GET Security Claims

The GET /Security/Claims method is used to return the list of security claims configured in Keyfactor Command. This method returns HTTP 200 OK on a success with the details of the security claims.

Tip:  The following permissions (see Security Roles and Claims) are required to use this feature:

/security/read/

Table 628: GET Security Claims Input Parameters

Name In Description
QueryString Query

A string containing a query to limit the results (e.g. field1 -eq value1 AND field2 -gt value2). The default is to return all records. Fields available for querying through the API for the most part match those that appear in the Keyfactor Command Management Portal search dropdowns for the same feature. For querying guidelines, refer to: Using the Security Claim Search Feature. The query fields supported for this endpoint are:

  • ADClaimValue
  • ClaimType
  • ClaimValue
  • Description
PageReturned Query An integer that specifies how many multiples of the returnLimit to skip and offset by before returning results, to enable paging. The default is 1.
ReturnLimit Query An integer that specifies how many results to return per page. The default is 50.
SortField Query A string containing the property by which the results should be sorted. Fields available for sorting through the API for the most part match those that appear as sortable columns in the Keyfactor Command Management Portal. The default sort field is Provider.
SortAscending Query An integer that sets the sort order on the returned results. A value of 0 sorts results in ascending order while a value of 1 sorts results in descending order. The default is ascending.

Table 629: GET Security Claims Response Data

Name In Description
Id   An integer containing the Keyfactor Command reference ID for the security claim.
Description Body A string indicating a description for the security claim.
Claim Type Body

A string indicating the type of claim. ClosedShow claim type details.
Claim Value Body A string containing the identifying information for the entity specified in the claim. For Active Directory users and groups, this will be in the form DOMAIN\user or group name (e.g. KEYEXAMPLE\PKI Administrators). For Active Directory computers, this will be in the form of a machine account (e.g. KEYEXAMPLE\MyServer$).
Provider Body

An object containing information about the provider assigned to the security claim. ClosedShow authentication provider details.

Name Description
Id A string indicating the Keyfactor Command reference GUID for the provider.
Authentication Scheme A string indicating the provider auth scheme (e.g. Active Directory, or Client Certificate Authentication CA, or unknown).
Display Name A string containing the short reference name for the provider (e.g. Active Directory).
Tip:  See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor APIClosed An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflowClosed A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon () at the top of the Management Portal page next to the Log Out button.