POST Security Identities

The POST /Security/Identities method is used to create a new security identity in Keyfactor Command. For Active Directory, use the GET /Security/Identities/Lookup method (see GET Security Identities Lookup) before creating the new identity to confirm that the identity you plan to create is valid. This method returns HTTP 200 OK on a success with the details of the new security identity.

Note: This endpoint

An endpoint is a URL that enables the API to gain access to resources on a server. is for managing legacy formatted Active Directory identities only and is retained for backwards compatibility. New applications should use the Security Claims set of endpoints for both Active Directory and other identity providers (see Security).

Tip: This method cannot be used to assign roles to an identity. Use the PUT /Security/Roles method (see PUT Security Roles) to assign roles to an identity.

Tip: The following permissions (see Security Roles and Claims) are required to use this feature:

/security/modify/

The user must hold a role containing this permission in the Global Permission Set (see Permission Sets).

Table 652: POST Security Identities Input Parameters

Name	In	Description
AccountName	Body	Required. A string containing the account name for the security identity. For Active Directory user and groups, this will be in the form DOMAIN\\user or group name. For example: KEYEXAMPLE\\PKI Administrators

Table 653: POST Security Identities Response Data

Name	Description
Id	An integer containing the Keyfactor Command identifier for the security identity.
AccountName	A string containing the account name for the security identity. For Active Directory user and groups, this will be in the form DOMAIN\\user or group name. For example: KEYEXAMPLE\\PKI Administrators
IdentityType	A string indicating the type of identity—User or Group.
Roles	An array of objects containing information about the security roles assigned to the security identity. For new security identities, this will be blank.
Valid	A Boolean that indicates whether the security identity's audit XML is valid (true) or not (false). A security identity may become invalid if Keyfactor Command determines that it appears to have been tampered with.

Tip: See the Keyfactor API Reference and Utility which provides a utility through which the Keyfactor API

An API is a set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. endpoints can be called and results returned. It is intended to be used primarily for validation, testing and workflow

A workflow is a series of steps necessary to complete a process. In Keyfactor Command, it refers to the workflow builder, which allows you to automate event-driven tasks such as when a certificate is requested, revoked or found in a certificate store. development. It also serves secondarily as documentation for the API. The link to the Keyfactor API Reference and Utility is in the dropdown from the help icon (

) at the top of the Management Portal page next to the Log Out button.

Was this page helpful? Provide Feedback

Version v25.2.2

On this page: