SailPoint · Capability
Identity Security Cloud V3 API — Access Profiles
Identity Security Cloud V3 API — Access Profiles. 7 operations. Lead operation: List access profiles. Self-contained Naftiko capability covering one Sailpoint business surface.
What You Can Do
GET
Listaccessprofiles
— List access profiles
/v1/access-profiles
POST
Createaccessprofile
— Create an access profile
/v1/access-profiles
POST
Bulkdeleteaccessprofiles
— Bulk delete access profiles
/v1/access-profiles/bulk-delete
GET
Getaccessprofile
— Get an access profile
/v1/access-profiles/{id}
PATCH
Patchaccessprofile
— Patch an access profile
/v1/access-profiles/{id}
DELETE
Deleteaccessprofile
— Delete an access profile
/v1/access-profiles/{id}
GET
Listaccessprofileentitlements
— List access profile entitlements
/v1/access-profiles/{id}/entitlements
MCP Tools
list-access-profiles
List access profiles
read-only
idempotent
create-access-profile
Create an access profile
bulk-delete-access-profiles
Bulk delete access profiles
get-access-profile
Get an access profile
read-only
idempotent
patch-access-profile
Patch an access profile
idempotent
delete-access-profile
Delete an access profile
idempotent
list-access-profile-entitlements
List access profile entitlements
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Identity Security Cloud V3 API — Access Profiles
description: 'Identity Security Cloud V3 API — Access Profiles. 7 operations. Lead operation: List access profiles. Self-contained
Naftiko capability covering one Sailpoint business surface.'
tags:
- Sailpoint
- Access Profiles
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
SAILPOINT_API_KEY: SAILPOINT_API_KEY
capability:
consumes:
- type: http
namespace: identity-security-cloud-v3-access-profiles
baseUri: https://{tenant}.api.identitynow.com/v3
description: Identity Security Cloud V3 API — Access Profiles business capability. Self-contained, no shared references.
resources:
- name: access-profiles
path: /access-profiles
operations:
- name: listaccessprofiles
method: GET
description: List access profiles
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: for-subadmin
in: query
type: string
description: Filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN
identity. The value is either an identity ID or the spe
- name: filters
in: query
type: string
description: 'Filter results using the standard syntax. Filtering is supported for the following fields and operators:
id (eq, in), name (eq, sw), created (gt, ge, le), modif'
- name: sorters
in: query
type: string
description: 'Sort results using the standard syntax. Sorting is supported for the following fields: name, created,
modified.'
- name: for-segment-ids
in: query
type: string
description: Filters access profiles to only those assigned to the segment(s) with the specified IDs. If segmentation
is unavailable, specifying this parameter results in an
- name: include-unsegmented
in: query
type: boolean
description: Indicates whether the response should include unsegmented access profiles. If for-segment-ids is absent
or empty, specifying this as false results in an error.
- name: createaccessprofile
method: POST
description: Create an access profile
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: access-profiles-bulk-delete
path: /access-profiles/bulk-delete
operations:
- name: bulkdeleteaccessprofiles
method: POST
description: Bulk delete access profiles
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: access-profiles-id
path: /access-profiles/{id}
operations:
- name: getaccessprofile
method: GET
description: Get an access profile
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The access profile ID.
required: true
- name: patchaccessprofile
method: PATCH
description: Patch an access profile
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The access profile ID.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: deleteaccessprofile
method: DELETE
description: Delete an access profile
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The access profile ID.
required: true
- name: access-profiles-id-entitlements
path: /access-profiles/{id}/entitlements
operations:
- name: listaccessprofileentitlements
method: GET
description: List access profile entitlements
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id
in: path
type: string
description: The access profile ID.
required: true
- name: filters
in: query
type: string
description: 'Filter results using the standard syntax. Filtering is supported for the following fields: name (eq,
sw).'
- name: sorters
in: query
type: string
description: 'Sort results using the standard syntax. Sorting is supported for the following fields: name, created,
modified.'
authentication:
type: bearer
token: '{{env.SAILPOINT_API_KEY}}'
exposes:
- type: rest
namespace: identity-security-cloud-v3-access-profiles-rest
port: 8080
description: REST adapter for Identity Security Cloud V3 API — Access Profiles. One Spectral-compliant resource per consumed
operation, prefixed with /v1.
resources:
- path: /v1/access-profiles
name: access-profiles
description: REST surface for access-profiles.
operations:
- method: GET
name: listaccessprofiles
description: List access profiles
call: identity-security-cloud-v3-access-profiles.listaccessprofiles
with:
for-subadmin: rest.for-subadmin
filters: rest.filters
sorters: rest.sorters
for-segment-ids: rest.for-segment-ids
include-unsegmented: rest.include-unsegmented
outputParameters:
- type: object
mapping: $.
- method: POST
name: createaccessprofile
description: Create an access profile
call: identity-security-cloud-v3-access-profiles.createaccessprofile
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/access-profiles/bulk-delete
name: access-profiles-bulk-delete
description: REST surface for access-profiles-bulk-delete.
operations:
- method: POST
name: bulkdeleteaccessprofiles
description: Bulk delete access profiles
call: identity-security-cloud-v3-access-profiles.bulkdeleteaccessprofiles
with:
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/access-profiles/{id}
name: access-profiles-id
description: REST surface for access-profiles-id.
operations:
- method: GET
name: getaccessprofile
description: Get an access profile
call: identity-security-cloud-v3-access-profiles.getaccessprofile
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- method: PATCH
name: patchaccessprofile
description: Patch an access profile
call: identity-security-cloud-v3-access-profiles.patchaccessprofile
with:
id: rest.id
body: rest.body
outputParameters:
- type: object
mapping: $.
- method: DELETE
name: deleteaccessprofile
description: Delete an access profile
call: identity-security-cloud-v3-access-profiles.deleteaccessprofile
with:
id: rest.id
outputParameters:
- type: object
mapping: $.
- path: /v1/access-profiles/{id}/entitlements
name: access-profiles-id-entitlements
description: REST surface for access-profiles-id-entitlements.
operations:
- method: GET
name: listaccessprofileentitlements
description: List access profile entitlements
call: identity-security-cloud-v3-access-profiles.listaccessprofileentitlements
with:
id: rest.id
filters: rest.filters
sorters: rest.sorters
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: identity-security-cloud-v3-access-profiles-mcp
port: 9090
transport: http
description: MCP adapter for Identity Security Cloud V3 API — Access Profiles. One tool per consumed operation, routed
inline through this capability's consumes block.
tools:
- name: list-access-profiles
description: List access profiles
hints:
readOnly: true
destructive: false
idempotent: true
call: identity-security-cloud-v3-access-profiles.listaccessprofiles
with:
for-subadmin: tools.for-subadmin
filters: tools.filters
sorters: tools.sorters
for-segment-ids: tools.for-segment-ids
include-unsegmented: tools.include-unsegmented
outputParameters:
- type: object
mapping: $.
- name: create-access-profile
description: Create an access profile
hints:
readOnly: false
destructive: false
idempotent: false
call: identity-security-cloud-v3-access-profiles.createaccessprofile
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: bulk-delete-access-profiles
description: Bulk delete access profiles
hints:
readOnly: false
destructive: false
idempotent: false
call: identity-security-cloud-v3-access-profiles.bulkdeleteaccessprofiles
with:
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: get-access-profile
description: Get an access profile
hints:
readOnly: true
destructive: false
idempotent: true
call: identity-security-cloud-v3-access-profiles.getaccessprofile
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: patch-access-profile
description: Patch an access profile
hints:
readOnly: false
destructive: false
idempotent: true
call: identity-security-cloud-v3-access-profiles.patchaccessprofile
with:
id: tools.id
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: delete-access-profile
description: Delete an access profile
hints:
readOnly: false
destructive: true
idempotent: true
call: identity-security-cloud-v3-access-profiles.deleteaccessprofile
with:
id: tools.id
outputParameters:
- type: object
mapping: $.
- name: list-access-profile-entitlements
description: List access profile entitlements
hints:
readOnly: true
destructive: false
idempotent: true
call: identity-security-cloud-v3-access-profiles.listaccessprofileentitlements
with:
id: tools.id
filters: tools.filters
sorters: tools.sorters
outputParameters:
- type: object
mapping: $.