sailpoint-api-client 1.5.0 → 1.6.0

package/v2025/api.ts

@@ -2223,6 +2223,64 @@ export interface AccessRequestDynamicApproverV2025 {
      */
     'requestedBy': AccessItemRequesterDtoV2025;
 }
+/**
+ * 
+ * @export
+ * @interface AccessRequestItem1V2025
+ */
+export interface AccessRequestItem1V2025 {
+    /**
+     * The type of the item being requested.
+     * @type {string}
+     * @memberof AccessRequestItem1V2025
+     */
+    'type': AccessRequestItem1V2025TypeV2025;
+    /**
+     * ID of Role, Access Profile or Entitlement being requested.
+     * @type {string}
+     * @memberof AccessRequestItem1V2025
+     */
+    'id': string;
+    /**
+     * Comment provided by requester. * Comment is required when the request is of type Revoke Access. 
+     * @type {string}
+     * @memberof AccessRequestItem1V2025
+     */
+    'comment'?: string;
+    /**
+     * Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status.
+     * @type {{ [key: string]: string; }}
+     * @memberof AccessRequestItem1V2025
+     */
+    'clientMetadata'?: { [key: string]: string; };
+    /**
+     * The date the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date. * Specify a date in the future. * The current SLA for the deprovisioning is 24 hours. * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration. 
+     * @type {string}
+     * @memberof AccessRequestItem1V2025
+     */
+    'removeDate'?: string;
+    /**
+     * The assignmentId for a specific role assignment on the identity. This id is used to revoke that specific roleAssignment on that identity. * For use with REVOKE_ACCESS requests for roles for identities with multiple accounts on a single source. 
+     * @type {string}
+     * @memberof AccessRequestItem1V2025
+     */
+    'assignmentId'?: string | null;
+    /**
+     * The \'distinguishedName\' field for an account on the identity, also called nativeIdentity. This nativeIdentity is used to revoke a specific attributeAssignment on the identity. * For use with REVOKE_ACCESS requests for entitlements for identities with multiple accounts on a single source. 
+     * @type {string}
+     * @memberof AccessRequestItem1V2025
+     */
+    'nativeIdentity'?: string | null;
+}
+
+export const AccessRequestItem1V2025TypeV2025 = {
+    AccessProfile: 'ACCESS_PROFILE',
+    Role: 'ROLE',
+    Entitlement: 'ENTITLEMENT'
+} as const;
+
+export type AccessRequestItem1V2025TypeV2025 = typeof AccessRequestItem1V2025TypeV2025[keyof typeof AccessRequestItem1V2025TypeV2025];
+
 /**
  * 
  * @export
@@ -3001,6 +3059,12 @@ export interface AccessRequestV2025 {
      * @memberof AccessRequestV2025
      */
     'clientMetadata'?: { [key: string]: string; };
+    /**
+     * Additional submit data structure with requestedFor containing requestedItems allowing distinction for each request item and Identity. * Can only be used when \'requestedFor\' and \'requestedItems\' are not separately provided * Adds ability to specify which account the user wants the access on, in case they have multiple accounts on a source * Allows the ability to request items with different remove dates * Also allows different combinations of request items and identities in the same request 
+     * @type {Array<RequestedForDtoRefV2025>}
+     * @memberof AccessRequestV2025
+     */
+    'requestedForWithRequestedItems'?: Array<RequestedForDtoRefV2025> | null;
 }
 
 
@@ -4584,6 +4648,64 @@ export interface AccountInfoDtoV2025 {
      */
     'uuid'?: string;
 }
+/**
+ * 
+ * @export
+ * @interface AccountInfoRefV2025
+ */
+export interface AccountInfoRefV2025 {
+    /**
+     * The uuid for the account, available under the \'objectguid\' attribute
+     * @type {string}
+     * @memberof AccountInfoRefV2025
+     */
+    'uuid'?: string;
+    /**
+     * The \'distinguishedName\' attribute for the account
+     * @type {string}
+     * @memberof AccountInfoRefV2025
+     */
+    'nativeIdentity'?: string;
+    /**
+     * 
+     * @type {DtoTypeV2025}
+     * @memberof AccountInfoRefV2025
+     */
+    'type'?: DtoTypeV2025;
+    /**
+     * The account id
+     * @type {string}
+     * @memberof AccountInfoRefV2025
+     */
+    'id'?: string;
+    /**
+     * The account display name
+     * @type {string}
+     * @memberof AccountInfoRefV2025
+     */
+    'name'?: string;
+}
+
+
+/**
+ * 
+ * @export
+ * @interface AccountItemRefV2025
+ */
+export interface AccountItemRefV2025 {
+    /**
+     * The uuid for the account, available under the \'objectguid\' attribute
+     * @type {string}
+     * @memberof AccountItemRefV2025
+     */
+    'accountUuid'?: string | null;
+    /**
+     * The \'distinguishedName\' attribute for the account
+     * @type {string}
+     * @memberof AccountItemRefV2025
+     */
+    'nativeIdentity'?: string;
+}
 /**
  * If an account activity item is associated with an access request, captures details of that request.
  * @export
@@ -5369,6 +5491,52 @@ export interface AccountsExportReportArgumentsV2025 {
      */
     'sourceName': string;
 }
+/**
+ * 
+ * @export
+ * @interface AccountsSelectionRequestV2025
+ */
+export interface AccountsSelectionRequestV2025 {
+    /**
+     * A list of Identity IDs for whom the Access is requested.
+     * @type {Array<string>}
+     * @memberof AccountsSelectionRequestV2025
+     */
+    'requestedFor': Array<string>;
+    /**
+     * 
+     * @type {AccessRequestTypeV2025}
+     * @memberof AccountsSelectionRequestV2025
+     */
+    'requestType'?: AccessRequestTypeV2025 | null;
+    /**
+     * 
+     * @type {Array<AccessRequestItem1V2025>}
+     * @memberof AccountsSelectionRequestV2025
+     */
+    'requestedItems': Array<AccessRequestItem1V2025>;
+    /**
+     * Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.  
+     * @type {{ [key: string]: string; }}
+     * @memberof AccountsSelectionRequestV2025
+     */
+    'clientMetadata'?: { [key: string]: string; };
+}
+
+
+/**
+ * 
+ * @export
+ * @interface AccountsSelectionResponseV2025
+ */
+export interface AccountsSelectionResponseV2025 {
+    /**
+     * A list of available account selections per identity in the request, for all the requested items
+     * @type {Array<IdentityAccountSelectionsV2025>}
+     * @memberof AccountsSelectionResponseV2025
+     */
+    'identities'?: Array<IdentityAccountSelectionsV2025>;
+}
 /**
  * 
  * @export
@@ -6739,7 +6907,8 @@ export const AttributeDefinitionTypeV2025 = {
     String: 'STRING',
     Long: 'LONG',
     Int: 'INT',
-    Boolean: 'BOOLEAN'
+    Boolean: 'BOOLEAN',
+    Date: 'DATE'
 } as const;
 
 export type AttributeDefinitionTypeV2025 = typeof AttributeDefinitionTypeV2025[keyof typeof AttributeDefinitionTypeV2025];
@@ -16549,6 +16718,33 @@ export interface FeatureValueDtoV2025 {
      */
     'denominator'?: number;
 }
+/**
+ * 
+ * @export
+ * @interface FederationProtocolDetailsV2025
+ */
+export interface FederationProtocolDetailsV2025 {
+    /**
+     * Federation protocol role
+     * @type {string}
+     * @memberof FederationProtocolDetailsV2025
+     */
+    'role'?: FederationProtocolDetailsV2025RoleV2025;
+    /**
+     * An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP).
+     * @type {string}
+     * @memberof FederationProtocolDetailsV2025
+     */
+    'entityId'?: string;
+}
+
+export const FederationProtocolDetailsV2025RoleV2025 = {
+    SamlIdp: 'SAML_IDP',
+    SamlSp: 'SAML_SP'
+} as const;
+
+export type FederationProtocolDetailsV2025RoleV2025 = typeof FederationProtocolDetailsV2025RoleV2025[keyof typeof FederationProtocolDetailsV2025RoleV2025];
+
 /**
  * 
  * @export
@@ -17782,6 +17978,188 @@ export const GetActiveCampaigns200ResponseInnerV2025MandatoryCommentRequirementV
 
 export type GetActiveCampaigns200ResponseInnerV2025MandatoryCommentRequirementV2025 = typeof GetActiveCampaigns200ResponseInnerV2025MandatoryCommentRequirementV2025[keyof typeof GetActiveCampaigns200ResponseInnerV2025MandatoryCommentRequirementV2025];
 
+/**
+ * 
+ * @export
+ * @interface GetCampaign200ResponseV2025
+ */
+export interface GetCampaign200ResponseV2025 {
+    /**
+     * Id of the campaign
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'id'?: string | null;
+    /**
+     * The campaign name. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details. 
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'name': string;
+    /**
+     * The campaign description. If this object is part of a template, special formatting applies; see the `/campaign-templates/{id}/generate` endpoint documentation for details. 
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'description': string | null;
+    /**
+     * The campaign\'s completion deadline.  This date must be in the future in order to activate the campaign.  If you try to activate a campaign with a deadline of today or in the past, you will receive a 400 error response.
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'deadline'?: string | null;
+    /**
+     * The type of campaign. Could be extended in the future.
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'type': GetCampaign200ResponseV2025TypeV2025;
+    /**
+     * Enables email notification for this campaign
+     * @type {boolean}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'emailNotificationEnabled'?: boolean;
+    /**
+     * Allows auto revoke for this campaign
+     * @type {boolean}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'autoRevokeAllowed'?: boolean;
+    /**
+     * Enables IAI for this campaign. Accepts true even if the IAI product feature is off. If IAI is turned off then campaigns generated from this template will indicate false. The real value will then be returned if IAI is ever enabled for the org in the future.
+     * @type {boolean}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'recommendationsEnabled'?: boolean;
+    /**
+     * The campaign\'s current status.
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'status'?: GetCampaign200ResponseV2025StatusV2025 | null;
+    /**
+     * The correlatedStatus of the campaign. Only SOURCE_OWNER campaigns can be Uncorrelated. An Uncorrelated certification campaign only includes Uncorrelated identities (An identity is uncorrelated if it has no accounts on an authoritative source).
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'correlatedStatus'?: GetCampaign200ResponseV2025CorrelatedStatusV2025;
+    /**
+     * Created time of the campaign
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'created'?: string | null;
+    /**
+     * The total number of certifications in this campaign.
+     * @type {number}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'totalCertifications'?: number | null;
+    /**
+     * The number of completed certifications in this campaign.
+     * @type {number}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'completedCertifications'?: number | null;
+    /**
+     * A list of errors and warnings that have accumulated.
+     * @type {Array<CampaignAlertV2025>}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'alerts'?: Array<CampaignAlertV2025> | null;
+    /**
+     * Modified time of the campaign
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'modified'?: string | null;
+    /**
+     * 
+     * @type {CampaignAllOfFilterV2025}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'filter'?: CampaignAllOfFilterV2025 | null;
+    /**
+     * Determines if comments on sunset date changes are required.
+     * @type {boolean}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'sunsetCommentsRequired'?: boolean;
+    /**
+     * 
+     * @type {CampaignAllOfSourceOwnerCampaignInfoV2025}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'sourceOwnerCampaignInfo'?: CampaignAllOfSourceOwnerCampaignInfoV2025 | null;
+    /**
+     * 
+     * @type {CampaignAllOfSearchCampaignInfoV2025}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'searchCampaignInfo'?: CampaignAllOfSearchCampaignInfoV2025 | null;
+    /**
+     * 
+     * @type {CampaignAllOfRoleCompositionCampaignInfoV2025}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'roleCompositionCampaignInfo'?: CampaignAllOfRoleCompositionCampaignInfoV2025 | null;
+    /**
+     * 
+     * @type {CampaignAllOfMachineAccountCampaignInfoV2025}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'machineAccountCampaignInfo'?: CampaignAllOfMachineAccountCampaignInfoV2025 | null;
+    /**
+     * A list of sources in the campaign that contain \\\"orphan entitlements\\\" (entitlements without a corresponding Managed Attribute). An empty list indicates the campaign has no orphan entitlements. Null indicates there may be unknown orphan entitlements in the campaign (the campaign was created before this feature was implemented).
+     * @type {Array<CampaignAllOfSourcesWithOrphanEntitlementsV2025>}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'sourcesWithOrphanEntitlements'?: Array<CampaignAllOfSourcesWithOrphanEntitlementsV2025> | null;
+    /**
+     * Determines whether comments are required for decisions during certification reviews. You can require comments for all decisions, revoke-only decisions, or no decisions. By default, comments are not required for decisions.
+     * @type {string}
+     * @memberof GetCampaign200ResponseV2025
+     */
+    'mandatoryCommentRequirement'?: GetCampaign200ResponseV2025MandatoryCommentRequirementV2025;
+}
+
+export const GetCampaign200ResponseV2025TypeV2025 = {
+    Manager: 'MANAGER',
+    SourceOwner: 'SOURCE_OWNER',
+    Search: 'SEARCH',
+    RoleComposition: 'ROLE_COMPOSITION',
+    MachineAccount: 'MACHINE_ACCOUNT'
+} as const;
+
+export type GetCampaign200ResponseV2025TypeV2025 = typeof GetCampaign200ResponseV2025TypeV2025[keyof typeof GetCampaign200ResponseV2025TypeV2025];
+export const GetCampaign200ResponseV2025StatusV2025 = {
+    Pending: 'PENDING',
+    Staged: 'STAGED',
+    Canceling: 'CANCELING',
+    Activating: 'ACTIVATING',
+    Active: 'ACTIVE',
+    Completing: 'COMPLETING',
+    Completed: 'COMPLETED',
+    Error: 'ERROR',
+    Archived: 'ARCHIVED'
+} as const;
+
+export type GetCampaign200ResponseV2025StatusV2025 = typeof GetCampaign200ResponseV2025StatusV2025[keyof typeof GetCampaign200ResponseV2025StatusV2025];
+export const GetCampaign200ResponseV2025CorrelatedStatusV2025 = {
+    Correlated: 'CORRELATED',
+    Uncorrelated: 'UNCORRELATED'
+} as const;
+
+export type GetCampaign200ResponseV2025CorrelatedStatusV2025 = typeof GetCampaign200ResponseV2025CorrelatedStatusV2025[keyof typeof GetCampaign200ResponseV2025CorrelatedStatusV2025];
+export const GetCampaign200ResponseV2025MandatoryCommentRequirementV2025 = {
+    AllDecisions: 'ALL_DECISIONS',
+    RevokeOnlyDecisions: 'REVOKE_ONLY_DECISIONS',
+    NoDecisions: 'NO_DECISIONS'
+} as const;
+
+export type GetCampaign200ResponseV2025MandatoryCommentRequirementV2025 = typeof GetCampaign200ResponseV2025MandatoryCommentRequirementV2025[keyof typeof GetCampaign200ResponseV2025MandatoryCommentRequirementV2025];
+
 /**
  * @type GetDiscoveredApplications200ResponseInnerV2025
  * @export
@@ -18353,6 +18731,45 @@ export interface Identity1V2025 {
  */
 export type IdentityAccessV2025 = { type: 'ACCESS_PROFILE' } & AccessProfileSummaryV2025 | { type: 'ENTITLEMENT' } & AccessProfileEntitlementV2025 | { type: 'ROLE' } & AccessProfileRoleV2025;
 
+/**
+ * 
+ * @export
+ * @interface IdentityAccountSelectionsV2025
+ */
+export interface IdentityAccountSelectionsV2025 {
+    /**
+     * Available account selections for the identity, per requested item
+     * @type {Array<RequestedItemAccountSelectionsV2025>}
+     * @memberof IdentityAccountSelectionsV2025
+     */
+    'requestedItems'?: Array<RequestedItemAccountSelectionsV2025>;
+    /**
+     * A boolean indicating whether any account selections will be required for the user to raise an access request
+     * @type {boolean}
+     * @memberof IdentityAccountSelectionsV2025
+     */
+    'accountsSelectionRequired'?: boolean;
+    /**
+     * 
+     * @type {DtoTypeV2025}
+     * @memberof IdentityAccountSelectionsV2025
+     */
+    'type'?: DtoTypeV2025;
+    /**
+     * The identity id for the user
+     * @type {string}
+     * @memberof IdentityAccountSelectionsV2025
+     */
+    'id'?: string;
+    /**
+     * The name of the identity
+     * @type {string}
+     * @memberof IdentityAccountSelectionsV2025
+     */
+    'name'?: string;
+}
+
+
 /**
  * 
  * @export
@@ -19636,6 +20053,165 @@ export interface IdentityEntitiesV2025 {
      */
     'identityEntity'?: IdentityEntitiesIdentityEntityV2025;
 }
+/**
+ * 
+ * @export
+ * @interface IdentityEntitlementDetailsAccountTargetV2025
+ */
+export interface IdentityEntitlementDetailsAccountTargetV2025 {
+    /**
+     * The id of account
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'accountId'?: string;
+    /**
+     * The name of account
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'accountName'?: string;
+    /**
+     * The UUID representation of the account if available
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'accountUUID'?: string | null;
+    /**
+     * The id of Source
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'sourceId'?: string;
+    /**
+     * The name of Source
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'sourceName'?: string;
+    /**
+     * The removal date scheduled for the entitlement on the Identity
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'removeDate'?: string | null;
+    /**
+     * The assignmentId of the entitlement on the Identity
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'assignmentId'?: string | null;
+    /**
+     * If the entitlement can be revoked
+     * @type {boolean}
+     * @memberof IdentityEntitlementDetailsAccountTargetV2025
+     */
+    'revocable'?: boolean;
+}
+/**
+ * 
+ * @export
+ * @interface IdentityEntitlementDetailsEntitlementDtoV2025
+ */
+export interface IdentityEntitlementDetailsEntitlementDtoV2025 {
+    /**
+     * The entitlement id
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'id'?: string;
+    /**
+     * The entitlement name
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'name'?: string;
+    /**
+     * Time when the entitlement was last modified
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'created'?: string;
+    /**
+     * Time when the entitlement was last modified
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'modified'?: string;
+    /**
+     * The description of the entitlement
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'description'?: string | null;
+    /**
+     * The type of the object, will always be \"ENTITLEMENT\"
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'type'?: string;
+    /**
+     * The source ID
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'sourceId'?: string;
+    /**
+     * The source name
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'sourceName'?: string;
+    /**
+     * 
+     * @type {OwnerDtoV2025}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'owner'?: OwnerDtoV2025;
+    /**
+     * The value of the entitlement
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'value'?: string;
+    /**
+     * a list of properties informing the viewer about the entitlement
+     * @type {Array<string>}
+     * @memberof IdentityEntitlementDetailsEntitlementDtoV2025
+     */
+    'flags'?: Array<string>;
+}
+/**
+ * 
+ * @export
+ * @interface IdentityEntitlementDetailsV2025
+ */
+export interface IdentityEntitlementDetailsV2025 {
+    /**
+     * Id of Identity
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsV2025
+     */
+    'identityId'?: string;
+    /**
+     * 
+     * @type {IdentityEntitlementDetailsEntitlementDtoV2025}
+     * @memberof IdentityEntitlementDetailsV2025
+     */
+    'entitlement'?: IdentityEntitlementDetailsEntitlementDtoV2025;
+    /**
+     * Id of Source
+     * @type {string}
+     * @memberof IdentityEntitlementDetailsV2025
+     */
+    'sourceId'?: string;
+    /**
+     * A list of account targets on the identity provisioned with the requested entitlement.
+     * @type {Array<IdentityEntitlementDetailsAccountTargetV2025>}
+     * @memberof IdentityEntitlementDetailsV2025
+     */
+    'accountTargets'?: Array<IdentityEntitlementDetailsAccountTargetV2025>;
+}
 /**
  * 
  * @export
@@ -20500,6 +21076,105 @@ export interface IdentityWithNewAccessV2025 {
      */
     'accessRefs': Array<IdentityWithNewAccessAccessRefsInnerV2025>;
 }
+/**
+ * 
+ * @export
+ * @interface IdpDetailsV2025
+ */
+export interface IdpDetailsV2025 {
+    /**
+     * Federation protocol role
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'role'?: IdpDetailsV2025RoleV2025;
+    /**
+     * An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP).
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'entityId'?: string;
+    /**
+     * Defines the binding used for the SAML flow. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'binding'?: string;
+    /**
+     * Specifies the SAML authentication method to use. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'authnContext'?: string;
+    /**
+     * The IDP logout URL. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'logoutUrl'?: string;
+    /**
+     * Determines if the configured AuthnContext should be used or the default. Used with IDP configurations.
+     * @type {boolean}
+     * @memberof IdpDetailsV2025
+     */
+    'includeAuthnContext'?: boolean;
+    /**
+     * The name id format to use. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'nameId'?: string;
+    /**
+     * 
+     * @type {JITConfigurationV2025}
+     * @memberof IdpDetailsV2025
+     */
+    'jitConfiguration'?: JITConfigurationV2025;
+    /**
+     * The Base64-encoded certificate used by the IDP. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'cert'?: string;
+    /**
+     * The IDP POST URL, used with IDP HTTP-POST bindings for IDP-initiated logins. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'loginUrlPost'?: string;
+    /**
+     * The IDP Redirect URL. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'loginUrlRedirect'?: string;
+    /**
+     * Return the saml Id for the given user, based on the IDN as SP settings of the org. Used with IDP configurations.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'mappingAttribute': string;
+    /**
+     * The expiration date extracted from the certificate.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'certificateExpirationDate'?: string;
+    /**
+     * The name extracted from the certificate.
+     * @type {string}
+     * @memberof IdpDetailsV2025
+     */
+    'certificateName'?: string;
+}
+
+export const IdpDetailsV2025RoleV2025 = {
+    SamlIdp: 'SAML_IDP',
+    SamlSp: 'SAML_SP'
+} as const;
+
+export type IdpDetailsV2025RoleV2025 = typeof IdpDetailsV2025RoleV2025[keyof typeof IdpDetailsV2025RoleV2025];
+
 /**
  * 
  * @export
@@ -20945,6 +21620,31 @@ export interface InvocationV2025 {
      */
     'contentJson'?: object;
 }
+/**
+ * 
+ * @export
+ * @interface JITConfigurationV2025
+ */
+export interface JITConfigurationV2025 {
+    /**
+     * The indicator for just-in-time provisioning enabled
+     * @type {boolean}
+     * @memberof JITConfigurationV2025
+     */
+    'enabled'?: boolean;
+    /**
+     * the sourceId that mapped to just-in-time provisioning configuration
+     * @type {string}
+     * @memberof JITConfigurationV2025
+     */
+    'sourceId'?: string;
+    /**
+     * A mapping of identity profile attribute names to SAML assertion attribute names
+     * @type {{ [key: string]: string; }}
+     * @memberof JITConfigurationV2025
+     */
+    'sourceAttributeMappings'?: { [key: string]: string; };
+}
 /**
  * A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)
  * @export
@@ -21290,7 +21990,8 @@ export interface LifecyclestateDeletedV2025 {
 }
 
 export const LifecyclestateDeletedV2025TypeV2025 = {
-    LifecycleState: 'LIFECYCLE_STATE'
+    LifecycleState: 'LIFECYCLE_STATE',
+    TaskResult: 'TASK_RESULT'
 } as const;
 
 export type LifecyclestateDeletedV2025TypeV2025 = typeof LifecyclestateDeletedV2025TypeV2025[keyof typeof LifecyclestateDeletedV2025TypeV2025];
@@ -22040,6 +22741,31 @@ export interface LocalizedMessageV2025 {
      */
     'message': string;
 }
+/**
+ * 
+ * @export
+ * @interface LockoutConfigurationV2025
+ */
+export interface LockoutConfigurationV2025 {
+    /**
+     * The maximum attempts allowed before lockout occurs.
+     * @type {number}
+     * @memberof LockoutConfigurationV2025
+     */
+    'maximumAttempts'?: number;
+    /**
+     * The total time in minutes a user will be locked out.
+     * @type {number}
+     * @memberof LockoutConfigurationV2025
+     */
+    'lockoutDuration'?: number;
+    /**
+     * A rolling window where authentication attempts in a series count towards the maximum before lockout occurs.
+     * @type {number}
+     * @memberof LockoutConfigurationV2025
+     */
+    'lockoutWindow'?: number;
+}
 /**
  * The definition of an Identity according to the Reassignment Configuration service
  * @export
@@ -28122,7 +28848,7 @@ export interface ProvisioningPolicyDtoV2025 {
      * @type {string}
      * @memberof ProvisioningPolicyDtoV2025
      */
-    'name': string;
+    'name': string | null;
     /**
      * the description of the provisioning policy
      * @type {string}
@@ -28155,7 +28881,7 @@ export interface ProvisioningPolicyV2025 {
      * @type {string}
      * @memberof ProvisioningPolicyV2025
      */
-    'name': string;
+    'name': string | null;
     /**
      * the description of the provisioning policy
      * @type {string}
@@ -29701,6 +30427,83 @@ export interface RequestedAccountRefV2025 {
 }
 
 
+/**
+ * 
+ * @export
+ * @interface RequestedForDtoRefV2025
+ */
+export interface RequestedForDtoRefV2025 {
+    /**
+     * The identity id for which the access is requested
+     * @type {string}
+     * @memberof RequestedForDtoRefV2025
+     */
+    'identityId': string;
+    /**
+     * the details for the access items that are requested for the identity
+     * @type {Array<RequestedItemDtoRefV2025>}
+     * @memberof RequestedForDtoRefV2025
+     */
+    'requestedItems': Array<RequestedItemDtoRefV2025>;
+}
+/**
+ * 
+ * @export
+ * @interface RequestedItemAccountSelectionsV2025
+ */
+export interface RequestedItemAccountSelectionsV2025 {
+    /**
+     * The description for this requested item
+     * @type {string}
+     * @memberof RequestedItemAccountSelectionsV2025
+     */
+    'description'?: string;
+    /**
+     * This field indicates if account selections are not allowed for this requested item. * If true, this field indicates that account selections will not be available for this item and user combination. In this case, no account selections should be provided in the access request for this item and user combination, irrespective of whether the user has single or multiple accounts on a source. * An example is where a user is requesting an access profile that is already assigned to one of their accounts. 
+     * @type {boolean}
+     * @memberof RequestedItemAccountSelectionsV2025
+     */
+    'accountsSelectionBlocked'?: boolean;
+    /**
+     * If account selections are not allowed for an item, this field will denote the reason.
+     * @type {string}
+     * @memberof RequestedItemAccountSelectionsV2025
+     */
+    'accountsSelectionBlockedReason'?: string | null;
+    /**
+     * The type of the item being requested.
+     * @type {string}
+     * @memberof RequestedItemAccountSelectionsV2025
+     */
+    'type'?: RequestedItemAccountSelectionsV2025TypeV2025;
+    /**
+     * The id of the requested item
+     * @type {string}
+     * @memberof RequestedItemAccountSelectionsV2025
+     */
+    'id'?: string;
+    /**
+     * The name of the requested item
+     * @type {string}
+     * @memberof RequestedItemAccountSelectionsV2025
+     */
+    'name'?: string;
+    /**
+     * The details for the sources and accounts for the requested item and identity combination
+     * @type {Array<SourceAccountSelectionsV2025>}
+     * @memberof RequestedItemAccountSelectionsV2025
+     */
+    'sources'?: Array<SourceAccountSelectionsV2025>;
+}
+
+export const RequestedItemAccountSelectionsV2025TypeV2025 = {
+    AccessProfile: 'ACCESS_PROFILE',
+    Role: 'ROLE',
+    Entitlement: 'ENTITLEMENT'
+} as const;
+
+export type RequestedItemAccountSelectionsV2025TypeV2025 = typeof RequestedItemAccountSelectionsV2025TypeV2025[keyof typeof RequestedItemAccountSelectionsV2025TypeV2025];
+
 /**
  * 
  * @export
@@ -29729,6 +30532,70 @@ export const RequestedItemDetailsV2025TypeV2025 = {
 
 export type RequestedItemDetailsV2025TypeV2025 = typeof RequestedItemDetailsV2025TypeV2025[keyof typeof RequestedItemDetailsV2025TypeV2025];
 
+/**
+ * 
+ * @export
+ * @interface RequestedItemDtoRefV2025
+ */
+export interface RequestedItemDtoRefV2025 {
+    /**
+     * The type of the item being requested.
+     * @type {string}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'type': RequestedItemDtoRefV2025TypeV2025;
+    /**
+     * ID of Role, Access Profile or Entitlement being requested.
+     * @type {string}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'id': string;
+    /**
+     * Comment provided by requester. * Comment is required when the request is of type Revoke Access. 
+     * @type {string}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'comment'?: string;
+    /**
+     * Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status.
+     * @type {{ [key: string]: string; }}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'clientMetadata'?: { [key: string]: string; };
+    /**
+     * The date the role or access profile or entitlement is no longer assigned to the specified identity. Also known as the expiration date. * Specify a date in the future. * The current SLA for the deprovisioning is 24 hours. * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. You can change the expiration date for requests for yourself or direct reports, but you cannot remove an expiration date on an already approved item. If the access request has not been approved, you can cancel it and submit a new one without the expiration. If it has already been approved, then you have to revoke the access and then re-request without the expiration. 
+     * @type {string}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'removeDate'?: string;
+    /**
+     * The assignmentId for a specific role assignment on the identity. This id is used to revoke that specific roleAssignment on that identity. * For use with REVOKE_ACCESS requests for roles for identities with multiple accounts on a single source. 
+     * @type {string}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'assignmentId'?: string | null;
+    /**
+     * The \'distinguishedName\' field for an account on the identity, also called nativeIdentity. This nativeIdentity is used to revoke a specific attributeAssignment on the identity. * For use with REVOKE_ACCESS requests for entitlements for identities with multiple accounts on a single source. 
+     * @type {string}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'nativeIdentity'?: string | null;
+    /**
+     * The accounts where the access item will be provisioned to * Includes selections performed by the user in the event of multiple accounts existing on the same source * Also includes details for sources where user only has one account 
+     * @type {Array<SourceItemRefV2025>}
+     * @memberof RequestedItemDtoRefV2025
+     */
+    'accountSelection'?: Array<SourceItemRefV2025> | null;
+}
+
+export const RequestedItemDtoRefV2025TypeV2025 = {
+    AccessProfile: 'ACCESS_PROFILE',
+    Role: 'ROLE',
+    Entitlement: 'ENTITLEMENT'
+} as const;
+
+export type RequestedItemDtoRefV2025TypeV2025 = typeof RequestedItemDtoRefV2025TypeV2025[keyof typeof RequestedItemDtoRefV2025TypeV2025];
+
 /**
  * 
  * @export
@@ -35990,6 +36857,179 @@ export const ServiceDeskSourceV2025TypeV2025 = {
 
 export type ServiceDeskSourceV2025TypeV2025 = typeof ServiceDeskSourceV2025TypeV2025[keyof typeof ServiceDeskSourceV2025TypeV2025];
 
+/**
+ * 
+ * @export
+ * @interface ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+ */
+export interface ServiceProviderConfigurationFederationProtocolDetailsInnerV2025 {
+    /**
+     * Federation protocol role
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'role'?: ServiceProviderConfigurationFederationProtocolDetailsInnerV2025RoleV2025;
+    /**
+     * An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP).
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'entityId'?: string;
+    /**
+     * Defines the binding used for the SAML flow. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'binding'?: string;
+    /**
+     * Specifies the SAML authentication method to use. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'authnContext'?: string;
+    /**
+     * The IDP logout URL. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'logoutUrl'?: string;
+    /**
+     * Determines if the configured AuthnContext should be used or the default. Used with IDP configurations.
+     * @type {boolean}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'includeAuthnContext'?: boolean;
+    /**
+     * The name id format to use. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'nameId'?: string;
+    /**
+     * 
+     * @type {JITConfigurationV2025}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'jitConfiguration'?: JITConfigurationV2025;
+    /**
+     * The Base64-encoded certificate used by the IDP. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'cert'?: string;
+    /**
+     * The IDP POST URL, used with IDP HTTP-POST bindings for IDP-initiated logins. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'loginUrlPost'?: string;
+    /**
+     * The IDP Redirect URL. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'loginUrlRedirect'?: string;
+    /**
+     * Return the saml Id for the given user, based on the IDN as SP settings of the org. Used with IDP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'mappingAttribute': string;
+    /**
+     * The expiration date extracted from the certificate.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'certificateExpirationDate'?: string;
+    /**
+     * The name extracted from the certificate.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'certificateName'?: string;
+    /**
+     * Unique alias used to identify the selected local service provider based on used URL. Used with SP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'alias'?: string;
+    /**
+     * The allowed callback URL where users will be redirected to after authentication. Used with SP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'callbackUrl': string;
+    /**
+     * The legacy ACS URL used for SAML authentication. Used with SP configurations.
+     * @type {string}
+     * @memberof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025
+     */
+    'legacyAcsUrl'?: string;
+}
+
+export const ServiceProviderConfigurationFederationProtocolDetailsInnerV2025RoleV2025 = {
+    SamlIdp: 'SAML_IDP',
+    SamlSp: 'SAML_SP'
+} as const;
+
+export type ServiceProviderConfigurationFederationProtocolDetailsInnerV2025RoleV2025 = typeof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025RoleV2025[keyof typeof ServiceProviderConfigurationFederationProtocolDetailsInnerV2025RoleV2025];
+
+/**
+ * Represents the IdentityNow as Service Provider Configuration allowing customers to log into IDN via an Identity Provider
+ * @export
+ * @interface ServiceProviderConfigurationV2025
+ */
+export interface ServiceProviderConfigurationV2025 {
+    /**
+     * This determines whether or not the SAML authentication flow is enabled for an org
+     * @type {boolean}
+     * @memberof ServiceProviderConfigurationV2025
+     */
+    'enabled'?: boolean;
+    /**
+     * This allows basic login with the parameter prompt=true. This is often toggled on when debugging SAML authentication setup. When false, only org admins with MFA-enabled can bypass the IDP.
+     * @type {boolean}
+     * @memberof ServiceProviderConfigurationV2025
+     */
+    'bypassIdp'?: boolean;
+    /**
+     * This indicates whether or not the SAML configuration is valid.
+     * @type {boolean}
+     * @memberof ServiceProviderConfigurationV2025
+     */
+    'samlConfigurationValid'?: boolean;
+    /**
+     * A list of the abstract implementations of the Federation Protocol details. Typically, this will include on SpDetails object and one IdpDetails object used in tandem to define a SAML integration between a customer\'s identity provider and a customer\'s SailPoint instance (i.e., the service provider).
+     * @type {Array<ServiceProviderConfigurationFederationProtocolDetailsInnerV2025>}
+     * @memberof ServiceProviderConfigurationV2025
+     */
+    'federationProtocolDetails'?: Array<ServiceProviderConfigurationFederationProtocolDetailsInnerV2025>;
+}
+/**
+ * 
+ * @export
+ * @interface SessionConfigurationV2025
+ */
+export interface SessionConfigurationV2025 {
+    /**
+     * The maximum time in minutes a session can be idle.
+     * @type {number}
+     * @memberof SessionConfigurationV2025
+     */
+    'maxIdleTime'?: number;
+    /**
+     * Denotes if \'remember me\' is enabled.
+     * @type {boolean}
+     * @memberof SessionConfigurationV2025
+     */
+    'rememberMe'?: boolean;
+    /**
+     * The maximum allowable session time in minutes.
+     * @type {number}
+     * @memberof SessionConfigurationV2025
+     */
+    'maxSessionTime'?: number;
+}
 /**
  * 
  * @export
@@ -37028,6 +38068,39 @@ export interface SourceAccountDeletedV2025 {
      */
     'attributes': { [key: string]: any; };
 }
+/**
+ * 
+ * @export
+ * @interface SourceAccountSelectionsV2025
+ */
+export interface SourceAccountSelectionsV2025 {
+    /**
+     * 
+     * @type {DtoTypeV2025}
+     * @memberof SourceAccountSelectionsV2025
+     */
+    'type'?: DtoTypeV2025;
+    /**
+     * The source id
+     * @type {string}
+     * @memberof SourceAccountSelectionsV2025
+     */
+    'id'?: string;
+    /**
+     * The source name
+     * @type {string}
+     * @memberof SourceAccountSelectionsV2025
+     */
+    'name'?: string;
+    /**
+     * The accounts information for a particular source in the requested item
+     * @type {Array<AccountInfoRefV2025>}
+     * @memberof SourceAccountSelectionsV2025
+     */
+    'accounts'?: Array<AccountInfoRefV2025>;
+}
+
+
 /**
  * 
  * @export
@@ -37813,6 +38886,25 @@ export const SourceHealthDtoV2025StatusV2025 = {
 
 export type SourceHealthDtoV2025StatusV2025 = typeof SourceHealthDtoV2025StatusV2025[keyof typeof SourceHealthDtoV2025StatusV2025];
 
+/**
+ * 
+ * @export
+ * @interface SourceItemRefV2025
+ */
+export interface SourceItemRefV2025 {
+    /**
+     * The id for the source on which account selections are made
+     * @type {string}
+     * @memberof SourceItemRefV2025
+     */
+    'sourceId'?: string | null;
+    /**
+     * A list of account selections on the source. Currently, only one selection per source is supported.
+     * @type {Array<AccountItemRefV2025>}
+     * @memberof SourceItemRefV2025
+     */
+    'accounts'?: Array<AccountItemRefV2025> | null;
+}
 /**
  * Reference to management workgroup for the source.
  * @export
@@ -38937,6 +40029,51 @@ export interface SpConfigRulesV2025 {
      */
     'editable'?: boolean;
 }
+/**
+ * 
+ * @export
+ * @interface SpDetailsV2025
+ */
+export interface SpDetailsV2025 {
+    /**
+     * Federation protocol role
+     * @type {string}
+     * @memberof SpDetailsV2025
+     */
+    'role'?: SpDetailsV2025RoleV2025;
+    /**
+     * An entity ID is a globally unique name for a SAML entity, either an Identity Provider (IDP) or a Service Provider (SP).
+     * @type {string}
+     * @memberof SpDetailsV2025
+     */
+    'entityId'?: string;
+    /**
+     * Unique alias used to identify the selected local service provider based on used URL. Used with SP configurations.
+     * @type {string}
+     * @memberof SpDetailsV2025
+     */
+    'alias'?: string;
+    /**
+     * The allowed callback URL where users will be redirected to after authentication. Used with SP configurations.
+     * @type {string}
+     * @memberof SpDetailsV2025
+     */
+    'callbackUrl': string;
+    /**
+     * The legacy ACS URL used for SAML authentication. Used with SP configurations.
+     * @type {string}
+     * @memberof SpDetailsV2025
+     */
+    'legacyAcsUrl'?: string;
+}
+
+export const SpDetailsV2025RoleV2025 = {
+    SamlIdp: 'SAML_IDP',
+    SamlSp: 'SAML_SP'
+} as const;
+
+export type SpDetailsV2025RoleV2025 = typeof SpDetailsV2025RoleV2025[keyof typeof SpDetailsV2025RoleV2025];
+
 /**
  * 
  * @export
@@ -46211,7 +47348,7 @@ export const AccessRequestsV2025ApiAxiosParamCreator = function (configuration?:
             };
         },
         /**
-         * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. 
+         * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. 
          * @summary Submit Access Request
          * @param {AccessRequestV2025} accessRequestV2025 
          * @param {*} [axiosOptions] Override http request option.
@@ -46293,23 +47430,26 @@ export const AccessRequestsV2025ApiAxiosParamCreator = function (configuration?:
             };
         },
         /**
-         * Use this API to return a list of access request statuses based on the specified query parameters. If an access request was made for access that an identity already has, the API ignores the access request.  These ignored requests do not display in the list of access request statuses. Any user with any user level can get the status of their own access requests. A user with ORG_ADMIN is required to call this API to get a list of statuses for other users.
-         * @summary Access Request Status
-         * @param {string} [requestedFor] Filter the results by the identity the requests were made for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
-         * @param {string} [requestedBy] Filter the results by the identity who made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
-         * @param {string} [regardingIdentity] Filter the results by the specified identity who is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.
-         * @param {string} [assignedTo] Filter the results by the specified identity who is the owner of the Identity Request Work Item. *me* indicates the current user.
-         * @param {boolean} [count] If this is true, the *X-Total-Count* response header populates with the number of results that would be returned if limit and offset were ignored.
-         * @param {number} [limit] Max number of results to return.
-         * @param {number} [offset] Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.
-         * @param {string} [filters] Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)  Filtering is supported for the following fields and operators:  **accessRequestId**: *in*  **accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw*  **created**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
-         * @param {string} [sorters] Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)  Sorting is supported for the following fields: **created, modified, accountActivityItemId, name**
-         * @param {string} [requestState] Filter the results by the state of the request. The only valid value is *EXECUTING*.
+         * Use this API to return the details for a entitlement on an identity including specific data relating to remove date and the ability to revoke the identity.
+         * @summary Identity Entitlement Details
+         * @param {string} identityId The identity ID.
+         * @param {string} entitlementId The entitlement ID
+         * @param {string} [xSailPointExperimental] Use this header to enable this experimental API.
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        listAccessRequestStatus: async (requestedFor?: string, requestedBy?: string, regardingIdentity?: string, assignedTo?: string, count?: boolean, limit?: number, offset?: number, filters?: string, sorters?: string, requestState?: string, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
-            const localVarPath = `/access-request-status`;
+        getEntitlementDetailsForIdentity: async (identityId: string, entitlementId: string, xSailPointExperimental?: string, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+            // verify required parameter 'identityId' is not null or undefined
+            assertParamExists('getEntitlementDetailsForIdentity', 'identityId', identityId)
+            // verify required parameter 'entitlementId' is not null or undefined
+            assertParamExists('getEntitlementDetailsForIdentity', 'entitlementId', entitlementId)
+            if (xSailPointExperimental === undefined) {
+                xSailPointExperimental = 'true';
+            }
+            
+            const localVarPath = `/access-requests/revocable-objects`
+                .replace(`{${"identityId"}}`, encodeURIComponent(String(identityId)))
+                .replace(`{${"entitlementId"}}`, encodeURIComponent(String(entitlementId)));
             // use dummy base URL string because the URL constructor only accepts absolute URLs.
             const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
             let baseOptions;
@@ -46329,48 +47469,11 @@ export const AccessRequestsV2025ApiAxiosParamCreator = function (configuration?:
             // oauth required
             await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
 
-            if (requestedFor !== undefined) {
-                localVarQueryParameter['requested-for'] = requestedFor;
-            }
-
-            if (requestedBy !== undefined) {
-                localVarQueryParameter['requested-by'] = requestedBy;
-            }
-
-            if (regardingIdentity !== undefined) {
-                localVarQueryParameter['regarding-identity'] = regardingIdentity;
-            }
-
-            if (assignedTo !== undefined) {
-                localVarQueryParameter['assigned-to'] = assignedTo;
-            }
-
-            if (count !== undefined) {
-                localVarQueryParameter['count'] = count;
-            }
-
-            if (limit !== undefined) {
-                localVarQueryParameter['limit'] = limit;
-            }
-
-            if (offset !== undefined) {
-                localVarQueryParameter['offset'] = offset;
-            }
-
-            if (filters !== undefined) {
-                localVarQueryParameter['filters'] = filters;
-            }
-
-            if (sorters !== undefined) {
-                localVarQueryParameter['sorters'] = sorters;
-            }
-
-            if (requestState !== undefined) {
-                localVarQueryParameter['request-state'] = requestState;
-            }
-
 
     
+            if (xSailPointExperimental != null) {
+                localVarHeaderParameter['X-SailPoint-Experimental'] = String(xSailPointExperimental);
+            }
             setSearchParams(localVarUrlObj, localVarQueryParameter);
             let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
             localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...axiosOptions.headers};
@@ -46381,8 +47484,8 @@ export const AccessRequestsV2025ApiAxiosParamCreator = function (configuration?:
             };
         },
         /**
-         * Use this API to get access request statuses of all the access requests in the org based on the specified query  parameters. Any user with user level ORG_ADMIN or scope idn:access-request-administration:read can access this endpoint to get  the  access request statuses
-         * @summary Access Request Status for Administrators
+         * Use this API to return a list of access request statuses based on the specified query parameters. If an access request was made for access that an identity already has, the API ignores the access request.  These ignored requests do not display in the list of access request statuses. Any user with any user level can get the status of their own access requests. A user with ORG_ADMIN is required to call this API to get a list of statuses for other users.
+         * @summary Access Request Status
          * @param {string} [requestedFor] Filter the results by the identity the requests were made for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
          * @param {string} [requestedBy] Filter the results by the identity who made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
          * @param {string} [regardingIdentity] Filter the results by the specified identity who is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.
@@ -46390,14 +47493,14 @@ export const AccessRequestsV2025ApiAxiosParamCreator = function (configuration?:
          * @param {boolean} [count] If this is true, the *X-Total-Count* response header populates with the number of results that would be returned if limit and offset were ignored.
          * @param {number} [limit] Max number of results to return.
          * @param {number} [offset] Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.
-         * @param {string} [filters] Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)  Filtering is supported for the following fields and operators:  **accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw*  **accessRequestId**: *in*  **status**: *in, eq, ne*  **created**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
-         * @param {string} [sorters] Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)  Sorting is supported for the following fields: **created, modified, accountActivityItemId, name, accessRequestId**
+         * @param {string} [filters] Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)  Filtering is supported for the following fields and operators:  **accessRequestId**: *in*  **accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw*  **created**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
+         * @param {string} [sorters] Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)  Sorting is supported for the following fields: **created, modified, accountActivityItemId, name**
          * @param {string} [requestState] Filter the results by the state of the request. The only valid value is *EXECUTING*.
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        listAdministratorsAccessRequestStatus: async (requestedFor?: string, requestedBy?: string, regardingIdentity?: string, assignedTo?: string, count?: boolean, limit?: number, offset?: number, filters?: string, sorters?: string, requestState?: string, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
-            const localVarPath = `/access-request-administration`;
+        listAccessRequestStatus: async (requestedFor?: string, requestedBy?: string, regardingIdentity?: string, assignedTo?: string, count?: boolean, limit?: number, offset?: number, filters?: string, sorters?: string, requestState?: string, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+            const localVarPath = `/access-request-status`;
             // use dummy base URL string because the URL constructor only accepts absolute URLs.
             const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
             let baseOptions;
@@ -46468,6 +47571,138 @@ export const AccessRequestsV2025ApiAxiosParamCreator = function (configuration?:
                 axiosOptions: localVarRequestOptions,
             };
         },
+        /**
+         * Use this API to get access request statuses of all the access requests in the org based on the specified query  parameters. Any user with user level ORG_ADMIN or scope idn:access-request-administration:read can access this endpoint to get  the  access request statuses
+         * @summary Access Request Status for Administrators
+         * @param {string} [requestedFor] Filter the results by the identity the requests were made for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
+         * @param {string} [requestedBy] Filter the results by the identity who made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.
+         * @param {string} [regardingIdentity] Filter the results by the specified identity who is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.
+         * @param {string} [assignedTo] Filter the results by the specified identity who is the owner of the Identity Request Work Item. *me* indicates the current user.
+         * @param {boolean} [count] If this is true, the *X-Total-Count* response header populates with the number of results that would be returned if limit and offset were ignored.
+         * @param {number} [limit] Max number of results to return.
+         * @param {number} [offset] Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.
+         * @param {string} [filters] Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)  Filtering is supported for the following fields and operators:  **accountActivityItemId**: *eq, in, ge, gt, le, lt, ne, isnull, sw*  **accessRequestId**: *in*  **status**: *in, eq, ne*  **created**: *eq, in, ge, gt, le, lt, ne, isnull, sw*
+         * @param {string} [sorters] Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)  Sorting is supported for the following fields: **created, modified, accountActivityItemId, name, accessRequestId**
+         * @param {string} [requestState] Filter the results by the state of the request. The only valid value is *EXECUTING*.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        listAdministratorsAccessRequestStatus: async (requestedFor?: string, requestedBy?: string, regardingIdentity?: string, assignedTo?: string, count?: boolean, limit?: number, offset?: number, filters?: string, sorters?: string, requestState?: string, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+            const localVarPath = `/access-request-administration`;
+            // use dummy base URL string because the URL constructor only accepts absolute URLs.
+            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
+            let baseOptions;
+            if (configuration) {
+                baseOptions = configuration.baseOptions;
+            }
+
+            const localVarRequestOptions = { method: 'GET', ...baseOptions, ...axiosOptions};
+            const localVarHeaderParameter = {} as any;
+            const localVarQueryParameter = {} as any;
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+            if (requestedFor !== undefined) {
+                localVarQueryParameter['requested-for'] = requestedFor;
+            }
+
+            if (requestedBy !== undefined) {
+                localVarQueryParameter['requested-by'] = requestedBy;
+            }
+
+            if (regardingIdentity !== undefined) {
+                localVarQueryParameter['regarding-identity'] = regardingIdentity;
+            }
+
+            if (assignedTo !== undefined) {
+                localVarQueryParameter['assigned-to'] = assignedTo;
+            }
+
+            if (count !== undefined) {
+                localVarQueryParameter['count'] = count;
+            }
+
+            if (limit !== undefined) {
+                localVarQueryParameter['limit'] = limit;
+            }
+
+            if (offset !== undefined) {
+                localVarQueryParameter['offset'] = offset;
+            }
+
+            if (filters !== undefined) {
+                localVarQueryParameter['filters'] = filters;
+            }
+
+            if (sorters !== undefined) {
+                localVarQueryParameter['sorters'] = sorters;
+            }
+
+            if (requestState !== undefined) {
+                localVarQueryParameter['request-state'] = requestState;
+            }
+
+
+    
+            setSearchParams(localVarUrlObj, localVarQueryParameter);
+            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...axiosOptions.headers};
+
+            return {
+                url: toPathString(localVarUrlObj),
+                axiosOptions: localVarRequestOptions,
+            };
+        },
+        /**
+         * Use this API to fetch account information for an identity against the items in an access request.  Used to fetch accountSelection for the AccessRequest prior to submitting for async processing. 
+         * @summary Get accounts selections for identity
+         * @param {AccountsSelectionRequestV2025} accountsSelectionRequestV2025 
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        loadAccountSelections: async (accountsSelectionRequestV2025: AccountsSelectionRequestV2025, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+            // verify required parameter 'accountsSelectionRequestV2025' is not null or undefined
+            assertParamExists('loadAccountSelections', 'accountsSelectionRequestV2025', accountsSelectionRequestV2025)
+            const localVarPath = `/access-requests/accounts-selection`;
+            // use dummy base URL string because the URL constructor only accepts absolute URLs.
+            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
+            let baseOptions;
+            if (configuration) {
+                baseOptions = configuration.baseOptions;
+            }
+
+            const localVarRequestOptions = { method: 'POST', ...baseOptions, ...axiosOptions};
+            const localVarHeaderParameter = {} as any;
+            const localVarQueryParameter = {} as any;
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+
+    
+            localVarHeaderParameter['Content-Type'] = 'application/json';
+
+            setSearchParams(localVarUrlObj, localVarQueryParameter);
+            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...axiosOptions.headers};
+            localVarRequestOptions.data = serializeDataIfNeeded(accountsSelectionRequestV2025, localVarRequestOptions, configuration)
+
+            return {
+                url: toPathString(localVarUrlObj),
+                axiosOptions: localVarRequestOptions,
+            };
+        },
         /**
          * This endpoint replaces the current access-request configuration.
          * @summary Update Access Request Configuration
@@ -46576,7 +47811,7 @@ export const AccessRequestsV2025ApiFp = function(configuration?: Configuration)
             return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
         },
         /**
-         * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. 
+         * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. 
          * @summary Submit Access Request
          * @param {AccessRequestV2025} accessRequestV2025 
          * @param {*} [axiosOptions] Override http request option.
@@ -46600,6 +47835,21 @@ export const AccessRequestsV2025ApiFp = function(configuration?: Configuration)
             const localVarOperationServerBasePath = operationServerMap['AccessRequestsV2025Api.getAccessRequestConfig']?.[localVarOperationServerIndex]?.url;
             return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
         },
+        /**
+         * Use this API to return the details for a entitlement on an identity including specific data relating to remove date and the ability to revoke the identity.
+         * @summary Identity Entitlement Details
+         * @param {string} identityId The identity ID.
+         * @param {string} entitlementId The entitlement ID
+         * @param {string} [xSailPointExperimental] Use this header to enable this experimental API.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        async getEntitlementDetailsForIdentity(identityId: string, entitlementId: string, xSailPointExperimental?: string, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<IdentityEntitlementDetailsV2025>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.getEntitlementDetailsForIdentity(identityId, entitlementId, xSailPointExperimental, axiosOptions);
+            const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
+            const localVarOperationServerBasePath = operationServerMap['AccessRequestsV2025Api.getEntitlementDetailsForIdentity']?.[localVarOperationServerIndex]?.url;
+            return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
+        },
         /**
          * Use this API to return a list of access request statuses based on the specified query parameters. If an access request was made for access that an identity already has, the API ignores the access request.  These ignored requests do not display in the list of access request statuses. Any user with any user level can get the status of their own access requests. A user with ORG_ADMIN is required to call this API to get a list of statuses for other users.
          * @summary Access Request Status
@@ -46644,6 +47894,19 @@ export const AccessRequestsV2025ApiFp = function(configuration?: Configuration)
             const localVarOperationServerBasePath = operationServerMap['AccessRequestsV2025Api.listAdministratorsAccessRequestStatus']?.[localVarOperationServerIndex]?.url;
             return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
         },
+        /**
+         * Use this API to fetch account information for an identity against the items in an access request.  Used to fetch accountSelection for the AccessRequest prior to submitting for async processing. 
+         * @summary Get accounts selections for identity
+         * @param {AccountsSelectionRequestV2025} accountsSelectionRequestV2025 
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        async loadAccountSelections(accountsSelectionRequestV2025: AccountsSelectionRequestV2025, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<AccountsSelectionResponseV2025>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.loadAccountSelections(accountsSelectionRequestV2025, axiosOptions);
+            const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
+            const localVarOperationServerBasePath = operationServerMap['AccessRequestsV2025Api.loadAccountSelections']?.[localVarOperationServerIndex]?.url;
+            return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
+        },
         /**
          * This endpoint replaces the current access-request configuration.
          * @summary Update Access Request Configuration
@@ -46708,7 +47971,7 @@ export const AccessRequestsV2025ApiFactory = function (configuration?: Configura
             return localVarFp.closeAccessRequest(requestParameters.closeAccessRequestV2025, requestParameters.xSailPointExperimental, axiosOptions).then((request) => request(axios, basePath));
         },
         /**
-         * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. 
+         * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. 
          * @summary Submit Access Request
          * @param {AccessRequestsV2025ApiCreateAccessRequestRequest} requestParameters Request parameters.
          * @param {*} [axiosOptions] Override http request option.
@@ -46726,6 +47989,16 @@ export const AccessRequestsV2025ApiFactory = function (configuration?: Configura
         getAccessRequestConfig(axiosOptions?: RawAxiosRequestConfig): AxiosPromise<AccessRequestConfigV2025> {
             return localVarFp.getAccessRequestConfig(axiosOptions).then((request) => request(axios, basePath));
         },
+        /**
+         * Use this API to return the details for a entitlement on an identity including specific data relating to remove date and the ability to revoke the identity.
+         * @summary Identity Entitlement Details
+         * @param {AccessRequestsV2025ApiGetEntitlementDetailsForIdentityRequest} requestParameters Request parameters.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        getEntitlementDetailsForIdentity(requestParameters: AccessRequestsV2025ApiGetEntitlementDetailsForIdentityRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<IdentityEntitlementDetailsV2025> {
+            return localVarFp.getEntitlementDetailsForIdentity(requestParameters.identityId, requestParameters.entitlementId, requestParameters.xSailPointExperimental, axiosOptions).then((request) => request(axios, basePath));
+        },
         /**
          * Use this API to return a list of access request statuses based on the specified query parameters. If an access request was made for access that an identity already has, the API ignores the access request.  These ignored requests do not display in the list of access request statuses. Any user with any user level can get the status of their own access requests. A user with ORG_ADMIN is required to call this API to get a list of statuses for other users.
          * @summary Access Request Status
@@ -46746,6 +48019,16 @@ export const AccessRequestsV2025ApiFactory = function (configuration?: Configura
         listAdministratorsAccessRequestStatus(requestParameters: AccessRequestsV2025ApiListAdministratorsAccessRequestStatusRequest = {}, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<Array<AccessRequestAdminItemStatusV2025>> {
             return localVarFp.listAdministratorsAccessRequestStatus(requestParameters.requestedFor, requestParameters.requestedBy, requestParameters.regardingIdentity, requestParameters.assignedTo, requestParameters.count, requestParameters.limit, requestParameters.offset, requestParameters.filters, requestParameters.sorters, requestParameters.requestState, axiosOptions).then((request) => request(axios, basePath));
         },
+        /**
+         * Use this API to fetch account information for an identity against the items in an access request.  Used to fetch accountSelection for the AccessRequest prior to submitting for async processing. 
+         * @summary Get accounts selections for identity
+         * @param {AccessRequestsV2025ApiLoadAccountSelectionsRequest} requestParameters Request parameters.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        loadAccountSelections(requestParameters: AccessRequestsV2025ApiLoadAccountSelectionsRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<AccountsSelectionResponseV2025> {
+            return localVarFp.loadAccountSelections(requestParameters.accountsSelectionRequestV2025, axiosOptions).then((request) => request(axios, basePath));
+        },
         /**
          * This endpoint replaces the current access-request configuration.
          * @summary Update Access Request Configuration
@@ -46836,6 +48119,34 @@ export interface AccessRequestsV2025ApiCreateAccessRequestRequest {
     readonly accessRequestV2025: AccessRequestV2025
 }
 
+/**
+ * Request parameters for getEntitlementDetailsForIdentity operation in AccessRequestsV2025Api.
+ * @export
+ * @interface AccessRequestsV2025ApiGetEntitlementDetailsForIdentityRequest
+ */
+export interface AccessRequestsV2025ApiGetEntitlementDetailsForIdentityRequest {
+    /**
+     * The identity ID.
+     * @type {string}
+     * @memberof AccessRequestsV2025ApiGetEntitlementDetailsForIdentity
+     */
+    readonly identityId: string
+
+    /**
+     * The entitlement ID
+     * @type {string}
+     * @memberof AccessRequestsV2025ApiGetEntitlementDetailsForIdentity
+     */
+    readonly entitlementId: string
+
+    /**
+     * Use this header to enable this experimental API.
+     * @type {string}
+     * @memberof AccessRequestsV2025ApiGetEntitlementDetailsForIdentity
+     */
+    readonly xSailPointExperimental?: string
+}
+
 /**
  * Request parameters for listAccessRequestStatus operation in AccessRequestsV2025Api.
  * @export
@@ -46990,6 +48301,20 @@ export interface AccessRequestsV2025ApiListAdministratorsAccessRequestStatusRequ
     readonly requestState?: string
 }
 
+/**
+ * Request parameters for loadAccountSelections operation in AccessRequestsV2025Api.
+ * @export
+ * @interface AccessRequestsV2025ApiLoadAccountSelectionsRequest
+ */
+export interface AccessRequestsV2025ApiLoadAccountSelectionsRequest {
+    /**
+     * 
+     * @type {AccountsSelectionRequestV2025}
+     * @memberof AccessRequestsV2025ApiLoadAccountSelections
+     */
+    readonly accountsSelectionRequestV2025: AccountsSelectionRequestV2025
+}
+
 /**
  * Request parameters for setAccessRequestConfig operation in AccessRequestsV2025Api.
  * @export
@@ -47060,7 +48385,7 @@ export class AccessRequestsV2025Api extends BaseAPI {
     }
 
     /**
-     * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. 
+     * Use this API to submit an access request in Identity Security Cloud (ISC), where it follows any ISC approval processes.  Access requests are processed asynchronously by ISC. A successful response from this endpoint means that the request has been submitted to ISC and is queued for processing. Because this endpoint is asynchronous, it doesn\'t return an error if you submit duplicate access requests in quick succession or submit an access request for access that is already in progress, approved, or rejected.  It\'s best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can be accomplished by using the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [Pending Access Request Approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) APIs. You can also use the [Search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items an identity has before submitting an access request to ensure that you aren\'t requesting access that is already granted. If you use this API to request access that an identity already has, the API will ignore the request.  These ignored requests do not display when you use the [List Access Request Status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) API.  There are two types of access request:  __GRANT_ACCESS__ * Can be requested for multiple identities in a single request. * Supports self request and request on behalf of other users. Refer to the [Get Access Request Configuration](https://developer.sailpoint.com/idn/api/v3/get-access-request-config) endpoint for request configuration options.   * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. * Roles, access profiles and entitlements can be requested. * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request. * Now supports an alternate field \'requestedForWithRequestedItems\' for users to specify account selections while requesting items where they have more than one account on the source.   __REVOKE_ACCESS__ * Can only be requested for a single identity at a time. * You cannot use an access request to revoke access from an identity if that access has been granted by role membership or by birthright provisioning.  * Does not support self request. Only manager can request to revoke access for their directly managed employees. * If a `removeDate` is specified, then the access will be removed on that date and time only for roles, access profiles and entitlements. * Roles, access profiles, and entitlements can be requested for revocation. * Revoke requests for entitlements are limited to 1 entitlement per access request currently. * You can specify a `removeDate` if the access doesn\'t already have a sunset date. The `removeDate` must be a future date, in the UTC timezone.  * Allows a manager to request to revoke access for direct employees. A user with ORG_ADMIN authority can also request to revoke access from anyone. * Now supports REVOKE_ACCESS requests for identities with multiple accounts on a single source, with the help of \'assignmentId\' and \'nativeIdentity\' fields. 
      * @summary Submit Access Request
      * @param {AccessRequestsV2025ApiCreateAccessRequestRequest} requestParameters Request parameters.
      * @param {*} [axiosOptions] Override http request option.
@@ -47082,6 +48407,18 @@ export class AccessRequestsV2025Api extends BaseAPI {
         return AccessRequestsV2025ApiFp(this.configuration).getAccessRequestConfig(axiosOptions).then((request) => request(this.axios, this.basePath));
     }
 
+    /**
+     * Use this API to return the details for a entitlement on an identity including specific data relating to remove date and the ability to revoke the identity.
+     * @summary Identity Entitlement Details
+     * @param {AccessRequestsV2025ApiGetEntitlementDetailsForIdentityRequest} requestParameters Request parameters.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof AccessRequestsV2025Api
+     */
+    public getEntitlementDetailsForIdentity(requestParameters: AccessRequestsV2025ApiGetEntitlementDetailsForIdentityRequest, axiosOptions?: RawAxiosRequestConfig) {
+        return AccessRequestsV2025ApiFp(this.configuration).getEntitlementDetailsForIdentity(requestParameters.identityId, requestParameters.entitlementId, requestParameters.xSailPointExperimental, axiosOptions).then((request) => request(this.axios, this.basePath));
+    }
+
     /**
      * Use this API to return a list of access request statuses based on the specified query parameters. If an access request was made for access that an identity already has, the API ignores the access request.  These ignored requests do not display in the list of access request statuses. Any user with any user level can get the status of their own access requests. A user with ORG_ADMIN is required to call this API to get a list of statuses for other users.
      * @summary Access Request Status
@@ -47106,6 +48443,18 @@ export class AccessRequestsV2025Api extends BaseAPI {
         return AccessRequestsV2025ApiFp(this.configuration).listAdministratorsAccessRequestStatus(requestParameters.requestedFor, requestParameters.requestedBy, requestParameters.regardingIdentity, requestParameters.assignedTo, requestParameters.count, requestParameters.limit, requestParameters.offset, requestParameters.filters, requestParameters.sorters, requestParameters.requestState, axiosOptions).then((request) => request(this.axios, this.basePath));
     }
 
+    /**
+     * Use this API to fetch account information for an identity against the items in an access request.  Used to fetch accountSelection for the AccessRequest prior to submitting for async processing. 
+     * @summary Get accounts selections for identity
+     * @param {AccessRequestsV2025ApiLoadAccountSelectionsRequest} requestParameters Request parameters.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof AccessRequestsV2025Api
+     */
+    public loadAccountSelections(requestParameters: AccessRequestsV2025ApiLoadAccountSelectionsRequest, axiosOptions?: RawAxiosRequestConfig) {
+        return AccessRequestsV2025ApiFp(this.configuration).loadAccountSelections(requestParameters.accountsSelectionRequestV2025, axiosOptions).then((request) => request(this.axios, this.basePath));
+    }
+
     /**
      * This endpoint replaces the current access-request configuration.
      * @summary Update Access Request Configuration
@@ -55045,7 +56394,7 @@ export const CertificationCampaignsV2025ApiFp = function(configuration?: Configu
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        async getCampaign(id: string, detail?: GetCampaignDetailV2025, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<GetActiveCampaigns200ResponseInnerV2025>> {
+        async getCampaign(id: string, detail?: GetCampaignDetailV2025, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<GetCampaign200ResponseV2025>> {
             const localVarAxiosArgs = await localVarAxiosParamCreator.getCampaign(id, detail, axiosOptions);
             const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
             const localVarOperationServerBasePath = operationServerMap['CertificationCampaignsV2025Api.getCampaign']?.[localVarOperationServerIndex]?.url;
@@ -55329,7 +56678,7 @@ export const CertificationCampaignsV2025ApiFactory = function (configuration?: C
          * @param {*} [axiosOptions] Override http request option.
          * @throws {RequiredError}
          */
-        getCampaign(requestParameters: CertificationCampaignsV2025ApiGetCampaignRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<GetActiveCampaigns200ResponseInnerV2025> {
+        getCampaign(requestParameters: CertificationCampaignsV2025ApiGetCampaignRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<GetCampaign200ResponseV2025> {
             return localVarFp.getCampaign(requestParameters.id, requestParameters.detail, axiosOptions).then((request) => request(axios, basePath));
         },
         /**
@@ -68967,6 +70316,44 @@ export const GlobalTenantSecuritySettingsV2025ApiAxiosParamCreator = function (c
                 axiosOptions: localVarRequestOptions,
             };
         },
+        /**
+         * This API returns the details of an org\'s lockout auth configuration.
+         * @summary Get Auth Org Lockout Configuration.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        getAuthOrgLockoutConfig: async (axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+            const localVarPath = `/auth-org/lockout-config`;
+            // use dummy base URL string because the URL constructor only accepts absolute URLs.
+            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
+            let baseOptions;
+            if (configuration) {
+                baseOptions = configuration.baseOptions;
+            }
+
+            const localVarRequestOptions = { method: 'GET', ...baseOptions, ...axiosOptions};
+            const localVarHeaderParameter = {} as any;
+            const localVarQueryParameter = {} as any;
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+
+    
+            setSearchParams(localVarUrlObj, localVarQueryParameter);
+            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...axiosOptions.headers};
+
+            return {
+                url: toPathString(localVarUrlObj),
+                axiosOptions: localVarRequestOptions,
+            };
+        },
         /**
          * This API returns the details of an org\'s network auth configuration.
          * @summary Get security network configuration.
@@ -69005,6 +70392,126 @@ export const GlobalTenantSecuritySettingsV2025ApiAxiosParamCreator = function (c
                 axiosOptions: localVarRequestOptions,
             };
         },
+        /**
+         * This API returns the details of an org\'s service provider auth configuration.
+         * @summary Get Service Provider Configuration.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        getAuthOrgServiceProviderConfig: async (axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+            const localVarPath = `/auth-org/service-provider-config`;
+            // use dummy base URL string because the URL constructor only accepts absolute URLs.
+            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
+            let baseOptions;
+            if (configuration) {
+                baseOptions = configuration.baseOptions;
+            }
+
+            const localVarRequestOptions = { method: 'GET', ...baseOptions, ...axiosOptions};
+            const localVarHeaderParameter = {} as any;
+            const localVarQueryParameter = {} as any;
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+
+    
+            setSearchParams(localVarUrlObj, localVarQueryParameter);
+            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...axiosOptions.headers};
+
+            return {
+                url: toPathString(localVarUrlObj),
+                axiosOptions: localVarRequestOptions,
+            };
+        },
+        /**
+         * This API returns the details of an org\'s session auth configuration.
+         * @summary Get Auth Org Session Configuration.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        getAuthOrgSessionConfig: async (axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+            const localVarPath = `/auth-org/session-config`;
+            // use dummy base URL string because the URL constructor only accepts absolute URLs.
+            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
+            let baseOptions;
+            if (configuration) {
+                baseOptions = configuration.baseOptions;
+            }
+
+            const localVarRequestOptions = { method: 'GET', ...baseOptions, ...axiosOptions};
+            const localVarHeaderParameter = {} as any;
+            const localVarQueryParameter = {} as any;
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+
+    
+            setSearchParams(localVarUrlObj, localVarQueryParameter);
+            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...axiosOptions.headers};
+
+            return {
+                url: toPathString(localVarUrlObj),
+                axiosOptions: localVarRequestOptions,
+            };
+        },
+        /**
+         * This API updates an existing lockout configuration for an org using PATCH 
+         * @summary Update Auth Org Lockout Configuration
+         * @param {Array<JsonPatchOperationV2025>} jsonPatchOperationV2025 A list of auth org lockout configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Lockout Config conforms to certain logical guidelines, which are:   &#x60;1. maximumAttempts &gt;&#x3D; 1 &amp;&amp; maximumAttempts &lt;&#x3D; 15   2. lockoutDuration &gt;&#x3D; 5 &amp;&amp; lockoutDuration &lt;&#x3D; 60   3. lockoutWindow &gt;&#x3D; 5 &amp;&amp; lockoutDuration &lt;&#x3D; 60&#x60;
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        patchAuthOrgLockoutConfig: async (jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+            // verify required parameter 'jsonPatchOperationV2025' is not null or undefined
+            assertParamExists('patchAuthOrgLockoutConfig', 'jsonPatchOperationV2025', jsonPatchOperationV2025)
+            const localVarPath = `/auth-org/lockout-config`;
+            // use dummy base URL string because the URL constructor only accepts absolute URLs.
+            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
+            let baseOptions;
+            if (configuration) {
+                baseOptions = configuration.baseOptions;
+            }
+
+            const localVarRequestOptions = { method: 'PATCH', ...baseOptions, ...axiosOptions};
+            const localVarHeaderParameter = {} as any;
+            const localVarQueryParameter = {} as any;
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+
+    
+            localVarHeaderParameter['Content-Type'] = 'application/json-patch+json';
+
+            setSearchParams(localVarUrlObj, localVarQueryParameter);
+            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...axiosOptions.headers};
+            localVarRequestOptions.data = serializeDataIfNeeded(jsonPatchOperationV2025, localVarRequestOptions, configuration)
+
+            return {
+                url: toPathString(localVarUrlObj),
+                axiosOptions: localVarRequestOptions,
+            };
+        },
         /**
          * This API updates an existing network configuration for an org using PATCH  Requires security scope of:  \'sp:auth-org:manage\'
          * @summary Update security network configuration.
@@ -69037,6 +70544,94 @@ export const GlobalTenantSecuritySettingsV2025ApiAxiosParamCreator = function (c
 
 
     
+            localVarHeaderParameter['Content-Type'] = 'application/json-patch+json';
+
+            setSearchParams(localVarUrlObj, localVarQueryParameter);
+            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...axiosOptions.headers};
+            localVarRequestOptions.data = serializeDataIfNeeded(jsonPatchOperationV2025, localVarRequestOptions, configuration)
+
+            return {
+                url: toPathString(localVarUrlObj),
+                axiosOptions: localVarRequestOptions,
+            };
+        },
+        /**
+         * This API updates an existing service provider configuration for an org using PATCH.
+         * @summary Update Service Provider Configuration
+         * @param {Array<JsonPatchOperationV2025>} jsonPatchOperationV2025 A list of auth org service provider configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Note: /federationProtocolDetails/0 is IdpDetails /federationProtocolDetails/1 is SpDetails Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are:   1. Do not add or remove any elements in the federation protocol details in the service provider configuration.   2. Do not modify, add, or delete the service provider details element in the federation protocol details.   3. If this is the first time the patched ServiceProviderConfig enables Remote IDP sign-in, it must also include IDPDetails.   4. If the patch enables Remote IDP sign in, the entityID in the IDPDetails cannot be null. IDPDetails must include an entityID.   5. Any JIT configuration update must be valid.  Just in time configuration update must be valid when enabled. This includes:   - A Source ID   - Source attribute mappings   - Source attribute maps have all the required key values (firstName, lastName, email)
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        patchAuthOrgServiceProviderConfig: async (jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+            // verify required parameter 'jsonPatchOperationV2025' is not null or undefined
+            assertParamExists('patchAuthOrgServiceProviderConfig', 'jsonPatchOperationV2025', jsonPatchOperationV2025)
+            const localVarPath = `/auth-org/service-provider-config`;
+            // use dummy base URL string because the URL constructor only accepts absolute URLs.
+            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
+            let baseOptions;
+            if (configuration) {
+                baseOptions = configuration.baseOptions;
+            }
+
+            const localVarRequestOptions = { method: 'PATCH', ...baseOptions, ...axiosOptions};
+            const localVarHeaderParameter = {} as any;
+            const localVarQueryParameter = {} as any;
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+
+    
+            localVarHeaderParameter['Content-Type'] = 'application/json-patch+json';
+
+            setSearchParams(localVarUrlObj, localVarQueryParameter);
+            let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+            localVarRequestOptions.headers = {...localVarHeaderParameter, ...headersFromBaseOptions, ...axiosOptions.headers};
+            localVarRequestOptions.data = serializeDataIfNeeded(jsonPatchOperationV2025, localVarRequestOptions, configuration)
+
+            return {
+                url: toPathString(localVarUrlObj),
+                axiosOptions: localVarRequestOptions,
+            };
+        },
+        /**
+         * This API updates an existing session configuration for an org using PATCH.
+         * @summary Update Auth Org Session Configuration
+         * @param {Array<JsonPatchOperationV2025>} jsonPatchOperationV2025 A list of auth org session configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.  Ensures that the patched Session Config conforms to certain logical guidelines, which are:   &#x60;1. maxSessionTime &gt;&#x3D; 1 &amp;&amp; maxSessionTime &lt;&#x3D; 10080 (1 week)   2. maxIdleTime &gt;&#x3D; 1 &amp;&amp; maxIdleTime &lt;&#x3D; 1440 (1 day)   3. maxSessionTime must have a greater duration than maxIdleTime.&#x60; 
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        patchAuthOrgSessionConfig: async (jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, axiosOptions: RawAxiosRequestConfig = {}): Promise<RequestArgs> => {
+            // verify required parameter 'jsonPatchOperationV2025' is not null or undefined
+            assertParamExists('patchAuthOrgSessionConfig', 'jsonPatchOperationV2025', jsonPatchOperationV2025)
+            const localVarPath = `/auth-org/session-config`;
+            // use dummy base URL string because the URL constructor only accepts absolute URLs.
+            const localVarUrlObj = new URL(localVarPath, DUMMY_BASE_URL);
+            let baseOptions;
+            if (configuration) {
+                baseOptions = configuration.baseOptions;
+            }
+
+            const localVarRequestOptions = { method: 'PATCH', ...baseOptions, ...axiosOptions};
+            const localVarHeaderParameter = {} as any;
+            const localVarQueryParameter = {} as any;
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+            // authentication userAuth required
+            // oauth required
+            await setOAuthToObject(localVarHeaderParameter, "userAuth", [], configuration)
+
+
+    
             localVarHeaderParameter['Content-Type'] = 'application/json-patch+json';
 
             setSearchParams(localVarUrlObj, localVarQueryParameter);
@@ -69072,6 +70667,18 @@ export const GlobalTenantSecuritySettingsV2025ApiFp = function(configuration?: C
             const localVarOperationServerBasePath = operationServerMap['GlobalTenantSecuritySettingsV2025Api.createAuthOrgNetworkConfig']?.[localVarOperationServerIndex]?.url;
             return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
         },
+        /**
+         * This API returns the details of an org\'s lockout auth configuration.
+         * @summary Get Auth Org Lockout Configuration.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        async getAuthOrgLockoutConfig(axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<LockoutConfigurationV2025>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.getAuthOrgLockoutConfig(axiosOptions);
+            const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
+            const localVarOperationServerBasePath = operationServerMap['GlobalTenantSecuritySettingsV2025Api.getAuthOrgLockoutConfig']?.[localVarOperationServerIndex]?.url;
+            return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
+        },
         /**
          * This API returns the details of an org\'s network auth configuration.
          * @summary Get security network configuration.
@@ -69084,6 +70691,43 @@ export const GlobalTenantSecuritySettingsV2025ApiFp = function(configuration?: C
             const localVarOperationServerBasePath = operationServerMap['GlobalTenantSecuritySettingsV2025Api.getAuthOrgNetworkConfig']?.[localVarOperationServerIndex]?.url;
             return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
         },
+        /**
+         * This API returns the details of an org\'s service provider auth configuration.
+         * @summary Get Service Provider Configuration.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        async getAuthOrgServiceProviderConfig(axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<ServiceProviderConfigurationV2025>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.getAuthOrgServiceProviderConfig(axiosOptions);
+            const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
+            const localVarOperationServerBasePath = operationServerMap['GlobalTenantSecuritySettingsV2025Api.getAuthOrgServiceProviderConfig']?.[localVarOperationServerIndex]?.url;
+            return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
+        },
+        /**
+         * This API returns the details of an org\'s session auth configuration.
+         * @summary Get Auth Org Session Configuration.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        async getAuthOrgSessionConfig(axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<SessionConfigurationV2025>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.getAuthOrgSessionConfig(axiosOptions);
+            const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
+            const localVarOperationServerBasePath = operationServerMap['GlobalTenantSecuritySettingsV2025Api.getAuthOrgSessionConfig']?.[localVarOperationServerIndex]?.url;
+            return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
+        },
+        /**
+         * This API updates an existing lockout configuration for an org using PATCH 
+         * @summary Update Auth Org Lockout Configuration
+         * @param {Array<JsonPatchOperationV2025>} jsonPatchOperationV2025 A list of auth org lockout configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Lockout Config conforms to certain logical guidelines, which are:   &#x60;1. maximumAttempts &gt;&#x3D; 1 &amp;&amp; maximumAttempts &lt;&#x3D; 15   2. lockoutDuration &gt;&#x3D; 5 &amp;&amp; lockoutDuration &lt;&#x3D; 60   3. lockoutWindow &gt;&#x3D; 5 &amp;&amp; lockoutDuration &lt;&#x3D; 60&#x60;
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        async patchAuthOrgLockoutConfig(jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<LockoutConfigurationV2025>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.patchAuthOrgLockoutConfig(jsonPatchOperationV2025, axiosOptions);
+            const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
+            const localVarOperationServerBasePath = operationServerMap['GlobalTenantSecuritySettingsV2025Api.patchAuthOrgLockoutConfig']?.[localVarOperationServerIndex]?.url;
+            return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
+        },
         /**
          * This API updates an existing network configuration for an org using PATCH  Requires security scope of:  \'sp:auth-org:manage\'
          * @summary Update security network configuration.
@@ -69097,6 +70741,32 @@ export const GlobalTenantSecuritySettingsV2025ApiFp = function(configuration?: C
             const localVarOperationServerBasePath = operationServerMap['GlobalTenantSecuritySettingsV2025Api.patchAuthOrgNetworkConfig']?.[localVarOperationServerIndex]?.url;
             return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
         },
+        /**
+         * This API updates an existing service provider configuration for an org using PATCH.
+         * @summary Update Service Provider Configuration
+         * @param {Array<JsonPatchOperationV2025>} jsonPatchOperationV2025 A list of auth org service provider configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Note: /federationProtocolDetails/0 is IdpDetails /federationProtocolDetails/1 is SpDetails Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are:   1. Do not add or remove any elements in the federation protocol details in the service provider configuration.   2. Do not modify, add, or delete the service provider details element in the federation protocol details.   3. If this is the first time the patched ServiceProviderConfig enables Remote IDP sign-in, it must also include IDPDetails.   4. If the patch enables Remote IDP sign in, the entityID in the IDPDetails cannot be null. IDPDetails must include an entityID.   5. Any JIT configuration update must be valid.  Just in time configuration update must be valid when enabled. This includes:   - A Source ID   - Source attribute mappings   - Source attribute maps have all the required key values (firstName, lastName, email)
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        async patchAuthOrgServiceProviderConfig(jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<ServiceProviderConfigurationV2025>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.patchAuthOrgServiceProviderConfig(jsonPatchOperationV2025, axiosOptions);
+            const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
+            const localVarOperationServerBasePath = operationServerMap['GlobalTenantSecuritySettingsV2025Api.patchAuthOrgServiceProviderConfig']?.[localVarOperationServerIndex]?.url;
+            return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
+        },
+        /**
+         * This API updates an existing session configuration for an org using PATCH.
+         * @summary Update Auth Org Session Configuration
+         * @param {Array<JsonPatchOperationV2025>} jsonPatchOperationV2025 A list of auth org session configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.  Ensures that the patched Session Config conforms to certain logical guidelines, which are:   &#x60;1. maxSessionTime &gt;&#x3D; 1 &amp;&amp; maxSessionTime &lt;&#x3D; 10080 (1 week)   2. maxIdleTime &gt;&#x3D; 1 &amp;&amp; maxIdleTime &lt;&#x3D; 1440 (1 day)   3. maxSessionTime must have a greater duration than maxIdleTime.&#x60; 
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        async patchAuthOrgSessionConfig(jsonPatchOperationV2025: Array<JsonPatchOperationV2025>, axiosOptions?: RawAxiosRequestConfig): Promise<(axios?: AxiosInstance, basePath?: string) => AxiosPromise<SessionConfigurationV2025>> {
+            const localVarAxiosArgs = await localVarAxiosParamCreator.patchAuthOrgSessionConfig(jsonPatchOperationV2025, axiosOptions);
+            const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
+            const localVarOperationServerBasePath = operationServerMap['GlobalTenantSecuritySettingsV2025Api.patchAuthOrgSessionConfig']?.[localVarOperationServerIndex]?.url;
+            return (axios, basePath) => createRequestFunction(localVarAxiosArgs, globalAxios, BASE_PATH, configuration)(axios, localVarOperationServerBasePath || basePath);
+        },
     }
 };
 
@@ -69117,6 +70787,15 @@ export const GlobalTenantSecuritySettingsV2025ApiFactory = function (configurati
         createAuthOrgNetworkConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiCreateAuthOrgNetworkConfigRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<NetworkConfigurationV2025> {
             return localVarFp.createAuthOrgNetworkConfig(requestParameters.networkConfigurationV2025, axiosOptions).then((request) => request(axios, basePath));
         },
+        /**
+         * This API returns the details of an org\'s lockout auth configuration.
+         * @summary Get Auth Org Lockout Configuration.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        getAuthOrgLockoutConfig(axiosOptions?: RawAxiosRequestConfig): AxiosPromise<LockoutConfigurationV2025> {
+            return localVarFp.getAuthOrgLockoutConfig(axiosOptions).then((request) => request(axios, basePath));
+        },
         /**
          * This API returns the details of an org\'s network auth configuration.
          * @summary Get security network configuration.
@@ -69126,6 +70805,34 @@ export const GlobalTenantSecuritySettingsV2025ApiFactory = function (configurati
         getAuthOrgNetworkConfig(axiosOptions?: RawAxiosRequestConfig): AxiosPromise<NetworkConfigurationV2025> {
             return localVarFp.getAuthOrgNetworkConfig(axiosOptions).then((request) => request(axios, basePath));
         },
+        /**
+         * This API returns the details of an org\'s service provider auth configuration.
+         * @summary Get Service Provider Configuration.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        getAuthOrgServiceProviderConfig(axiosOptions?: RawAxiosRequestConfig): AxiosPromise<ServiceProviderConfigurationV2025> {
+            return localVarFp.getAuthOrgServiceProviderConfig(axiosOptions).then((request) => request(axios, basePath));
+        },
+        /**
+         * This API returns the details of an org\'s session auth configuration.
+         * @summary Get Auth Org Session Configuration.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        getAuthOrgSessionConfig(axiosOptions?: RawAxiosRequestConfig): AxiosPromise<SessionConfigurationV2025> {
+            return localVarFp.getAuthOrgSessionConfig(axiosOptions).then((request) => request(axios, basePath));
+        },
+        /**
+         * This API updates an existing lockout configuration for an org using PATCH 
+         * @summary Update Auth Org Lockout Configuration
+         * @param {GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgLockoutConfigRequest} requestParameters Request parameters.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        patchAuthOrgLockoutConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgLockoutConfigRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<LockoutConfigurationV2025> {
+            return localVarFp.patchAuthOrgLockoutConfig(requestParameters.jsonPatchOperationV2025, axiosOptions).then((request) => request(axios, basePath));
+        },
         /**
          * This API updates an existing network configuration for an org using PATCH  Requires security scope of:  \'sp:auth-org:manage\'
          * @summary Update security network configuration.
@@ -69136,6 +70843,26 @@ export const GlobalTenantSecuritySettingsV2025ApiFactory = function (configurati
         patchAuthOrgNetworkConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgNetworkConfigRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<NetworkConfigurationV2025> {
             return localVarFp.patchAuthOrgNetworkConfig(requestParameters.jsonPatchOperationV2025, axiosOptions).then((request) => request(axios, basePath));
         },
+        /**
+         * This API updates an existing service provider configuration for an org using PATCH.
+         * @summary Update Service Provider Configuration
+         * @param {GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgServiceProviderConfigRequest} requestParameters Request parameters.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        patchAuthOrgServiceProviderConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgServiceProviderConfigRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<ServiceProviderConfigurationV2025> {
+            return localVarFp.patchAuthOrgServiceProviderConfig(requestParameters.jsonPatchOperationV2025, axiosOptions).then((request) => request(axios, basePath));
+        },
+        /**
+         * This API updates an existing session configuration for an org using PATCH.
+         * @summary Update Auth Org Session Configuration
+         * @param {GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgSessionConfigRequest} requestParameters Request parameters.
+         * @param {*} [axiosOptions] Override http request option.
+         * @throws {RequiredError}
+         */
+        patchAuthOrgSessionConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgSessionConfigRequest, axiosOptions?: RawAxiosRequestConfig): AxiosPromise<SessionConfigurationV2025> {
+            return localVarFp.patchAuthOrgSessionConfig(requestParameters.jsonPatchOperationV2025, axiosOptions).then((request) => request(axios, basePath));
+        },
     };
 };
 
@@ -69153,6 +70880,20 @@ export interface GlobalTenantSecuritySettingsV2025ApiCreateAuthOrgNetworkConfigR
     readonly networkConfigurationV2025: NetworkConfigurationV2025
 }
 
+/**
+ * Request parameters for patchAuthOrgLockoutConfig operation in GlobalTenantSecuritySettingsV2025Api.
+ * @export
+ * @interface GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgLockoutConfigRequest
+ */
+export interface GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgLockoutConfigRequest {
+    /**
+     * A list of auth org lockout configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Ensures that the patched Lockout Config conforms to certain logical guidelines, which are:   &#x60;1. maximumAttempts &gt;&#x3D; 1 &amp;&amp; maximumAttempts &lt;&#x3D; 15   2. lockoutDuration &gt;&#x3D; 5 &amp;&amp; lockoutDuration &lt;&#x3D; 60   3. lockoutWindow &gt;&#x3D; 5 &amp;&amp; lockoutDuration &lt;&#x3D; 60&#x60;
+     * @type {Array<JsonPatchOperationV2025>}
+     * @memberof GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgLockoutConfig
+     */
+    readonly jsonPatchOperationV2025: Array<JsonPatchOperationV2025>
+}
+
 /**
  * Request parameters for patchAuthOrgNetworkConfig operation in GlobalTenantSecuritySettingsV2025Api.
  * @export
@@ -69167,6 +70908,34 @@ export interface GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgNetworkConfigRe
     readonly jsonPatchOperationV2025: Array<JsonPatchOperationV2025>
 }
 
+/**
+ * Request parameters for patchAuthOrgServiceProviderConfig operation in GlobalTenantSecuritySettingsV2025Api.
+ * @export
+ * @interface GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgServiceProviderConfigRequest
+ */
+export interface GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgServiceProviderConfigRequest {
+    /**
+     * A list of auth org service provider configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Note: /federationProtocolDetails/0 is IdpDetails /federationProtocolDetails/1 is SpDetails Ensures that the patched ServiceProviderConfig conforms to certain logical guidelines, which are:   1. Do not add or remove any elements in the federation protocol details in the service provider configuration.   2. Do not modify, add, or delete the service provider details element in the federation protocol details.   3. If this is the first time the patched ServiceProviderConfig enables Remote IDP sign-in, it must also include IDPDetails.   4. If the patch enables Remote IDP sign in, the entityID in the IDPDetails cannot be null. IDPDetails must include an entityID.   5. Any JIT configuration update must be valid.  Just in time configuration update must be valid when enabled. This includes:   - A Source ID   - Source attribute mappings   - Source attribute maps have all the required key values (firstName, lastName, email)
+     * @type {Array<JsonPatchOperationV2025>}
+     * @memberof GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgServiceProviderConfig
+     */
+    readonly jsonPatchOperationV2025: Array<JsonPatchOperationV2025>
+}
+
+/**
+ * Request parameters for patchAuthOrgSessionConfig operation in GlobalTenantSecuritySettingsV2025Api.
+ * @export
+ * @interface GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgSessionConfigRequest
+ */
+export interface GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgSessionConfigRequest {
+    /**
+     * A list of auth org session configuration update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.  Ensures that the patched Session Config conforms to certain logical guidelines, which are:   &#x60;1. maxSessionTime &gt;&#x3D; 1 &amp;&amp; maxSessionTime &lt;&#x3D; 10080 (1 week)   2. maxIdleTime &gt;&#x3D; 1 &amp;&amp; maxIdleTime &lt;&#x3D; 1440 (1 day)   3. maxSessionTime must have a greater duration than maxIdleTime.&#x60; 
+     * @type {Array<JsonPatchOperationV2025>}
+     * @memberof GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgSessionConfig
+     */
+    readonly jsonPatchOperationV2025: Array<JsonPatchOperationV2025>
+}
+
 /**
  * GlobalTenantSecuritySettingsV2025Api - object-oriented interface
  * @export
@@ -69186,6 +70955,17 @@ export class GlobalTenantSecuritySettingsV2025Api extends BaseAPI {
         return GlobalTenantSecuritySettingsV2025ApiFp(this.configuration).createAuthOrgNetworkConfig(requestParameters.networkConfigurationV2025, axiosOptions).then((request) => request(this.axios, this.basePath));
     }
 
+    /**
+     * This API returns the details of an org\'s lockout auth configuration.
+     * @summary Get Auth Org Lockout Configuration.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof GlobalTenantSecuritySettingsV2025Api
+     */
+    public getAuthOrgLockoutConfig(axiosOptions?: RawAxiosRequestConfig) {
+        return GlobalTenantSecuritySettingsV2025ApiFp(this.configuration).getAuthOrgLockoutConfig(axiosOptions).then((request) => request(this.axios, this.basePath));
+    }
+
     /**
      * This API returns the details of an org\'s network auth configuration.
      * @summary Get security network configuration.
@@ -69197,6 +70977,40 @@ export class GlobalTenantSecuritySettingsV2025Api extends BaseAPI {
         return GlobalTenantSecuritySettingsV2025ApiFp(this.configuration).getAuthOrgNetworkConfig(axiosOptions).then((request) => request(this.axios, this.basePath));
     }
 
+    /**
+     * This API returns the details of an org\'s service provider auth configuration.
+     * @summary Get Service Provider Configuration.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof GlobalTenantSecuritySettingsV2025Api
+     */
+    public getAuthOrgServiceProviderConfig(axiosOptions?: RawAxiosRequestConfig) {
+        return GlobalTenantSecuritySettingsV2025ApiFp(this.configuration).getAuthOrgServiceProviderConfig(axiosOptions).then((request) => request(this.axios, this.basePath));
+    }
+
+    /**
+     * This API returns the details of an org\'s session auth configuration.
+     * @summary Get Auth Org Session Configuration.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof GlobalTenantSecuritySettingsV2025Api
+     */
+    public getAuthOrgSessionConfig(axiosOptions?: RawAxiosRequestConfig) {
+        return GlobalTenantSecuritySettingsV2025ApiFp(this.configuration).getAuthOrgSessionConfig(axiosOptions).then((request) => request(this.axios, this.basePath));
+    }
+
+    /**
+     * This API updates an existing lockout configuration for an org using PATCH 
+     * @summary Update Auth Org Lockout Configuration
+     * @param {GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgLockoutConfigRequest} requestParameters Request parameters.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof GlobalTenantSecuritySettingsV2025Api
+     */
+    public patchAuthOrgLockoutConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgLockoutConfigRequest, axiosOptions?: RawAxiosRequestConfig) {
+        return GlobalTenantSecuritySettingsV2025ApiFp(this.configuration).patchAuthOrgLockoutConfig(requestParameters.jsonPatchOperationV2025, axiosOptions).then((request) => request(this.axios, this.basePath));
+    }
+
     /**
      * This API updates an existing network configuration for an org using PATCH  Requires security scope of:  \'sp:auth-org:manage\'
      * @summary Update security network configuration.
@@ -69208,6 +71022,30 @@ export class GlobalTenantSecuritySettingsV2025Api extends BaseAPI {
     public patchAuthOrgNetworkConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgNetworkConfigRequest, axiosOptions?: RawAxiosRequestConfig) {
         return GlobalTenantSecuritySettingsV2025ApiFp(this.configuration).patchAuthOrgNetworkConfig(requestParameters.jsonPatchOperationV2025, axiosOptions).then((request) => request(this.axios, this.basePath));
     }
+
+    /**
+     * This API updates an existing service provider configuration for an org using PATCH.
+     * @summary Update Service Provider Configuration
+     * @param {GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgServiceProviderConfigRequest} requestParameters Request parameters.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof GlobalTenantSecuritySettingsV2025Api
+     */
+    public patchAuthOrgServiceProviderConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgServiceProviderConfigRequest, axiosOptions?: RawAxiosRequestConfig) {
+        return GlobalTenantSecuritySettingsV2025ApiFp(this.configuration).patchAuthOrgServiceProviderConfig(requestParameters.jsonPatchOperationV2025, axiosOptions).then((request) => request(this.axios, this.basePath));
+    }
+
+    /**
+     * This API updates an existing session configuration for an org using PATCH.
+     * @summary Update Auth Org Session Configuration
+     * @param {GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgSessionConfigRequest} requestParameters Request parameters.
+     * @param {*} [axiosOptions] Override http request option.
+     * @throws {RequiredError}
+     * @memberof GlobalTenantSecuritySettingsV2025Api
+     */
+    public patchAuthOrgSessionConfig(requestParameters: GlobalTenantSecuritySettingsV2025ApiPatchAuthOrgSessionConfigRequest, axiosOptions?: RawAxiosRequestConfig) {
+        return GlobalTenantSecuritySettingsV2025ApiFp(this.configuration).patchAuthOrgSessionConfig(requestParameters.jsonPatchOperationV2025, axiosOptions).then((request) => request(this.axios, this.basePath));
+    }
 }