<RequestedItemAccountSelectionsV2025>}
+     * @memberof IdentityAccountSelectionsV2025
+     */
+    'requestedItems'?: Array<RequestedItemAccountSelectionsV2025>;
+    /**
+     * A boolean indicating whether any account selections will be required for the user to raise an access request
+     * @type {boolean}
+     * @memberof IdentityAccountSelectionsV2025
+     */
+    'accountsSelectionRequired'?: boolean;
+    /**
+     *
+     * @type {DtoTypeV2025}
+     * @memberof IdentityAccountSelectionsV2025
+     */
+    'type'?: DtoTypeV2025;
+    /**
+     * The identity id for the user
+     * @type {string}
+     * @memberof IdentityAccountSelectionsV2025
+     */
+    'id'?: string;
+    /**
+     * The name of the identity
+     * @type {string}
+     * @memberof IdentityAccountSelectionsV2025
+     */
+    'name'?: string;
+}
 /**
  *
  * @export
@@ -19073,6 +19476,165 @@ export interface IdentityEntitiesV2025 {
      */
     'identityEntity'?: IdentityEntitiesIdentityEntityV2025;
 }
+/**
+ *
+ * @export
+ * @interface IdentityEntitlementDetailsAccountTargetV2025
+ */
+export interface IdentityEntitlementDetailsAccountTargetV2025 {
+    /**
+     * The id of account
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'accountId'?: string;
+    /**
+     * The name of account
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'accountName'?: string;
+    /**
+     * The UUID representation of the account if available
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'accountUUID'?: string | null;
+    /**
+     * The id of Source
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'sourceId'?: string;
+    /**
+     * The name of Source
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'sourceName'?: string;
+    /**
+     * The removal date scheduled for the entitlement on the Identity
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'removeDate'?: string | null;
+    /**
+     * The assignmentId of the entitlement on the Identity
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'assignmentId'?: string | null;
+    /**
+     * If the entitlement can be revoked
+     * @type {boolean}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'revocable'?: boolean;
+}
+/**
+ *
+ * @export
+ * @interface IdentityEntitlementDetailsEntitlementDtoV2025
+ */
+export interface IdentityEntitlementDetailsEntitlementDtoV2025 {
+    /**
+     * The entitlement id
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'id'?: string;
+    /**
+     * The entitlement name
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'name'?: string;
+    /**
+     * Time when the entitlement was last modified
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'created'?: string;
+    /**
+     * Time when the entitlement was last modified
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'modified'?: string;
+    /**
+     * The description of the entitlement
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'description'?: string | null;
+    /**
+     * The type of the object, will always be \"ENTITLEMENT\"
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'type'?: string;
+    /**
+     * The source ID
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'sourceId'?: string;
+    /**
+     * The source name
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'sourceName'?: string;
+    /**
+     *
+     * @type {OwnerDtoV2025}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'owner'?: OwnerDtoV2025;
+    /**
+     * The value of the entitlement
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'value'?: string;
+    /**
+     * a list of properties informing the viewer about the entitlement
+     * @type {Array<string>}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'flags'?: Array<string>;
+}
+/**
+ *
+ * @export
+ * @interface IdentityEntitlementDetailsV2025
+ */
+export interface IdentityEntitlementDetailsV2025 {
+    /**
+     * Id of Identity
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsV2025
+     */
+    'identityId'?: string;
+    /**
+     *
+     * @type {IdentityEntitlementDetailsEntitlementDtoV2025}
+     * @memberof IdentityEntitlementDetailsV2025
+     */
+    'entitlement'?: IdentityEntitlementDetailsEntitlementDtoV2025;
+    /**
+     * Id of Source
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsV2025
+     */
+    'sourceId'?: string;
+    /**
+     * A list of account targets on the identity provisioned with the requested entitlement.
+     * @type {Array<IdentityEntitlementDetailsAccountTargetV2025>}
+     * @memberof IdentityEntitlementDetailsV2025
+     */
+    'accountTargets'?: Array<IdentityEntitlementDetailsAccountTargetV2025>;
+}
 /**
  *
  * @export
@@ -19916,6 +20478,102 @@ export interface IdentityWithNewAccessV2025 {
      */
     'accessRefs': Array<IdentityWithNewAccessAccessRefsInnerV2025>;
 }
+/**
+ *
+ * @export
+ * @interface IdpDetailsV2025
+ */
+export interface IdpDetailsV2025 {
+    /**
+     * Federation protocol role
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'role'?: IdpDetailsV2025RoleV2025;
+    /**
+     * An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP).
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'entityId'?: string;
+    /**
+     * Defines the binding used for the SAML flow. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'binding'?: string;
+    /**
+     * Specifies the SAML authentication method to use. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'authnContext'?: string;
+    /**
+     * The IDP logout URL. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'logoutUrl'?: string;
+    /**
+     * Determines if the configured AuthnContext should be used or the default. Used with IDP configurations.
+     * @type {boolean}
+     * @memberof IdpDetailsV2025
+     */
+    'includeAuthnContext'?: boolean;
+    /**
+     * The name id format to use. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'nameId'?: string;
+    /**
+     *
+     * @type {JITConfigurationV2025}
+     * @memberof IdpDetailsV2025
+     */
+    'jitConfiguration'?: JITConfigurationV2025;
+    /**
+     * The Base64-encoded certificate used by the IDP. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'cert'?: string;
+    /**
+     * The IDP POST URL, used with IDP HTTP-POST bindings for IDP-initiated logins. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'loginUrlPost'?: string;
+    /**
+     * The IDP Redirect URL. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'loginUrlRedirect'?: string;
+    /**
+     * Return the saml Id for the given user, based on the IDN as SP settings of the org. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'mappingAttribute': string;
+    /**
+     * The expiration date extracted from the certificate.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'certificateExpirationDate'?: string;
+    /**
+     * The name extracted from the certificate.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'certificateName'?: string;
+}
+export declare const IdpDetailsV2025RoleV2025: {
+    readonly SamlIdp: "SAML_IDP";
+    readonly SamlSp: "SAML_SP";
+};
+export type IdpDetailsV2025RoleV2025 = typeof IdpDetailsV2025RoleV2025[keyof typeof IdpDetailsV2025RoleV2025];
 /**
  *
  * @export
@@ -20349,6 +21007,33 @@ export interface InvocationV2025 {
      */
     'contentJson'?: object;
 }
+/**
+ *
+ * @export
+ * @interface JITConfigurationV2025
+ */
+export interface JITConfigurationV2025 {
+    /**
+     * The indicator for just-in-time provisioning enabled
+     * @type {boolean}
+     * @memberof JITConfigurationV2025
+     */
+    'enabled'?: boolean;
+    /**
+     * the sourceId that mapped to just-in-time provisioning configuration
+     * @type {string}
+     * @memberof JITConfigurationV2025
+     */
+    'sourceId'?: string;
+    /**
+     * A mapping of identity profile attribute names to SAML assertion attribute names
+     * @type {{ [key: string]: string; }}
+     * @memberof JITConfigurationV2025
+     */
+    'sourceAttributeMappings'?: {
+        [key: string]: string;
+    };
+}
 /**
  * A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)
  * @export
@@ -20690,6 +21375,7 @@ export interface LifecyclestateDeletedV2025 {
 }
 export declare const LifecyclestateDeletedV2025TypeV2025: {
     readonly LifecycleState: "LIFECYCLE_STATE";
+    readonly TaskResult: "TASK_RESULT";
 };
 export type LifecyclestateDeletedV2025TypeV2025 = typeof LifecyclestateDeletedV2025TypeV2025[keyof typeof LifecyclestateDeletedV2025TypeV2025];
 /**
@@ -21416,6 +22102,31 @@ export interface LocalizedMessageV2025 {
      */
     'message': string;
 }
+/**
+ *
+ * @export
+ * @interface LockoutConfigurationV2025
+ */
+export interface LockoutConfigurationV2025 {
+    /**
+     * The maximum attempts allowed before lockout occurs.
+     * @type {number}
+     * @memberof LockoutConfigurationV2025
+     */
+    'maximumAttempts'?: number;
+    /**
+     * The total time in minutes a user will be locked out.
+     * @type {number}
+     * @memberof LockoutConfigurationV2025
+     */
+    'lockoutDuration'?: number;
+    /**
+     * A rolling window where authentication attempts in a series count towards the maximum before lockout occurs.
+     * @type {number}
+     * @memberof LockoutConfigurationV2025
+     */
+    'lockoutWindow'?: number;
+}
 /**
  * The definition of an Identity according to the Reassignment Configuration service
  * @export
@@ -27343,7 +28054,7 @@ export interface ProvisioningPolicyDtoV2025 {
      * @type {string}
      * @memberof ProvisioningPolicyDtoV2025
      */
-    'name': string;
+    'name': string | null;
     /**
      * the description of the provisioning policy
      * @type {string}
@@ -27374,7 +28085,7 @@ export interface ProvisioningPolicyV2025 {
      * @type {string}
      * @memberof ProvisioningPolicyV2025
      */
-    'name': string;
+    'name': string | null;
     /**
      * the description of the provisioning policy
      * @type {string}
@@ -28865,6 +29576,80 @@ export interface RequestedAccountRefV2025 {
      */
     'sourceName'?: string;
 }
+/**
+ *
+ * @export
+ * @interface RequestedForDtoRefV2025
+ */
+export interface RequestedForDtoRefV2025 {
+    /**
+     * The identity id for which the access is requested
+     * @type {string}
+     * @memberof RequestedForDtoRefV2025
+     */
+    'identityId': string;
+    /**
+     * the details for the access items that are requested for the identity
+     * @type {Array<RequestedItemDtoRefV2025>}
+     * @memberof RequestedForDtoRefV2025
+     */
+    'requestedItems': Array<RequestedItemDtoRefV2025>;
+}
+/**
+ *
+ * @export
+ * @interface RequestedItemAccountSelectionsV2025
+ */
+export interface RequestedItemAccountSelectionsV2025 {
+    /**
+     * The description for this requested item
+     * @type {string}
+     * @memberof RequestedItemAccountSelectionsV2025
+     */
+    'description'?: string;
+    /**
+     * This field indicates if account selections are not allowed for this requested item. * If true, this field indicates that account selections will not be available for this item and user combination. In this case, no account selections should be provided in the access request for this item and user combination, irrespective of whether the user has single or multiple accounts on a source. * An example is where a user is requesting an access profile that is already assigned to one of their accounts.
+     * @type {boolean}
+     * @memberof RequestedItemAccountSelectionsV2025
+     */
+    'accountsSelectionBlocked'?: boolean;
+    /**
+     * If account selections are not allowed for an item, this field will denote the reason.
+     * @type {string}
+     * @memberof RequestedItemAccountSelectionsV2025
+     */
+    'accountsSelectionBlockedReason'?: string | null;
+    /**
+     * The type of the item being requested.
+     * @type {string}
+     * @memberof RequestedItemAccountSelectionsV2025
+     */
+    'type'?: RequestedItemAccountSelectionsV2025TypeV2025;
+    /**
+     * The id of the requested item
+     * @type {string}
+     * @memberof RequestedItemAccountSelectionsV2025
+     */
+    'id'?: string;
+    /**
+     * The name of the requested item
+     * @type {string}
+     * @memberof RequestedItemAccountSelectionsV2025
+     */
+    'name'?: string;
+    /**
+     * The details for the sources and accounts for the requested item and identity combination
+     * @type {Array<SourceAccountSelectionsV2025>}
+     * @memberof RequestedItemAccountSelectionsV2025
+     */
+    'sources'?: Array<SourceAccountSelectionsV2025>;
+}
+export declare const RequestedItemAccountSelectionsV2025TypeV2025: {
+    readonly AccessProfile: "ACCESS_PROFILE";
+    readonly Role: "ROLE";
+    readonly Entitlement: "ENTITLEMENT";
+};
+export type RequestedItemAccountSelectionsV2025TypeV2025 = typeof RequestedItemAccountSelectionsV2025TypeV2025[keyof typeof RequestedItemAccountSelectionsV2025TypeV2025];
 /**
  *
  * @export
@@ -28890,6 +29675,69 @@ export declare const RequestedItemDetailsV2025TypeV2025: {
     readonly Role: "ROLE";
 };
 export type RequestedItemDetailsV2025TypeV2025 = typeof RequestedItemDetailsV2025TypeV2025[keyof typeof RequestedItemDetailsV2025TypeV2025];
+/**
+ *
+ * @export
+ * @interface RequestedItemDtoRefV2025
+ */
+export interface RequestedItemDtoRefV2025 {
+    /**
+     * The type of the item being requested.
+     * @type {string}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'type': RequestedItemDtoRefV2025TypeV2025;
+    /**
+     * ID of Role, Access Profile or Entitlement being requested.
+     * @type {string}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'id': string;
+    /**
+     * Comment provided by requester. * Comment is required when the request is of type Revoke Access.
+     * @type {string}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'comment'?: string;
+    /**
+     * Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status.
+     * @type {{ [key: string]: string; }}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'clientMetadata'?: {
+        [key: string]: string;
+    };
+    /**
+     * The date the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date. * Specify a date in the future. * The current SLA for the deprovisioning is 24 hours. * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration.
+     * @type {string}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'removeDate'?: string;
+    /**
+     * The assignmentId for a specific role assignment on the identity. This id is used to revoke that specific roleAssignment on that identity. * For use with REVOKE_ACCESS requests for roles for identities with multiple accounts on a single source.
+     * @type {string}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'assignmentId'?: string | null;
+    /**
+     * The \'distinguishedName\' field for an account on the identity, also called nativeIdentity. This nativeIdentity is used to revoke a specific attributeAssignment on the identity. * For use with REVOKE_ACCESS requests for entitlements for identities with multiple accounts on a single source.
+     * @type {string}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'nativeIdentity'?: string | null;
+    /**
+     * The accounts where the access item will be provisioned to * Includes selections performed by the user in the event of multiple accounts existing on the same source * Also includes details for sources where user only has one account
+     * @type {Array<SourceItemRefV2025>}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'accountSelection'?: Array<SourceItemRefV2025> | null;
+}
+export declare const RequestedItemDtoRefV2025TypeV2025: {
+    readonly AccessProfile: "ACCESS_PROFILE";
+    readonly Role: "ROLE";
+    readonly Entitlement: "ENTITLEMENT";
+};
+export type RequestedItemDtoRefV2025TypeV2025 = typeof RequestedItemDtoRefV2025TypeV2025[keyof typeof RequestedItemDtoRefV2025TypeV2025];
 /**
  *
  * @export
@@ -34986,6 +35834,176 @@ export declare const ServiceDeskSourceV2025TypeV2025: {
     readonly Source: "SOURCE";
 };
 export type ServiceDeskSourceV2025TypeV2025 = typeof ServiceDeskSourceV2025TypeV2025[keyof typeof ServiceDeskSourceV2025TypeV2025];
+/**
+ *
+ * @export
+ * @interface ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+ */
+export interface ServiceProviderConfigurationFederationProtocolDetailsInnerV2025 {
+    /**
+     * Federation protocol role
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'role'?: ServiceProviderConfigurationFederationProtocolDetailsInnerV2025RoleV2025;
+    /**
+     * An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP).
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'entityId'?: string;
+    /**
+     * Defines the binding used for the SAML flow. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'binding'?: string;
+    /**
+     * Specifies the SAML authentication method to use. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'authnContext'?: string;
+    /**
+     * The IDP logout URL. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'logoutUrl'?: string;
+    /**
+     * Determines if the configured AuthnContext should be used or the default. Used with IDP configurations.
+     * @type {boolean}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'includeAuthnContext'?: boolean;
+    /**
+     * The name id format to use. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'nameId'?: string;
+    /**
+     *
+     * @type {JITConfigurationV2025}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'jitConfiguration'?: JITConfigurationV2025;
+    /**
+     * The Base64-encoded certificate used by the IDP. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'cert'?: string;
+    /**
+     * The IDP POST URL, used with IDP HTTP-POST bindings for IDP-initiated logins. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'loginUrlPost'?: string;
+    /**
+     * The IDP Redirect URL. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'loginUrlRedirect'?: string;
+    /**
+     * Return the saml Id for the given user, based on the IDN as SP settings of the org. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'mappingAttribute': string;
+    /**
+     * The expiration date extracted from the certificate.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'certificateExpirationDate'?: string;
+    /**
+     * The name extracted from the certificate.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'certificateName'?: string;
+    /**
+     * Unique alias used to identify the selected local service provider based on used URL. Used with SP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'alias'?: string;
+    /**
+     * The allowed callback URL where users will be redirected to after authentication. Used with SP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'callbackUrl': string;
+    /**
+     * The legacy ACS URL used for SAML authentication. Used with SP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'legacyAcsUrl'?: string;
+}
+export declare const ServiceProviderConfigurationFederationProtocolDetailsInnerV2025RoleV2025: {
+    readonly SamlIdp: "SAML_IDP";
+    readonly SamlSp: "SAML_SP";
+};
+export type ServiceProviderConfigurationFederationProtocolDetailsInnerV2025RoleV2025 = typeof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025RoleV2025[keyof typeof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025RoleV2025];
+/**
+ * Represents the IdentityNow as Service Provider Configuration allowing customers to log into IDN via an Identity Provider
+ * @export
+ * @interface ServiceProviderConfigurationV2025
+ */
+export interface ServiceProviderConfigurationV2025 {
+    /**
+     * This determines whether or not the SAML authentication flow is enabled for an org
+     * @type {boolean}
+     * @memberof ServiceProviderConfigurationV2025
+     */
+    'enabled'?: boolean;
+    /**
+     * This allows basic login with the parameter prompt=true. This is often toggled on when debugging SAML authentication setup. When false, only org admins with MFA-enabled can bypass the IDP.
+     * @type {boolean}
+     * @memberof ServiceProviderConfigurationV2025
+     */
+    'bypassIdp'?: boolean;
+    /**
+     * This indicates whether or not the SAML configuration is valid.
+     * @type {boolean}
+     * @memberof ServiceProviderConfigurationV2025
+     */
+    'samlConfigurationValid'?: boolean;
+    /**
+     * A list of the abstract implementations of the Federation Protocol details. Typically, this will include on SpDetails object and one IdpDetails object used in tandem to define a SAML integration between a customer\'s identity provider and a customer\'s SailPoint instance (i.e., the service provider).
+     * @type {Array<ServiceProviderConfigurationFederationProtocolDetailsInnerV2025>}
+     * @memberof ServiceProviderConfigurationV2025
+     */
+    'federationProtocolDetails'?: Array<ServiceProviderConfigurationFederationProtocolDetailsInnerV2025>;
+}
+/**
+ *
+ * @export
+ * @interface SessionConfigurationV2025
+ */
+export interface SessionConfigurationV2025 {
+    /**
+     * The maximum time in minutes a session can be idle.
+     * @type {number}
+     * @memberof SessionConfigurationV2025
+     */
+    'maxIdleTime'?: number;
+    /**
+     * Denotes if \'remember me\' is enabled.
+     * @type {boolean}
+     * @memberof SessionConfigurationV2025
+     */
+    'rememberMe'?: boolean;
+    /**
+     * The maximum allowable session time in minutes.
+     * @type {number}
+     * @memberof SessionConfigurationV2025
+     */
+    'maxSessionTime'?: number;
+}
 /**
  *
  * @export
@@ -35996,6 +37014,37 @@ export interface SourceAccountDeletedV2025 {
         [key: string]: any;
     };
 }
+/**
+ *
+ * @export
+ * @interface SourceAccountSelectionsV2025
+ */
+export interface SourceAccountSelectionsV2025 {
+    /**
+     *
+     * @type {DtoTypeV2025}
+     * @memberof SourceAccountSelectionsV2025
+     */
+    'type'?: DtoTypeV2025;
+    /**
+     * The source id
+     * @type {string}
+     * @memberof SourceAccountSelectionsV2025
+     */
+    'id'?: string;
+    /**
+     * The source name
+     * @type {string}
+     * @memberof SourceAccountSelectionsV2025
+     */
+    'name'?: string;
+    /**
+     * The accounts information for a particular source in the requested item
+     * @type {Array<AccountInfoRefV2025>}
+     * @memberof SourceAccountSelectionsV2025
+     */
+    'accounts'?: Array<AccountInfoRefV2025>;
+}
 /**
  *
  * @export
@@ -36765,6 +37814,25 @@ export declare const SourceHealthDtoV2025StatusV2025: {
     readonly SourceStateErrorAccountFileImport: "SOURCE_STATE_ERROR_ACCOUNT_FILE_IMPORT";
 };
 export type SourceHealthDtoV2025StatusV2025 = typeof SourceHealthDtoV2025StatusV2025[keyof typeof SourceHealthDtoV2025StatusV2025];
+/**
+ *
+ * @export
+ * @interface SourceItemRefV2025
+ */
+export interface SourceItemRefV2025 {
+    /**
+     * The id for the source on which account selections are made
+     * @type {string}
+     * @memberof SourceItemRefV2025
+     */
+    'sourceId'?: string | null;
+    /**
+     * A list of account selections on the source. Currently, only one selection per source is supported.
+     * @type {Array<AccountItemRefV2025>}
+     * @memberof SourceItemRefV2025
+     */
+    'accounts'?: Array<AccountItemRefV2025> | null;
+}
 /**
  * Reference to management workgroup for the source.
  * @export
@@ -37845,6 +38913,48 @@ export interface SpConfigRulesV2025 {
      */
     'editable'?: boolean;
 }
+/**
+ *
+ * @export
+ * @interface SpDetailsV2025
+ */
+export interface SpDetailsV2025 {
+    /**
+     * Federation protocol role
+     * @type {string}
+     * @memberof SpDetailsV2025
+     */
+    'role'?: SpDetailsV2025RoleV2025;
+    /**
+     * An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP).
+     * @type {string}
+     * @memberof SpDetailsV2025
+     */
+    'entityId'?: string;
+    /**
+     * Unique alias used to identify the selected local service provider based on used URL. Used with SP configurations.
+     * @type {string}
+     * @memberof SpDetailsV2025
+     */
+    'alias'?: string;
+    /**
+     * The allowed callback URL where users will be redirected to after authentication. Used with SP configurations.
+     * @type {string}
+     * @memberof SpDetailsV2025
+     */
+    'callbackUrl': string;
+    /**
+     * The legacy ACS URL used for SAML authentication. Used with SP configurations.
+     * @type {string}
+     * @memberof SpDetailsV2025
+     */
+    'legacyAcsUrl'?: string;
+}
+export declare const SpDetailsV2025RoleV2025: {
+    readonly SamlIdp: "SAML_IDP";
+    readonly SamlSp: "SAML_SP";
+};
+export type SpDetailsV2025RoleV2025 = typeof SpDetailsV2025RoleV2025[keyof typeof SpDetailsV2025RoleV2025];
 /**
  *
  * @export
@@ -43629,7 +44739,7 @@ export declare const AccessRequestsV2025ApiAxiosParamCreator: (configuration?: C
      */
     closeAccessRequest: (closeAccessRequestV2025: CloseAccessRequestV2025, xSailPointExperimental?: string, axiosOptions?: RawAxiosRequestConfig) => Promise<RequestArgs>;
     /**
-     * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone.
+     * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields.
      * @summary Submit Access Request
      * @param {AccessRequestV2025} accessRequestV2025
      * @param {*} [axiosOptions] Override http request option.
@@ -43643,6 +44753,16 @@ export declare const AccessRequestsV2025ApiAxiosParamCreator: (configuration?: C
      * @throws {RequiredError}
      */
     getAccessRequestConfig: (axiosOptions?: RawAxiosRequestConfig) => Promise<RequestArgs>;
+    /**
+     * Use this API to return the details for a entitlement on an identity including specific data relating to remove date and the ability to revoke the identity.
+     * @summary Identity Entitlement Details
+     * @param {string} identityId The identity ID.
+     * @param {string} entitlementId The entitlement ID
+     * @param {string} [xSailPointExperimental] Use this header to enable this experimental API.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    getEntitlementDetailsForIdentity: (identityId: string, entitlementId: string, xSailPointExperimental?: string, axiosOptions?: RawAxiosRequestConfig) => Promise<RequestArgs>;
     /**
      * Use this API to return a list of access request statuses based on the specified query parameters. If an access request was made for access that an identity already has, the API ignores the access request.  These ignored requests do not display in the list of access request statuses. Any user with any user level can get the status of their own access requests. A user with ORG_ADMIN is required to call this API to get a list of statuses for other users.
      * @summary Access Request Status
@@ -43677,6 +44797,14 @@ export declare const AccessRequestsV2025ApiAxiosParamCreator: (configuration?: C
      * @throws {RequiredError}
      */
     listAdministratorsAccessRequestStatus: (requestedFor?: string, requestedBy?: string, regardingIdentity?: string, assignedTo?: string, count?: boolean, limit?: number, offset?: number, filters?: string, sorters?: string, requestState?: string, axiosOptions?: RawAxiosRequestConfig) => Promise<RequestArgs>;
+    /**
+     * Use this API to fetch account information for an identity against the items in an access request.  Used to fetch accountSelection for the AccessRequest prior to submitting for async processing.
+     * @summary Get accounts selections for identity
+     * @param {AccountsSelectionRequestV2025} accountsSelectionRequestV2025
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    loadAccountSelections: (accountsSelectionRequestV2025: AccountsSelectionRequestV2025, axiosOptions?: RawAxiosRequestConfig) => Promise<RequestArgs>;
     /**
      * This endpoint replaces the current access-request configuration.
      * @summary Update Access Request Configuration
@@ -43725,7 +44853,7 @@ export declare const AccessRequestsV2025ApiFp: (configuration?: Configuration) =
      */
     closeAccessRequest(closeAccessRequestV2025: CloseAccessRequestV2025, xSailPointExperimental?: string, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<object>>;
     /**
-     * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone.
+     * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields.
      * @summary Submit Access Request
      * @param {AccessRequestV2025} accessRequestV2025
      * @param {*} [axiosOptions] Override http request option.
@@ -43739,6 +44867,16 @@ export declare const AccessRequestsV2025ApiFp: (configuration?: Configuration) =
      * @throws {RequiredError}
      */
     getAccessRequestConfig(axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<AccessRequestConfigV2025>>;
+    /**
+     * Use this API to return the details for a entitlement on an identity including specific data relating to remove date and the ability to revoke the identity.
+     * @summary Identity Entitlement Details
+     * @param {string} identityId The identity ID.
+     * @param {string} entitlementId The entitlement ID
+     * @param {string} [xSailPointExperimental] Use this header to enable this experimental API.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    getEntitlementDetailsForIdentity(identityId: string, entitlementId: string, xSailPointExperimental?: string, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<IdentityEntitlementDetailsV2025>>;
     /**
      * Use this API to return a list of access request statuses based on the specified query parameters. If an access request was made for access that an identity already has, the API ignores the access request.  These ignored requests do not display in the list of access request statuses. Any user with any user level can get the status of their own access requests. A user with ORG_ADMIN is required to call this API to get a list of statuses for other users.
      * @summary Access Request Status
@@ -43773,6 +44911,14 @@ export declare const AccessRequestsV2025ApiFp: (configuration?: Configuration) =
      * @throws {RequiredError}
      */
     listAdministratorsAccessRequestStatus(requestedFor?: string, requestedBy?: string, regardingIdentity?: string, assignedTo?: string, count?: boolean, limit?: number, offset?: number, filters?: string, sorters?: string, requestState?: string, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<Array<AccessRequestAdminItemStatusV2025>>>;
+    /**
+     * Use this API to fetch account information for an identity against the items in an access request.  Used to fetch accountSelection for the AccessRequest prior to submitting for async processing.
+     * @summary Get accounts selections for identity
+     * @param {AccountsSelectionRequestV2025} accountsSelectionRequestV2025
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    loadAccountSelections(accountsSelectionRequestV2025: AccountsSelectionRequestV2025, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<AccountsSelectionResponseV2025>>;
     /**
      * This endpoint replaces the current access-request configuration.
      * @summary Update Access Request Configuration
@@ -43820,7 +44966,7 @@ export declare const AccessRequestsV2025ApiFactory: (configuration?: Configurati
      */
     closeAccessRequest(requestParameters: AccessRequestsV2025ApiCloseAccessRequestRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<object>;
     /**
-     * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone.
+     * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields.
      * @summary Submit Access Request
      * @param {AccessRequestsV2025ApiCreateAccessRequestRequest} requestParameters Request parameters.
      * @param {*} [axiosOptions] Override http request option.
@@ -43834,6 +44980,14 @@ export declare const AccessRequestsV2025ApiFactory: (configuration?: Configurati
      * @throws {RequiredError}
      */
     getAccessRequestConfig(axiosOptions?: RawAxiosRequestConfig): AxiosPromise<AccessRequestConfigV2025>;
+    /**
+     * Use this API to return the details for a entitlement on an identity including specific data relating to remove date and the ability to revoke the identity.
+     * @summary Identity Entitlement Details
+     * @param {AccessRequestsV2025ApiGetEntitlementDetailsForIdentityRequest} requestParameters Request parameters.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    getEntitlementDetailsForIdentity(requestParameters: AccessRequestsV2025ApiGetEntitlementDetailsForIdentityRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<IdentityEntitlementDetailsV2025>;
     /**
      * Use this API to return a list of access request statuses based on the specified query parameters. If an access request was made for access that an identity already has, the API ignores the access request.  These ignored requests do not display in the list of access request statuses. Any user with any user level can get the status of their own access requests. A user with ORG_ADMIN is required to call this API to get a list of statuses for other users.
      * @summary Access Request Status
@@ -43850,6 +45004,14 @@ export declare const AccessRequestsV2025ApiFactory: (configuration?: Configurati
      * @throws {RequiredError}
      */
     listAdministratorsAccessRequestStatus(requestParameters?: AccessRequestsV2025ApiListAdministratorsAccessRequestStatusRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<Array<AccessRequestAdminItemStatusV2025>>;
+    /**
+     * Use this API to fetch account information for an identity against the items in an access request.  Used to fetch accountSelection for the AccessRequest prior to submitting for async processing.
+     * @summary Get accounts selections for identity
+     * @param {AccessRequestsV2025ApiLoadAccountSelectionsRequest} requestParameters Request parameters.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    loadAccountSelections(requestParameters: AccessRequestsV2025ApiLoadAccountSelectionsRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<AccountsSelectionResponseV2025>;
     /**
      * This endpoint replaces the current access-request configuration.
      * @summary Update Access Request Configuration
@@ -43930,6 +45092,31 @@ export interface AccessRequestsV2025ApiCreateAccessRequestRequest {
      */
     readonly accessRequestV2025: AccessRequestV2025;
 }
+/**
+ * Request parameters for getEntitlementDetailsForIdentity operation in AccessRequestsV2025Api.
+ * @export
+ * @interface AccessRequestsV2025ApiGetEntitlementDetailsForIdentityRequest
+ */
+export interface AccessRequestsV2025ApiGetEntitlementDetailsForIdentityRequest {
+    /**
+     * The identity ID.
+     * @type {string}
+     * @memberof AccessRequestsV2025ApiGetEntitlementDetailsForIdentity
+     */
+    readonly identityId: string;
+    /**
+     * The entitlement ID
+     * @type {string}
+     * @memberof AccessRequestsV2025ApiGetEntitlementDetailsForIdentity
+     */
+    readonly entitlementId: string;
+    /**
+     * Use this header to enable this experimental API.
+     * @type {string}
+     * @memberof AccessRequestsV2025ApiGetEntitlementDetailsForIdentity
+     */
+    readonly xSailPointExperimental?: string;
+}
 /**
  * Request parameters for listAccessRequestStatus operation in AccessRequestsV2025Api.
  * @export
@@ -44064,6 +45251,19 @@ export interface AccessRequestsV2025ApiListAdministratorsAccessRequestStatusRequ
      */
     readonly requestState?: string;
 }
+/**
+ * Request parameters for loadAccountSelections operation in AccessRequestsV2025Api.
+ * @export
+ * @interface AccessRequestsV2025ApiLoadAccountSelectionsRequest
+ */
+export interface AccessRequestsV2025ApiLoadAccountSelectionsRequest {
+    /**
+     *
+     * @type {AccountsSelectionRequestV2025}
+     * @memberof AccessRequestsV2025ApiLoadAccountSelections
+     */
+    readonly accountsSelectionRequestV2025: AccountsSelectionRequestV2025;
+}
 /**
  * Request parameters for setAccessRequestConfig operation in AccessRequestsV2025Api.
  * @export
@@ -44121,7 +45321,7 @@ export declare class AccessRequestsV2025Api extends BaseAPI {
      */
     closeAccessRequest(requestParameters: AccessRequestsV2025ApiCloseAccessRequestRequest, axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<object, any>>;
     /**
-     * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone.
+     * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields.
      * @summary Submit Access Request
      * @param {AccessRequestsV2025ApiCreateAccessRequestRequest} requestParameters Request parameters.
      * @param {*} [axiosOptions] Override http request option.
@@ -44137,6 +45337,15 @@ export declare class AccessRequestsV2025Api extends BaseAPI {
      * @memberof AccessRequestsV2025Api
      */
     getAccessRequestConfig(axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<AccessRequestConfigV2025, any>>;
+    /**
+     * Use this API to return the details for a entitlement on an identity including specific data relating to remove date and the ability to revoke the identity.
+     * @summary Identity Entitlement Details
+     * @param {AccessRequestsV2025ApiGetEntitlementDetailsForIdentityRequest} requestParameters Request parameters.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof AccessRequestsV2025Api
+     */
+    getEntitlementDetailsForIdentity(requestParameters: AccessRequestsV2025ApiGetEntitlementDetailsForIdentityRequest, axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<IdentityEntitlementDetailsV2025, any>>;
     /**
      * Use this API to return a list of access request statuses based on the specified query parameters. If an access request was made for access that an identity already has, the API ignores the access request.  These ignored requests do not display in the list of access request statuses. Any user with any user level can get the status of their own access requests. A user with ORG_ADMIN is required to call this API to get a list of statuses for other users.
      * @summary Access Request Status
@@ -44155,6 +45364,15 @@ export declare class AccessRequestsV2025Api extends BaseAPI {
      * @memberof AccessRequestsV2025Api
      */
     listAdministratorsAccessRequestStatus(requestParameters?: AccessRequestsV2025ApiListAdministratorsAccessRequestStatusRequest, axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<AccessRequestAdminItemStatusV2025[], any>>;
+    /**
+     * Use this API to fetch account information for an identity against the items in an access request.  Used to fetch accountSelection for the AccessRequest prior to submitting for async processing.
+     * @summary Get accounts selections for identity
+     * @param {AccessRequestsV2025ApiLoadAccountSelectionsRequest} requestParameters Request parameters.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof AccessRequestsV2025Api
+     */
+    loadAccountSelections(requestParameters: AccessRequestsV2025ApiLoadAccountSelectionsRequest, axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<AccountsSelectionResponseV2025, any>>;
     /**
      * This endpoint replaces the current access-request configuration.
      * @summary Update Access Request Configuration
@@ -47998,7 +49216,7 @@ export declare const CertificationCampaignsV2025ApiFp: (configuration?: Configur
      * @param {*} [axiosOptions] Override http request option.
      * @throws {RequiredError}
      */
-    getCampaign(id: string, detail?: GetCampaignDetailV2025, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<GetActiveCampaigns200ResponseInnerV2025>>;
+    getCampaign(id: string, detail?: GetCampaignDetailV2025, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<GetCampaign200ResponseV2025>>;
     /**
      * Use this API to fetch all reports for a certification campaign by campaign ID.
      * @summary Get Campaign Reports
@@ -48189,7 +49407,7 @@ export declare const CertificationCampaignsV2025ApiFactory: (configuration?: Con
      * @param {*} [axiosOptions] Override http request option.
      * @throws {RequiredError}
      */
-    getCampaign(requestParameters: CertificationCampaignsV2025ApiGetCampaignRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<GetActiveCampaigns200ResponseInnerV2025>;
+    getCampaign(requestParameters: CertificationCampaignsV2025ApiGetCampaignRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<GetCampaign200ResponseV2025>;
     /**
      * Use this API to fetch all reports for a certification campaign by campaign ID.
      * @summary Get Campaign Reports
@@ -48755,7 +49973,7 @@ export declare class CertificationCampaignsV2025Api extends BaseAPI {
      * @throws {RequiredError}
      * @memberof CertificationCampaignsV2025Api
      */
-    getCampaign(requestParameters: CertificationCampaignsV2025ApiGetCampaignRequest, axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<GetActiveCampaigns200ResponseInnerV2025, any>>;
+    getCampaign(requestParameters: CertificationCampaignsV2025ApiGetCampaignRequest, axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<GetCampaign200ResponseV2025, any>>;
     /**
      * Use this API to fetch all reports for a certification campaign by campaign ID.
      * @summary Get Campaign Reports
@@ -55632,6 +56850,13 @@ export declare const GlobalTenantSecuritySettingsV2025ApiAxiosParamCreator: (con
      * @throws {RequiredError}
      */
     createAuthOrgNetworkConfig: (networkConfigurationV2025: NetworkConfigurationV2025, axiosOptions?: RawAxiosRequestConfig) => Promise<RequestArgs>;
+    /**
+     * This API returns the details of an org\'s lockout auth configuration.
+     * @summary Get Auth Org Lockout Configuration.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    getAuthOrgLockoutConfig: (axiosOptions?: RawAxiosRequestConfig) => Promise<RequestArgs>;
     /**
      * This API returns the details of an org\'s network auth configuration.
      * @summary Get security network configuration.
@@ -55639,6 +56864,28 @@ export declare const GlobalTenantSecuritySettingsV2025ApiAxiosParamCreator: (con
      * @throws {RequiredError}
      */
     getAuthOrgNetworkConfig: (axiosOptions?: RawAxiosRequestConfig) => Promise<RequestArgs>;
+    /**
+     * This API returns the details of an org\'s service provider auth configuration.
+     * @summary Get Service Provider Configuration.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    getAuthOrgServiceProviderConfig: (axiosOptions?: RawAxiosRequestConfig) => Promise<RequestArgs>;
+    /**
+     * This API returns the details of an org\'s session auth configuration.
+     * @summary Get Auth Org Session Configuration.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    getAuthOrgSessionConfig: (axiosOptions?: RawAxiosRequestConfig) => Promise<RequestArgs>;
+    /**
+     * This API updates an existing lockout configuration for an org using PATCH
+     * @summary Update Auth Org Lockout Configuration
+     * @param {Array<JsonPatchOperationV2025>} jsonPatchOperationV2025 A list of auth org lockout configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Lockout Config conforms to certain logical guidelines, which are:   &#x60;1. maximumAttempts &gt;&#x3D; 1 &amp;&amp; maximumAttempts &lt;&#x3D; 15   2. lockoutDuration &gt;&#x3D; 5 &amp;&amp; lockoutDuration &lt;&#x3D; 60   3. lockoutWindow &gt;&#x3D; 5 &amp;&amp; lockoutDuration &lt;&#x3D; 60&#x60;
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    patchAuthOrgLockoutConfig: (jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, axiosOptions?: RawAxiosRequestConfig) => Promise<RequestArgs>;
     /**
      * This API updates an existing network configuration for an org using PATCH  Requires security scope of:  \'sp:auth-org:manage\'
      * @summary Update security network configuration.
@@ -55647,6 +56894,22 @@ export declare const GlobalTenantSecuritySettingsV2025ApiAxiosParamCreator: (con
      * @throws {RequiredError}
      */
     patchAuthOrgNetworkConfig: (jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, axiosOptions?: RawAxiosRequestConfig) => Promise<RequestArgs>;
+    /**
+     * This API updates an existing service provider configuration for an org using PATCH.
+     * @summary Update Service Provider Configuration
+     * @param {Array<JsonPatchOperationV2025>} jsonPatchOperationV2025 A list of auth org service provider configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Note: /federationProtocolDetails/0 is IdpDetails /federationProtocolDetails/1 is SpDetails Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are:   1. Do not add or remove any elements in the federation protocol details in the service provider configuration.   2. Do not modify, add, or delete the service provider details element in the federation protocol details.   3. If this is the first time the patched ServiceProviderConfig enables Remote IDP sign-in, it must also include IDPDetails.   4. If the patch enables Remote IDP sign in, the entityID in the IDPDetails cannot be null. IDPDetails must include an entityID.   5. Any JIT configuration update must be valid.  Just in time configuration update must be valid when enabled. This includes:   - A Source ID   - Source attribute mappings   - Source attribute maps have all the required key values (firstName, lastName, email)
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    patchAuthOrgServiceProviderConfig: (jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, axiosOptions?: RawAxiosRequestConfig) => Promise<RequestArgs>;
+    /**
+     * This API updates an existing session configuration for an org using PATCH.
+     * @summary Update Auth Org Session Configuration
+     * @param {Array<JsonPatchOperationV2025>} jsonPatchOperationV2025 A list of auth org session configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.  Ensures that the patched Session Config conforms to certain logical guidelines, which are:   &#x60;1. maxSessionTime &gt;&#x3D; 1 &amp;&amp; maxSessionTime &lt;&#x3D; 10080 (1 week)   2. maxIdleTime &gt;&#x3D; 1 &amp;&amp; maxIdleTime &lt;&#x3D; 1440 (1 day)   3. maxSessionTime must have a greater duration than maxIdleTime.&#x60;
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    patchAuthOrgSessionConfig: (jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, axiosOptions?: RawAxiosRequestConfig) => Promise<RequestArgs>;
 };
 /**
  * GlobalTenantSecuritySettingsV2025Api - functional programming interface
@@ -55661,6 +56924,13 @@ export declare const GlobalTenantSecuritySettingsV2025ApiFp: (configuration?: Co
      * @throws {RequiredError}
      */
     createAuthOrgNetworkConfig(networkConfigurationV2025: NetworkConfigurationV2025, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<NetworkConfigurationV2025>>;
+    /**
+     * This API returns the details of an org\'s lockout auth configuration.
+     * @summary Get Auth Org Lockout Configuration.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    getAuthOrgLockoutConfig(axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<LockoutConfigurationV2025>>;
     /**
      * This API returns the details of an org\'s network auth configuration.
      * @summary Get security network configuration.
@@ -55668,6 +56938,28 @@ export declare const GlobalTenantSecuritySettingsV2025ApiFp: (configuration?: Co
      * @throws {RequiredError}
      */
     getAuthOrgNetworkConfig(axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<NetworkConfigurationV2025>>;
+    /**
+     * This API returns the details of an org\'s service provider auth configuration.
+     * @summary Get Service Provider Configuration.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    getAuthOrgServiceProviderConfig(axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<ServiceProviderConfigurationV2025>>;
+    /**
+     * This API returns the details of an org\'s session auth configuration.
+     * @summary Get Auth Org Session Configuration.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    getAuthOrgSessionConfig(axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<SessionConfigurationV2025>>;
+    /**
+     * This API updates an existing lockout configuration for an org using PATCH
+     * @summary Update Auth Org Lockout Configuration
+     * @param {Array<JsonPatchOperationV2025>} jsonPatchOperationV2025 A list of auth org lockout configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Lockout Config conforms to certain logical guidelines, which are:   &#x60;1. maximumAttempts &gt;&#x3D; 1 &amp;&amp; maximumAttempts &lt;&#x3D; 15   2. lockoutDuration &gt;&#x3D; 5 &amp;&amp; lockoutDuration &lt;&#x3D; 60   3. lockoutWindow &gt;&#x3D; 5 &amp;&amp; lockoutDuration &lt;&#x3D; 60&#x60;
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    patchAuthOrgLockoutConfig(jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<LockoutConfigurationV2025>>;
     /**
      * This API updates an existing network configuration for an org using PATCH  Requires security scope of:  \'sp:auth-org:manage\'
      * @summary Update security network configuration.
@@ -55676,6 +56968,22 @@ export declare const GlobalTenantSecuritySettingsV2025ApiFp: (configuration?: Co
      * @throws {RequiredError}
      */
     patchAuthOrgNetworkConfig(jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<NetworkConfigurationV2025>>;
+    /**
+     * This API updates an existing service provider configuration for an org using PATCH.
+     * @summary Update Service Provider Configuration
+     * @param {Array<JsonPatchOperationV2025>} jsonPatchOperationV2025 A list of auth org service provider configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Note: /federationProtocolDetails/0 is IdpDetails /federationProtocolDetails/1 is SpDetails Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are:   1. Do not add or remove any elements in the federation protocol details in the service provider configuration.   2. Do not modify, add, or delete the service provider details element in the federation protocol details.   3. If this is the first time the patched ServiceProviderConfig enables Remote IDP sign-in, it must also include IDPDetails.   4. If the patch enables Remote IDP sign in, the entityID in the IDPDetails cannot be null. IDPDetails must include an entityID.   5. Any JIT configuration update must be valid.  Just in time configuration update must be valid when enabled. This includes:   - A Source ID   - Source attribute mappings   - Source attribute maps have all the required key values (firstName, lastName, email)
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    patchAuthOrgServiceProviderConfig(jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<ServiceProviderConfigurationV2025>>;
+    /**
+     * This API updates an existing session configuration for an org using PATCH.
+     * @summary Update Auth Org Session Configuration
+     * @param {Array<JsonPatchOperationV2025>} jsonPatchOperationV2025 A list of auth org session configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.  Ensures that the patched Session Config conforms to certain logical guidelines, which are:   &#x60;1. maxSessionTime &gt;&#x3D; 1 &amp;&amp; maxSessionTime &lt;&#x3D; 10080 (1 week)   2. maxIdleTime &gt;&#x3D; 1 &amp;&amp; maxIdleTime &lt;&#x3D; 1440 (1 day)   3. maxSessionTime must have a greater duration than maxIdleTime.&#x60;
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    patchAuthOrgSessionConfig(jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<SessionConfigurationV2025>>;
 };
 /**
  * GlobalTenantSecuritySettingsV2025Api - factory interface
@@ -55690,6 +56998,13 @@ export declare const GlobalTenantSecuritySettingsV2025ApiFactory: (configuration
      * @throws {RequiredError}
      */
     createAuthOrgNetworkConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiCreateAuthOrgNetworkConfigRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<NetworkConfigurationV2025>;
+    /**
+     * This API returns the details of an org\'s lockout auth configuration.
+     * @summary Get Auth Org Lockout Configuration.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    getAuthOrgLockoutConfig(axiosOptions?: RawAxiosRequestConfig): AxiosPromise<LockoutConfigurationV2025>;
     /**
      * This API returns the details of an org\'s network auth configuration.
      * @summary Get security network configuration.
@@ -55697,6 +57012,28 @@ export declare const GlobalTenantSecuritySettingsV2025ApiFactory: (configuration
      * @throws {RequiredError}
      */
     getAuthOrgNetworkConfig(axiosOptions?: RawAxiosRequestConfig): AxiosPromise<NetworkConfigurationV2025>;
+    /**
+     * This API returns the details of an org\'s service provider auth configuration.
+     * @summary Get Service Provider Configuration.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    getAuthOrgServiceProviderConfig(axiosOptions?: RawAxiosRequestConfig): AxiosPromise<ServiceProviderConfigurationV2025>;
+    /**
+     * This API returns the details of an org\'s session auth configuration.
+     * @summary Get Auth Org Session Configuration.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    getAuthOrgSessionConfig(axiosOptions?: RawAxiosRequestConfig): AxiosPromise<SessionConfigurationV2025>;
+    /**
+     * This API updates an existing lockout configuration for an org using PATCH
+     * @summary Update Auth Org Lockout Configuration
+     * @param {GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgLockoutConfigRequest} requestParameters Request parameters.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    patchAuthOrgLockoutConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgLockoutConfigRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<LockoutConfigurationV2025>;
     /**
      * This API updates an existing network configuration for an org using PATCH  Requires security scope of:  \'sp:auth-org:manage\'
      * @summary Update security network configuration.
@@ -55705,6 +57042,22 @@ export declare const GlobalTenantSecuritySettingsV2025ApiFactory: (configuration
      * @throws {RequiredError}
      */
     patchAuthOrgNetworkConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgNetworkConfigRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<NetworkConfigurationV2025>;
+    /**
+     * This API updates an existing service provider configuration for an org using PATCH.
+     * @summary Update Service Provider Configuration
+     * @param {GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgServiceProviderConfigRequest} requestParameters Request parameters.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    patchAuthOrgServiceProviderConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgServiceProviderConfigRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<ServiceProviderConfigurationV2025>;
+    /**
+     * This API updates an existing session configuration for an org using PATCH.
+     * @summary Update Auth Org Session Configuration
+     * @param {GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgSessionConfigRequest} requestParameters Request parameters.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     */
+    patchAuthOrgSessionConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgSessionConfigRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<SessionConfigurationV2025>;
 };
 /**
  * Request parameters for createAuthOrgNetworkConfig operation in GlobalTenantSecuritySettingsV2025Api.
@@ -55719,6 +57072,19 @@ export interface GlobalTenantSecuritySettingsV2025ApiCreateAuthOrgNetworkConfigR
      */
     readonly networkConfigurationV2025: NetworkConfigurationV2025;
 }
+/**
+ * Request parameters for patchAuthOrgLockoutConfig operation in GlobalTenantSecuritySettingsV2025Api.
+ * @export
+ * @interface GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgLockoutConfigRequest
+ */
+export interface GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgLockoutConfigRequest {
+    /**
+     * A list of auth org lockout configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Lockout Config conforms to certain logical guidelines, which are:   &#x60;1. maximumAttempts &gt;&#x3D; 1 &amp;&amp; maximumAttempts &lt;&#x3D; 15   2. lockoutDuration &gt;&#x3D; 5 &amp;&amp; lockoutDuration &lt;&#x3D; 60   3. lockoutWindow &gt;&#x3D; 5 &amp;&amp; lockoutDuration &lt;&#x3D; 60&#x60;
+     * @type {Array<JsonPatchOperationV2025>}
+     * @memberof GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgLockoutConfig
+     */
+    readonly jsonPatchOperationV2025: Array<JsonPatchOperationV2025>;
+}
 /**
  * Request parameters for patchAuthOrgNetworkConfig operation in GlobalTenantSecuritySettingsV2025Api.
  * @export
@@ -55732,6 +57098,32 @@ export interface GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgNetworkConfigRe
      */
     readonly jsonPatchOperationV2025: Array<JsonPatchOperationV2025>;
 }
+/**
+ * Request parameters for patchAuthOrgServiceProviderConfig operation in GlobalTenantSecuritySettingsV2025Api.
+ * @export
+ * @interface GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgServiceProviderConfigRequest
+ */
+export interface GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgServiceProviderConfigRequest {
+    /**
+     * A list of auth org service provider configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Note: /federationProtocolDetails/0 is IdpDetails /federationProtocolDetails/1 is SpDetails Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are:   1. Do not add or remove any elements in the federation protocol details in the service provider configuration.   2. Do not modify, add, or delete the service provider details element in the federation protocol details.   3. If this is the first time the patched ServiceProviderConfig enables Remote IDP sign-in, it must also include IDPDetails.   4. If the patch enables Remote IDP sign in, the entityID in the IDPDetails cannot be null. IDPDetails must include an entityID.   5. Any JIT configuration update must be valid.  Just in time configuration update must be valid when enabled. This includes:   - A Source ID   - Source attribute mappings   - Source attribute maps have all the required key values (firstName, lastName, email)
+     * @type {Array<JsonPatchOperationV2025>}
+     * @memberof GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgServiceProviderConfig
+     */
+    readonly jsonPatchOperationV2025: Array<JsonPatchOperationV2025>;
+}
+/**
+ * Request parameters for patchAuthOrgSessionConfig operation in GlobalTenantSecuritySettingsV2025Api.
+ * @export
+ * @interface GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgSessionConfigRequest
+ */
+export interface GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgSessionConfigRequest {
+    /**
+     * A list of auth org session configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.  Ensures that the patched Session Config conforms to certain logical guidelines, which are:   &#x60;1. maxSessionTime &gt;&#x3D; 1 &amp;&amp; maxSessionTime &lt;&#x3D; 10080 (1 week)   2. maxIdleTime &gt;&#x3D; 1 &amp;&amp; maxIdleTime &lt;&#x3D; 1440 (1 day)   3. maxSessionTime must have a greater duration than maxIdleTime.&#x60;
+     * @type {Array<JsonPatchOperationV2025>}
+     * @memberof GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgSessionConfig
+     */
+    readonly jsonPatchOperationV2025: Array<JsonPatchOperationV2025>;
+}
 /**
  * GlobalTenantSecuritySettingsV2025Api - object-oriented interface
  * @export
@@ -55748,6 +57140,14 @@ export declare class GlobalTenantSecuritySettingsV2025Api extends BaseAPI {
      * @memberof GlobalTenantSecuritySettingsV2025Api
      */
     createAuthOrgNetworkConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiCreateAuthOrgNetworkConfigRequest, axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<NetworkConfigurationV2025, any>>;
+    /**
+     * This API returns the details of an org\'s lockout auth configuration.
+     * @summary Get Auth Org Lockout Configuration.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof GlobalTenantSecuritySettingsV2025Api
+     */
+    getAuthOrgLockoutConfig(axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<LockoutConfigurationV2025, any>>;
     /**
      * This API returns the details of an org\'s network auth configuration.
      * @summary Get security network configuration.
@@ -55756,6 +57156,31 @@ export declare class GlobalTenantSecuritySettingsV2025Api extends BaseAPI {
      * @memberof GlobalTenantSecuritySettingsV2025Api
      */
     getAuthOrgNetworkConfig(axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<NetworkConfigurationV2025, any>>;
+    /**
+     * This API returns the details of an org\'s service provider auth configuration.
+     * @summary Get Service Provider Configuration.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof GlobalTenantSecuritySettingsV2025Api
+     */
+    getAuthOrgServiceProviderConfig(axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<ServiceProviderConfigurationV2025, any>>;
+    /**
+     * This API returns the details of an org\'s session auth configuration.
+     * @summary Get Auth Org Session Configuration.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof GlobalTenantSecuritySettingsV2025Api
+     */
+    getAuthOrgSessionConfig(axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<SessionConfigurationV2025, any>>;
+    /**
+     * This API updates an existing lockout configuration for an org using PATCH
+     * @summary Update Auth Org Lockout Configuration
+     * @param {GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgLockoutConfigRequest} requestParameters Request parameters.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof GlobalTenantSecuritySettingsV2025Api
+     */
+    patchAuthOrgLockoutConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgLockoutConfigRequest, axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<LockoutConfigurationV2025, any>>;
     /**
      * This API updates an existing network configuration for an org using PATCH  Requires security scope of:  \'sp:auth-org:manage\'
      * @summary Update security network configuration.
@@ -55765,6 +57190,24 @@ export declare class GlobalTenantSecuritySettingsV2025Api extends BaseAPI {
      * @memberof GlobalTenantSecuritySettingsV2025Api
      */
     patchAuthOrgNetworkConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgNetworkConfigRequest, axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<NetworkConfigurationV2025, any>>;
+    /**
+     * This API updates an existing service provider configuration for an org using PATCH.
+     * @summary Update Service Provider Configuration
+     * @param {GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgServiceProviderConfigRequest} requestParameters Request parameters.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof GlobalTenantSecuritySettingsV2025Api
+     */
+    patchAuthOrgServiceProviderConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgServiceProviderConfigRequest, axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<ServiceProviderConfigurationV2025, any>>;
+    /**
+     * This API updates an existing session configuration for an org using PATCH.
+     * @summary Update Auth Org Session Configuration
+     * @param {GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgSessionConfigRequest} requestParameters Request parameters.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof GlobalTenantSecuritySettingsV2025Api
+     */
+    patchAuthOrgSessionConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgSessionConfigRequest, axiosOptions?: RawAxiosRequestConfig): Promise<import("axios").AxiosResponse<SessionConfigurationV2025, any>>;
 }
 /**
  * GovernanceGroupsV2025Api - axios parameter creator