import * as Oazapfts from "@oazapfts/runtime";
declare const defaults: Oazapfts.Defaults<Oazapfts.CustomHeaders>;
declare const servers: {
	server1: string;
};
type AccountInfo = {
	/** The ISO-3166-1 code of the country the company is located in. */
	companyCountry?: string;
	/** The name of the company the account belongs to. */
	companyName: string;
	/** The ISO-3166-2 code for the state/province the company is located in. */
	companyState?: string;
	/** Whether or not the legal agreement has been acknowledged for the account. */
	legalAcknowledged?: boolean;
};
type ErrorInfo = {
	/** Error Codes specific to cause of failure. */
	errorCode?: string;
	/** Additional Error Message describing the error. */
	errorMessage?: string;
	/** Optional additional error information. */
	parameters?: object[];
};
type AccountInfoParms = {
	/** The name of the company the account belongs to.  The value must be between 1 and 100 characters. */
	companyName?: string;
	/** Whether or not the legal agreement has been acknowledged for the account. This value can only be changed from false to true. */
	legalAcknowledged?: boolean;
};
type Acr = {
	/** The unique UUID assigned to the acr when it is created. */
	id: string;
	/** The name of the acr. */
	name?: string;
	/** A flag indicating if the authentication flow can be modified or deleted. */
	readOnly?: boolean;
	/** List of resource rule names using the acr. */
	resourceRules?: string[];
};
type AcrParms = {
	/** The name of the acr. */
	name: string;
};
type AdminApiAuthentication = {
	/** Administration API application id */
	applicationId: string;
	/** If set to true, a session cookie named INTELLITRUST_SESSION_ID is returned with the authentication response. This cookie must be returned with all subsequent requests. */
	enableWebSession?: boolean;
	/** Shared Secret */
	sharedSecret: string;
};
type AdminApiAuthenticationResult = {
	/** Authorization token returned after a successful authentication. */
	authToken?: string;
	/** Creation time of the authentication token. */
	creationTime?: string;
	/** Expiry time of the authentication token. */
	expirationTime?: string;
};
type ApplicationInfo = {
	/** The template the application was created from. */
	applicationTemplate?: string;
	/** The UUID of the template the application was created from. */
	applicationTemplateId?: string;
	/** The application authentication method. */
	authenticationMethod?: string;
	/** The UUID of the application. */
	id?: string;
	/** The name of the application. */
	name?: string;
};
type AdminApiApplication = {
	/** Determines if the application can use a long-lived token for authentication. */
	allowLongLivedToken?: boolean;
	/** The name of the application template specific to this application type. */
	applicationTemplate: string;
	/** Application template id specific to this application type. */
	applicationTemplateId?: string;
	/** Short description of application. */
	description?: string;
	/** Application ID. */
	id?: string;
	/** The UUID of the IP Addresses list. */
	ipListId?: string;
	/** Last successful authentication time to use administration api */
	lastAuthnDate?: string;
	/** Base64 encoded logo image. */
	logo?: string;
	/** Name of application.  */
	name: string;
	/** The UUID of the Site role to be associated with the API application. Pass an empty string value to unset the site role. */
	roleId?: string;
	/** Shared secret for application. */
	sharedSecret?: string;
	/** The UUID of the service provider role to be associated with the API application. Pass an empty string to unset the service provider role. */
	spRoleId?: string;
};
type AdminApiApplicationParms = {
	/** Determines if a long-lived token is allowed in this application. */
	allowLongLivedToken?: boolean;
	/** The UUID of the application template.  This value is only used when creating a new application. If not specified, the default admininstration API template is used. */
	applicationTemplateId?: string;
	/** Short description of application. */
	description?: string;
	/** The UUID of the IP Addresses list. */
	ipListId?: string;
	/** Base64 encoded logo image. */
	logo?: string;
	/** Name of application.  */
	name: string;
	/** The UUID of the Site role to be associated with the API application. Pass an empty string value to unset the site role. Either this value or spRoleId is required when creating the application. */
	roleId?: string;
	/** The UUID of the service provider role to be associated with the API application. Pass an empty string to unset the service provider role. Either this value or roleId is required when creating the application. */
	spRoleId?: string;
};
type ProtectedOfflineSettings = {
	/** Maximum number of IntelliTrust Desktops (or clients in general) that are allowed to be registered with a token for downloading OTPs. */
	protectedOfflineOTPMaxClients?: number;
	/** Maximum number of hours' worth of offline OTPs that a client is allowed to possess. */
	protectedOfflineOTPMaxRefill?: number;
	/** Default number of hours' worth of offline OTPs that is returned. */
	protectedOfflineOTPMinorRefill?: number;
	/** This controls the length of the private salt and is measured in bits. The values map as follows: Normal = 14, Strong = 17, and Very Strong = 20 */
	protectedOfflineOTPProtection?: "NORMAL" | "STRONG" | "VERYSTRONG";
	/** Defines whether tokens can be used offline. */
	protectedOfflineOTPSupport?: boolean;
};
type AuthApiApplication = {
	/** Defines whether ignore ip address for rba will be allowed or not. */
	allowIgnoreIpAddressForRba?: boolean;
	/** Application template specific to this application type. */
	applicationTemplate: string;
	/** Application template id specific to this application type. */
	applicationTemplateId?: string;
	/** Indicates the source of client IP address for risk analysis */
	clientIpSource?: "NOT_INCLUDED" | "PROVIDED" | "FROM_CONNECTION";
	/** Short description of application. */
	description?: string;
	/** Application id. */
	id?: string;
	/** Base64 encoded logo image. */
	logo?: string;
	/** Name of application.  */
	name: string;
	/** Flag indicating if passkey authentication is allowed for this application. This flag has been deprecated and is no longer used. */
	passkeyEnabled?: boolean;
	protectedOfflineSettings?: ProtectedOfflineSettings;
	/** Defines whether user values function is enabled. */
	userValuesEnabled?: boolean;
	/** Defines whether verification for a user must be satisfied. */
	verificationRequired?: boolean;
};
type AuthApiApplicationParms = {
	/** Flag indicates if ignore ip address for rba will be allowed or not. */
	allowIgnoreIpAddressForRba?: boolean;
	/** Application template specific to this application type. */
	applicationTemplate: string;
	/** Application template id specific to this application type. */
	applicationTemplateId?: string;
	/** Indicates the source of client IP address for risk analysis */
	clientIpSource?: "NOT_INCLUDED" | "PROVIDED" | "FROM_CONNECTION";
	/** Short description of application. */
	description?: string;
	/** Unique UUID for the application used when creating a new application. If not specified, IDaaS will generate a random UUID.  */
	id?: string;
	/** Base64 encoded logo image. */
	logo?: string;
	/** Name of the application.  */
	name: string;
	/** Flag indicating if passkey authentication is allowed for this application. */
	passkeyEnabled?: boolean;
	protectedOfflineSettings?: ProtectedOfflineSettings;
	/** Flag indicating if user client values is allowed for this application. */
	userValuesEnabled?: boolean;
	/** Defines whether verification for a user must be satisfied. */
	verificationRequired?: boolean;
};
type ApplicationTemplate = {
	/** The type the application template. Possible values are SAML20, RADIUS, AAAS, IDG, OIDC, AUTHAPI, ADMINAPI, SIEMAPI. */
	authenticationMethod: string;
	/** The description of application template. */
	description?: string;
	/** The UUID of the application template. */
	id: string;
	/** The name of the application template. */
	name: string;
};
type OrderByAttribute = {
	/** Identifies whether to order results in ascending order. */
	ascending: boolean;
	/** Identifies the attribute. */
	name: string;
};
type SearchByAttribute = {
	/** Identifies the attribute we are searching for. */
	name: string;
	/** Identifies the operator. */
	operator: "EQUALS" | "NOT_EQUALS" | "CONTAINS" | "NOT_CONTAINS" | "STARTS_WITH" | "ENDS_WITH" | "GREATER_THAN" | "GREATER_THAN_OR_EQUAL" | "LESS_THAN" | "LESS_THAN_OR_EQUAL" | "IN" | "EXISTS" | "NOT_EXISTS";
	/** Identifies the value of the attribute we are searching for. */
	value?: string;
};
type SearchParms = {
	/** Users search only: additional, non-core attributes to include in the returned object. Attribute names are specific to the returned object. */
	attributes?: string[];
	/** Identifies the page to return when paging over a result set--if present, search by / order by attributes are ignored. */
	cursor?: string;
	/** Identifies the maximum number of items to include in a page (1-100). */
	limit?: number;
	orderByAttribute?: OrderByAttribute;
	/** Identifies attributes for searching purposes. Some end-points have pre-defined values and ignore this attribute. */
	searchByAttributes?: SearchByAttribute[];
};
type AsyncOperationStatus = {
	/** The error message describing the first error encountered processing the operation. */
	errorMessage?: string;
	/** The unique UUID of the operation. Used to get status and results of operation. */
	id: string;
	/** The time this operation was initialized. */
	initTime?: string;
	/** The name of the operation. It can be null for operations not named. */
	name?: string;
	/** The time at which the operation completed processing. */
	processingEndTime?: string;
	/** The time at which the operation began processing. */
	processingStartTime?: string;
	/** How long the operation took to complete processing in milliseconds. */
	processingTime?: number;
	/** The state of the operation. */
	state: "FAILED" | "CANCELLED" | "COMPLETED" | "PROCESSING" | "SCHEDULED";
	/** The subject of this operation. */
	subject?: string;
};
type Paging = {
	/** The page limit used (1-100) */
	limit: number;
	/** The cursor pointing to the next page. */
	nextCursor?: string;
	/** The cursor pointing to the previous page. */
	prevCursor?: string;
};
type Token = {
	/** The algorithm type used by the token that was created or loaded into the system to generate OTP values. */
	algorithmType?: "AT" | "OATH_HOTP" | "OATH_OCRA" | "OATH_TOTP" | "VENDOR";
	/** Actions that can be performed on this token. */
	allowedActions?: ("ACTIVATE" | "REACTIVATE" | "ACTIVATE_COMPLETE" | "DELETE" | "UNLOCK" | "ENABLE" | "DISABLE" | "RESET" | "ASSIGN" | "UNASSIGN")[];
	/** A flag indicating if the token was activated on a verified app. */
	appVerified: boolean;
	/** Optional text describing this token. */
	description?: string;
	/** A flag indicating if the token is activated on a verified device. */
	deviceVerified: boolean;
	/** The UUIDs of groups to which this token belongs.  This value is only used for unassigned tokens. Only groups to which the current administrator has access will be returned. */
	groups?: string[];
	/** The unique UUID assigned to the token when it is created. */
	id?: string;
	/** The identity verification status of the token. */
	identityVerificationStatus?: "NOT_REQUIRED" | "REQUIRED" | "PENDING" | "VERIFIED" | "FAILED";
	/** Optional label to identify an assigned token: a String up to 100 characters. */
	label?: string;
	/** The date on which the token was last used for authentication.  This value will be null if the token has never been used. */
	lastUsedDate?: string;
	/** The date on which the token was created or loaded into the system. */
	loadDate?: string;
	/** Base-64 encoded logo. If a custom logo is provided by the customer it is returned. Otherwise a system default logo is returned. */
	logo?: string;
	/** An optional name for the token. */
	name?: string;
	/** The mobile device platform on which an Entrust Soft Token was activated. */
	platform?: string;
	/** A flag indicating if the Entrust Soft Token has registered for transactions. Only tokens that are registered can perform token push authentication. */
	registeredForTransactions?: boolean;
	/** The serial number of the token either generated when the token was created or loaded into the system. */
	serialNumber?: string;
	/** The state of the token.  For most tokens, only tokens in the ACTIVE state can be used for authentication. Google Authenticator tokens in the ACTIVATING state can also be used for authentication. */
	state?: "NEW" | "ACTIVATING" | "ACTIVE" | "INACTIVE" | "UNASSIGNED";
	/** A flag indicating if the Token supports challenge response processing. */
	supportsChallengeResponse?: boolean;
	/** A flag indicating if the Token supports response processing. */
	supportsResponse?: boolean;
	/** A flag indicating if the Token supports signature processing. */
	supportsSignature?: boolean;
	/** A flag indicating if the Token supports unlock processing. */
	supportsUnlock?: boolean;
	/** A flag indicating if the Token supports unlock using TOTP processing. */
	supportsUnlockTOTP?: boolean;
	/** The type of token specified when the token was created or loaded into the system. */
	"type"?: "ENTRUST_PHYSICAL_TOKEN" | "ENTRUST_SOFT_TOKEN" | "GOOGLE_AUTHENTICATOR" | "OATH_PHYSICAL_TOKEN" | "ENTRUST_LEGACY_TOKEN";
	/** If the token is assigned to a user, this value specifies that user's user id. */
	userId?: string;
};
type TokensPage = {
	paging?: Paging;
	/** A single page with the list of assigned tokens found. */
	results: Token[];
};
type UserAttribute = {
	/** The UUID for this user attribute.  Generated when the user attribute is created. */
	id?: string;
	/** A flag indicating if users must have a value for this user attribute. */
	mandatory: boolean;
	/** The name of this user attribute. */
	name: string;
	/** A flag indicating if this user attribute is one of the system defined user attributes. */
	systemDefined: boolean;
	/** Type of user attribute. Currently only used to specify the type of contact if the attribute is to be used for OTP delivery. */
	"type"?: "NONE" | "OTP_EMAIL" | "OTP_SMS" | "OTP_VOICE" | "OTP_WECHAT" | "OTP_WHATSAPP";
	/** A flag indicating if this attribute is intended to be unique. */
	"unique": boolean;
};
type DirectoryAttributeMapping = {
	/** The name of the directory attribute being mapped. */
	directoryAttributeName?: string;
	/** The UUID of the Directory the attribute mapping belongs to. */
	directoryId?: string;
	/** The UUID of the attribute mapping. */
	id?: string;
	userAttribute?: UserAttribute;
	/** The UUID of the Identity as a Service User Attribute being mapped to. */
	userAttributeId?: string;
};
type OtpVerificationAuthenticateValue = {
	/** The unique challenge response identifier used for authentication */
	challengeId: string;
	/** The otp response */
	challengeResponse: string;
};
type OtpVerificationAuthenticateResponse = {
	/** The number of attempts left for authentication failure */
	attemptsLeft: number;
	/** The challenge Id of the user's input */
	challengeId: string;
	/** The error message during the authentication */
	errorCode?: string;
	/** A boolean value which indicates if the authentication is successful */
	success: boolean;
};
type Error = {
	/** The server error code */
	code: string;
	/** A human-readable representation of the error */
	message: string;
	/** The target of the error */
	target?: string;
};
type OtpVerificationChallengeValue = {
	/** Type of contact delivery. Only supported for OTP contact attributes. */
	"type": "NONE" | "OTP_EMAIL" | "OTP_SMS" | "OTP_VOICE" | "OTP_WECHAT" | "OTP_WHATSAPP";
	/** The exact email or phone number that the OTP will be sent to. */
	value: string;
};
type OtpVerificationChallengeResponse = {
	/** The unique challenge response identifier which will be used for authentication. */
	challengeId: string;
};
type DirectoryConnection = {
	/** The SSL certificate to connect to the Directory with. */
	certificate?: string;
	/** The UUID of the Directory the connection belongs to. */
	directoryId?: string;
	/** The Directory hostname or IP address. */
	hostname?: string;
	/** The UUID of the Directory connection. */
	id?: string;
	/** The Directory port. */
	port?: number;
	/** Whether or not to connect to the Directory using an SSL certificate. */
	useSsl?: boolean;
};
type DirectorySync = {
	/** The rate at which the directory will be queried in milliseconds */
	crawlFrequency?: number;
	directory?: Directory;
	/** The ID of the directory. */
	directoryId?: string;
	/** The UUID of the Directory Sync Gateway Agent. */
	directorySyncAgentId?: string;
	/** Group desynchronization will be done based on the selected option. */
	groupDesyncPolicy?: "GROUP_LOCALLY_MANAGED" | "GROUP_DELETED";
	/** The group name attribute */
	groupNameAttribute?: string;
	/** The Group Object Class */
	groupObjectClass?: string;
	/** Group synchronization will be done based on the selected option. */
	groupSynchronizationType?: "ALL" | "FILTER" | "NONE";
	/** The UUID of the directory. */
	id?: string;
	/** The last time the directory was updated. */
	lastUpdate?: string;
	/** The number of records that should returned per query. Default is 25. */
	pageSize?: number;
	/** The status of the Directory Sync. */
	state?: "UNKNOWN" | "ERROR" | "PENDING_CHANGES" | "SYNCED" | "OUT_OF_SYNC" | "CRAWLING" | "CRAWL_COMPLETE" | "NOTIFYING_GROUPS" | "NOTIFYING_GROUPS_USERS" | "NOTIFYING_USERS" | "NOTIFY_COMPLETE" | "SYNCING" | "FAILED";
	/** User synchronization will be done based on the selected option. */
	userDesyncPolicy?: "USER_LOCALLY_MANAGED_ENABLED" | "USER_LOCALLY_MANAGED_DISABLED" | "USER_DELETED";
	/** The User Object Class */
	userObjectClass?: string;
	/** The User Unique Id Attribute */
	userUniqueIdAttribute?: string;
	/** How long to wait between notifications in milliseconds. */
	waitBetweenNotifications?: number;
};
type GroupFilter = {
	/** The UUID of the Directory the group filter belongs to. */
	directoryId?: string;
	/** The UUID of the group filter. */
	id?: string;
	/** The name of the group to filter on. */
	name?: string;
};
type SearchBase = {
	/** The UUID of the Directory the seachbase belongs to. */
	directoryId?: string;
	/** Whether or not an empty searchbase is empty? */
	emptySearchBase?: boolean;
	/** The UUID of the searchbase. */
	id?: string;
	/** The searchbase node. */
	node?: string;
	/** Whether or not a sub-tree is included? */
	subsearchbasesIncluded?: boolean;
};
type Directory = {
	/** The name of the AD attribute value that will be mapped into comma seperated string value of alias */
	aliasMappingName?: string;
	/** The SSL certificate to connect to the Directory with. */
	certificate?: string;
	/** Directory attribure mappings. */
	directoryAttributeMappings?: DirectoryAttributeMapping[];
	/** The connections that you want to connect when syncing. */
	directoryConnections?: DirectoryConnection[];
	directorySync?: DirectorySync;
	/** The UUID of the directory sync */
	directorySyncId?: string;
	/** Directory group filters. */
	groupFilters?: GroupFilter[];
	/** The hostname of the Directory Can be an IP address or a hostname. */
	hostname?: string;
	/** The UUID of the Directory. */
	id?: string;
	/** The name of the Directory. */
	name?: string;
	/** The password to connect to the Directory with. */
	password?: string;
	/** The port to connect to the Directory over. */
	port?: number;
	/** The root domain naming context of the Directory. */
	rootDomainNamingContext?: string;
	/** The searchbases that you want to search when syncing. */
	searchBases?: SearchBase[];
	/** The type of the Directory. */
	"type"?: "AD" | "LDAP";
	/** Whether or not to connect to the Directory using an SSL certificate. */
	useSsl?: boolean;
	/** The username to connect to the Directory with. Value must be a fully distinguished name or UPN. */
	userName?: string;
};
type DirectorySyncStatusInfo = {
	/** The name of the directory. */
	directoryName?: string;
	/** The name of the directory or searchbase is being processed. */
	directoryOrSearchBaseBeingProcessed?: string;
	/** Comma separated list of errors occurred during the AD-sync process. */
	errors?: string;
	/** The number of groups added. */
	groupsAdded?: number;
	/** The number of groups successfully created in the service database. */
	groupsCreateCount?: number;
	/** The number of groups successfully deleted from the service database. */
	groupsDeleteCount?: number;
	/** The number of groups failed to be uploaded. */
	groupsFailCount?: number;
	/** The number of groups skipped due to errors. */
	groupsFailed?: number;
	/** The number of groups processed successfully. */
	groupsProcessedSuccessfully?: number;
	/** The number of groups removed. */
	groupsRemoved?: number;
	/** The number of groups changed. */
	groupsSyncedWithChanges?: number;
	/** The number of groups synced with no changes. */
	groupsSyncedWithNoChanges?: number;
	/** The number of groups successfully updated in the service database. */
	groupsUpdateCount?: number;
	/** The UUID of the DirectorySyncStatusInfo. */
	id?: string;
	/** The number of search bases already processed. */
	searchbasesProcessed?: number;
	/** The status of the Directory Sync processed. */
	state?: "CRAWLING" | "CRAWL_COMPLETE" | "ERROR" | "NOTIFYING_GROUPS" | "NOTIFYING_GROUPS_USERS" | "NOTIFYING_USERS" | "NOTIFY_COMPLETE" | "OUT_OF_SYNC" | "PENDING_CHANGES" | "SYNCED" | "UNKNOWN";
	/** The time when the synchronization was started. */
	syncStarted?: string;
	/** The last time the directory was updated. */
	syncUpdated?: string;
	/** Total number of search bases to be processed. */
	totalSearchbases?: number;
	/** Number of users added. */
	usersAdded?: number;
	/** The number of users successfully created in the service database. */
	usersCreateCount?: number;
	/** The number of users successfully deleted from the service database. */
	usersDeleteCount?: number;
	/** The number of users failed to be uploaded. */
	usersFailCount?: number;
	/** The number of users skipped due to errors. */
	usersFailed?: number;
	/** The number of users processed successfully. */
	usersProcessedSuccessfully?: number;
	/** The number of users removed. */
	usersRemoved?: number;
	/** The number of users synced with changes. */
	usersSyncedWithChanges?: number;
	/** The number of users synced with no changes. */
	usersSyncedWithNoChanges?: number;
	/** The number of users successfully updated in the service database. */
	usersUpdateCount?: number;
};
type IdentityProvider = {
	/** A flag indicating if the external identity provider can be used for user authentication. */
	authenticationEnabled?: boolean;
	/** The URI of the logo to display on the login button for this external identity provider. */
	buttonImage?: string;
	/** The unique text to display on the login button for this external identity provider. */
	buttonText?: string;
	/** A flag indicating if the user should be created after authenticating to the external identity provider if it doesn't exist. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if authenticationEnabled is true. */
	createUser?: boolean;
	/** A flag indicating if this is the tenant's default identity provider. This value applies only to non-domain based identity providers. Only one identity provider can be set as the default at a time. */
	defaultProvider?: boolean;
	/** The space separated list of domains associated with the external identity provider for use with user authentication. */
	domains?: string;
	/** The UUID of the external identity provider. */
	id?: string;
	/** The issuer URI for the external OIDC identity provider or the issuer, or IDP Entity ID, for the external SAML identity provider. */
	issuer?: string;
	/** The unique name of the external identity provider. */
	name?: string;
	/** The type of the external identity provider. */
	protocol?: "OIDC" | "SAML";
	/** The client identifier provided by the external OIDC identity provider or the SP entity ID provided to the external SAML identity provider. */
	spId?: string;
	/** The type of the external identity provider. */
	"type"?: string;
	/** The verification certificate2 DN used with the external identity provider. */
	verificationCertificate2DN?: string;
	/** The verification certificate2 expiry date used with the external identity provider. */
	verificationCertificate2ExpiryDate?: string;
	/** The verification certificate DN used with the external identity provider. */
	verificationCertificateDN?: string;
	/** The verification certificate expiry date used with the external identity provider. */
	verificationCertificateExpiryDate?: string;
	/** A flag indicating if the external identity provider can be used for user verification. */
	verificationEnabled?: boolean;
};
type SmsVoice = {
	/** The number of entitlements allotted to the current account.  If the account is an SP then entitlements can be allocated to child accounts. */
	allotment?: number;
	/** The entitlements consumed since start date during the entitlement period. */
	consumed?: number;
	/** The date when the entitlement will end. */
	endDate?: string;
	/** The date when the grace period for the entitlement will end. */
	gracePeriodEndDate?: string;
	/** The overage type of this entitlement. */
	overageType?: "YES" | "NO" | "UNLIMITED";
	/** The number of SMS/Voice credits allowed during the period. */
	quantity?: number;
	/** The number of SMS/Voice credits allowed when the entitlement is renewed. */
	renewalQuantity?: number;
	/** The date when the entitlement starts. */
	startDate?: string;
};
type UserEntitlement = {
	/** The number of entitlements allotted to the current account.  If the account is an SP then entitlements can be allocated to child accounts. For subscriber accounts, the allotment is always the same as the quantity amount. */
	allotment?: number;
	/** The used quantity of this entitlement. */
	consumed?: number;
	/** The date when the entitlement ends. */
	endDate?: string;
	/** The date when the grace period for the entitlement will end. */
	gracePeriodEndDate?: string;
	/** The quantity of entitlements purchased for the account. */
	quantity?: number;
	/** The date when the entitlement starts. */
	startDate?: string;
};
type AccountEntitlement = {
	smsVoice?: SmsVoice;
	users?: UserEntitlement;
};
type FidoRegisterChallenge = {
	/** Attestation preference for passkey/FIDO2 registration. Determines how much information about the authenticator (security key/passkey) is shared during registration. NONE: No authenticator details shared (recommended for privacy). INDIRECT: Basic information shared in a privacy-preserving way (balanced approach). DIRECT: Full authenticator details shared (use when you need to verify specific device models). */
	attestation?: "NONE" | "INDIRECT" | "DIRECT";
	/** The registration challenge generated by Identity as a Service.  This is a base-64 encoded value. */
	challenge?: string;
	/** The IDs of FIDO tokens already registered to this user.  These values are base-64 encoded. */
	registeredCredentials?: string[];
	/** The names of FIDO tokens already registered to this user. */
	registeredCredentialsNames?: string[];
	/** Should the token be embedded on the device or stored externally? */
	registrationAuthenticatorAttachment?: "EITHER" | "PLATFORM" | "CROSS_PLATFORM";
	/** Should the User ID be stored on the Passkey/FIDO2 token? */
	registrationRequireResidentKey?: "DISCOURAGED" | "PREFERRED" | "REQUIRED";
	/** Should the token perform user verification? */
	registrationUserVerification?: "DISCOURAGED" | "PREFERRED" | "REQUIRED";
	/** The name of this relying party.  This is the name of the Identity as a Service account. */
	rpName?: string;
	/** The number of seconds that the client will wait for the FIDO token to respond. This field is deprecated, use 'timeoutMillis' instead. */
	timeout?: number;
	/** The time in milliseconds that the client will wait for the FIDO token to respond. */
	timeoutMillis?: number;
	/** The display name of this user. It will be 'firstname lastname' of the user */
	userDisplayName?: string;
	/** The id of this user. It will be UUID of the user base-64 encoded. */
	userId?: string;
	/** The name of this user. It will be the userId of the user. */
	userName?: string;
};
type FidoRegisterResponse = {
	/** The FIDO attestationObject data returned from the FIDO token.  This is a base-64 encoded value. */
	attestationObject?: string;
	/** The FIDO clientData returned from the FIDO token.  This is a base-64 encoded value. */
	clientDataJSON?: string;
	/** The name for the new FIDO token. */
	name?: string;
	/** Specifies the domain name (relying party ID) of your application and the passkey is registered with. Provide the domain only (e.g., example.com), without protocol (https://). Required if using a custom domain different from your IDaaS tenant's hostname. */
	rpId?: string;
	/** The transport methods used during registration (e.g., 'usb', 'nfc', 'ble', 'internal'). Used to determine authenticator capabilities. */
	transports?: string[];
	/** Flag indicating if the userId was stored on the registered FIDO2 token.  Defaults to false if not set. */
	userIdStored?: boolean;
};
type FidoToken = {
	/** The AAGUID of the authenticator that created this FIDO token. */
	aaguid?: string;
	/** Indicates whether the AAGUID reported by the authenticator was cryptographically verified via a full certificate chain against the FIDO MDS trust anchors. True only for DIRECT attestation; false for INDIRECT (cert chain not verified); null for NONE (no attestation collected). */
	aaguidVerified?: boolean;
	/** The signature algorithm of the authenticator that created this FIDO token. */
	algorithm?: string;
	/** Administration actions that can be performed on this FIDO token. */
	allowedActions?: ("DELETE" | "ENABLE" | "DISABLE" | "RENAME")[];
	/** Attestation format of the authenticator that created this FIDO token. */
	attestationFormat?: string;
	/** Indicates if this FIDO token contains attested data. */
	attestedData?: boolean;
	/** The authenticator model of the authenticator that created this FIDO token. */
	authenticatorModel?: string;
	/** Indicates if this FIDO token is eligible for backup. */
	backupEligible?: boolean;
	/** Indicates if this FIDO token is currently backed up. */
	backupStatus?: boolean;
	/** The date on which the FIDO token was created. */
	createDate?: string;
	/** The icon of the authenticator that created this FIDO token. */
	icon?: string;
	/** The unique UUID assigned to the fido token when it is registered. */
	id?: string;
	/** The date on which this FIDO token was last used for authentication. This value will be null if the FIDO token has never been used. */
	lastUsedDate?: string;
	/** The name of this FIDO token. */
	name?: string;
	/** The origin of where the FIDO token was generated. */
	origin?: string;
	/** The relying party ID of where the FIDO token was generated. */
	relyingPartyId?: string;
	/** The state of this FIDO token.  Only FIDO tokens in the ACTIVE state can be used for authentication. */
	state?: "ACTIVE" | "INACTIVE";
	/** The user Id of the user who owns this FIDO token. */
	userId?: string;
	/** Indicates if the userId was stored on the FIDO token. */
	userIdStored?: boolean;
	/** Indicates if the user was present during the registration or authentication ceremony that created or last used this FIDO token. */
	userPresent?: boolean;
	/** The UUID of the user who owns this FIDO token. */
	userUUID?: string;
	/** Indicates if the user was verified during the registration or authentication ceremony that created or last used this FIDO token. */
	userVerified?: boolean;
};
type FidoTokenParms = {
	/** The name of this FIDO token. */
	name?: string;
	/** The state of this FIDO token.  Only FIDO tokens in the ACTIVE state can be used for authentication. */
	state?: "ACTIVE" | "INACTIVE";
};
type FidoTokenDetails = {
	/** Authenticator Attestation GUID. */
	aaguid?: string;
	/** Indicates whether the AAGUID reported by the authenticator was cryptographically verified via a full certificate chain against the FIDO MDS trust anchors. True only for DIRECT attestation; false for INDIRECT (cert chain not verified); null for NONE (no attestation collected). */
	aaguidVerified?: boolean;
	/** Cryptographic algorithm used by the token. */
	algorithm?: string;
	/** Model name of the authenticator. */
	authenticatorModel?: string;
	/** Type of authenticator device. */
	authenticatorType?: string;
	/** Whether the credential is eligible for backup. */
	backupEligible?: boolean;
	/** Current backup state of the credential. */
	backupStatus?: boolean;
	/** FIDO certification status. */
	certificationStatus?: string;
	/** Timestamp when the token was registered. */
	createDate?: string;
	/** Cryptographic strength in bits. */
	cryptoStrength?: number;
	/** Base64-encoded icon for the authenticator. */
	icon?: string;
	/** Unique identifier of the FIDO token. */
	id?: string;
	/** Methods used to protect the authenticator's private key (e.g., software, hardware, TEE, secure element). */
	keyProtection?: string[];
	/** Timestamp when the token was last used for authentication. */
	lastUsedDate?: string;
	/** Protection mechanisms for the biometric matcher component (e.g., software, TEE, on-chip). */
	matcherProtection?: string[];
	/** Name of the FIDO token. */
	name?: string;
	/** FIDO protocol family. */
	protocolFamily?: string;
	/** Relying Party ID associated with the token. */
	rpId?: string;
	/** Current state of the token. */
	state?: "ACTIVE" | "INACTIVE";
	/** Supported transport protocols. */
	transports?: string[];
	/** User ID of the token owner. */
	userId?: string;
	/** Whether user presence was confirmed during registration. */
	userPresent?: boolean;
	/** Whether user verification was performed during registration. */
	userVerified?: boolean;
};
type FidoTokensPage = {
	paging?: Paging;
	/** A single page with the list of fido tokens found. */
	results: FidoTokenDetails[];
};
type EmailParms = {
	/** The name of the user attribute to use for email delivery. If not provided, the system-defined email attribute will be used. */
	emailAttributeName?: string;
};
type GridCreateParms = {
	emailParms?: EmailParms;
	/** If provided, the given grid contents are used for the new Grid Card.  The grid contents must match the grid settings for grid size, grid cell size and cell alphabet.  The administrator must have the GRIDCONTENTS:ADD permission to set the grid contents. This argument is ignored when creating unassigned grids. */
	gridContent?: string[][];
	/** When creating unassigned grids the list of UUIDs of groups to which the grids will belong.  If not specified, the grids will not belong to any groups. */
	groups?: string[];
	/** The number of grids to create when creating unassigned grids.  If not specified, it defaults to 1. */
	numberOfGrids?: number;
	/** If provided, the given grid serial number is used for the new Grid Card. */
	serialNumber?: number;
	/** The state (ACTIVE, INACTIVE, or PENDING) of the new grid.  If not specified, the state defaults to PENDING. This argument is ignored when creating unassigned grids. */
	state?: "ACTIVE" | "INACTIVE" | "UNASSIGNED" | "PENDING" | "CANCELED";
};
type Grid = {
	/** A list of what actions are currently allowed for this grid. */
	allowedActions?: ("CANCEL" | "DELETE" | "ENABLE" | "DISABLE" | "ASSIGN" | "UNASSIGN")[];
	/** For unassigned grids which were assigned to the user, the date on which the grid was assigned. */
	assignDate?: string;
	/** The date on which the grid was created. */
	createDate?: string;
	/** A flag indicating if this grid is currently expired. */
	expired?: boolean;
	/** If the grid policy defines an expiry date, the date on which this grid will expire. Expired grids cannot be used for authentication. */
	expiryDate?: string;
	/** The grid contents of this grid.  Only administrators with the GRIDCONTENTS:VIEW permission will receive this value. */
	gridContents?: string[][];
	/** The UUIDs of groups to which this grid belongs.  This value is only used for unassigned grids. Only groups to which the current administrator has access will be returned. */
	groups?: string[];
	/** The unique UUID assigned to the grid when it is created. */
	id?: string;
	/** The date on which this grid was last used for authentication. This value will be null if the grid has never been used. */
	lastUsedDate?: string;
	/** The unique numeric serial number assigned to the grid when it is created. */
	serialNumber?: number;
	/** The state of this grid.  Only grids in the ACTIVE or PENDING state can be used for authentication. */
	state?: "ACTIVE" | "INACTIVE" | "UNASSIGNED" | "PENDING" | "CANCELED";
	/** The UUID of the user who owns this grid.  If the grid is not assigned, this value will be null. */
	userId?: string;
	/** The user Id for this user.  If the grid is not assigned, this value will be null. */
	userName?: string;
};
type GridProperties = {
	/** The maximum number of unassigned grids that can be created per request. */
	maxGridGeneratePerRequest?: number;
	/** The maximum number of unassigned grids that are allowed in the system. */
	maxGridTotalUnassigned?: number;
};
type GridExport = {
	/** Grid information formatted as a base64 encoded String. Formatting options are controlled in grid authenticator settings. */
	content?: string;
};
type GridAssignParms = {
	emailParms?: EmailParms;
	/** When an end user is assigning a grid to themselves, this attribute specifies a grid challenge response proving that the user has possession of the grid being assigned. */
	response?: string;
	/** When the user to which a grid is to be assigned is known, this attribute specifies the serial number of the grid that will be assigned. */
	serialNumber?: string;
	/** When the specified grid is known, this attribute specifies the user Id or user alias of the user to which the grid will be assigned. */
	userId?: string;
};
type GridsPage = {
	paging?: Paging;
	/** A single page from the list of GRIDs found. */
	results: Grid[];
};
type Group = {
	/** The attribute of this group. */
	attribute?: string;
	/** When the group was created. */
	created?: string;
	/** Whether the directory group is desynced. Desynced groups can be deleted. */
	directoryDesynced?: boolean;
	/** The externalId of this group. */
	externalId?: string;
	/** The UUID of this group.  This value is generated when the group is created. */
	id?: string;
	/** When the group was last modified. */
	lastModified?: string;
	/** The name of this group. */
	name: string;
	/** The type of group indicating if this group was synchronized from a directory (LDAP_AD) or was created in Identity as a Service (MGMT_UI). */
	"type"?: "LDAP_AD" | "MGMT_UI";
};
type GroupParms = {
	/** The optional attribute of this group.  Specify an empty string to remove the existing value of the attribute. */
	attribute?: string;
	/** The optional externalId of this group.  Specify an empty string to remove the existing value of the externalId. */
	externalId?: string;
	/** The name of this group. This value is required when creating a group. */
	name?: string;
};
type GroupId = {
	/** The name or externalId of a group. */
	id: string;
};
type GroupsPage = {
	paging?: Paging;
	/** A single page from the list of Groups found. */
	results: Group[];
};
type IdentityProviderExternalGroupMapping = {
	/** The external group name/ID returned from the identity provider. */
	externalGroupId: string;
	/** The Authorization Group UUID this external group maps to. */
	groupId: string;
	/** The UUID of the identity provider external group mapping. This value is generated once the mapping is created. */
	id?: string;
	/** The ID of the identity provider this external group mapping belongs to. */
	identityProviderId?: string;
};
type OidcIdentityProviderAttributeMapping = {
	/** The name of the claim being mapped. This value must be provided when creating or modifying an attribute mapping. */
	claim: string;
	/** The UUID of the OIDC identity provider attribute mapping. */
	id?: string;
	/** The UUID of the OIDC identity provider the attribute mapping belongs to. */
	oidcIdentityProviderId?: string;
	userAttribute?: UserAttribute;
	/** The UUID of the IDaaS user attribute being mapped to. This value must be provided when creating or modifying an attribute mapping. */
	userAttributeId: string;
};
type OidcIdentityProviderUserAuthMatchMapping = {
	/** The name of the claim being mapped. This value must be provided when creating or modifying a user authentication match mapping. */
	claim: string;
	/** The UUID of the OIDC identity provider user authentication match mapping. */
	id?: string;
	/** The UUID of the OIDC identity provider the user authentication match mapping belongs to. */
	oidcIdentityProviderId?: string;
	userAttribute?: UserAttribute;
	/** The UUID of the IDaaS user attribute being mapped to. This value must be provided when creating or modifying a user authentication match mapping. */
	userAttributeId: string;
};
type OidcIdentityProviderUserVerMatchMapping = {
	/** The name of the claim being mapped. This value must be provided when creating or modifying a user verification match mapping. */
	claim: string;
	/** The UUID of the OIDC identity provider user verification match mapping. */
	id?: string;
	/** The UUID of the OIDC identity provider the user verification match mapping belongs to. */
	oidcIdentityProviderId?: string;
	userAttribute?: UserAttribute;
	/** The UUID of the IDaaS user attribute being mapped to. This value must be provided when creating or modifying a user verification match mapping. */
	userAttributeId: string;
};
type OidcIdentityProvider = {
	/** The space separated list of authentication context request values to request as part of the external OIDC identity provider user authentication or user verification request. */
	acrValues?: string;
	/** The space separated list of authentication method request values to request as part of the external OIDC identity provider user authentication or user verification request. */
	amrValues?: string;
	/** A flag indicating if the external OIDC identity provider can be used for user authentication. */
	authenticationEnabled?: boolean;
	/** The authorization endpoint for the external OIDC identity provider. */
	authorizationEndpoint?: string;
	/** The URI of the logo to display on the login button for this external OIDC identity provider. */
	buttonImage?: string;
	/** The unique text to display on the login button for this external OIDC identity provider. */
	buttonText?: string;
	/** The client authentication method to use with the external OIDC identity provider. */
	clientAuthenticationMethod?: "CLIENT_SECRET_BASIC" | "CLIENT_SECRET_POST";
	/** The client identifier provided by the external OIDC identity provider. */
	clientId?: string;
	/** The client secret provided by the external OIDC identity provider. Currently this value is not returned. */
	clientSecret?: string;
	/** A flag indicating if the user should be created after authenticating to the external OIDC identity provider if it doesn't exist. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if authenticationEnabled is true. */
	createUser?: boolean;
	/** A flag indicating if this is the tenant's default identity provider. This value applies only to non-domain based identity providers. Only one identity provider can be set as the default at a time. */
	defaultProvider?: boolean;
	/** The space separated list of domains associated with the external OIDC identity provider for use with user authentication. */
	domains?: string;
	/** The association between a group claim returned from the external OIDC identity provider and authorization groups. This mapping is used to associate OIDC identity provider external groups when a user is created or modified based on user authentication or when it is modified based on an external OIDC identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true and groupMapping is present. */
	externalGroupMappings?: IdentityProviderExternalGroupMapping[];
	/** The value of user fields that need to be set the external OIDC identity provider when acquiring user information. This value is used with a TWITTER IDP. */
	fields?: string;
	/** The UUIDs of groups that will be assigned to users created after an external OIDC identity provider user authentication. An empty list means the user will be assigned to All Groups. If configured, the full set of groups must be configured. This value is used if createUser is true. */
	groupIds?: string[];
	/** The association between a specified claim returned from the external OIDC identity provider and IDaaS groups. This mapping is used to associated IDaaS groups when a user is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. This value is used if createUser, updateUser, or updateVerificationUser is true. */
	groupMapping?: string;
	/** The UUID of the external OIDC identity provider. */
	id?: string;
	/** The space separated list of id token claims to request as part of the external OIDC identity provider user authentication or user verification request. */
	idTokenClaims?: string;
	/** The issuer URI for the external OIDC identity provider. */
	issuer?: string;
	/** The JWKS URI endpoint for the external OIDC identity provider used to verify a token signature. */
	jwksUri?: string;
	/** The max age to request as part of the external OIDC identity provider user authentication or user verification request. If -1, the value will not be included in the request. */
	maxAge?: number;
	/** The unique name of the external OIDC identity provider. */
	name?: string;
	/** The UUIDs of organizations that will be assigned to users created after an external OIDC identity provider user authentication. If configured, the full set of organizations must be configured. This value is used if createUser is true. */
	organizationIds?: string[];
	/** A flag indicating if the user information endpoint of the external OIDC identity provider should be signed and verified. */
	requireUserinfoSignature?: boolean;
	/** The revocation endpoint for the external OIDC identity provider. */
	revocationEndpoint?: string;
	/** The UUID of the role that will be assigned to users created after an external OIDC identity provider user authentication. An empty string means the user will not be assigned a role by default. This role acts as the default if role mapping is empty. This value can only be set if createUser is true. */
	roleId?: string;
	/** The association between a specified claim returned from the external OIDC identity provider and an IDaaS role. This mapping is used to associated an IDaaS role when a user is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. This value is used if createUser, updateUser, or updateVerificationUser is true. */
	roleMapping?: string;
	/** The space separated list of scopes to request as part of the external OIDC identity provider user authentication or user verification request. */
	scopes?: string;
	/** The token endpoint for the external OIDC identity provider. */
	tokenEndpoint?: string;
	/** The type of the external OIDC identity provider. Once created, this value cannot be updated. */
	"type"?: "FACEBOOK" | "GENERIC" | "GOOGLE" | "IDV" | "MICROSOFT" | "SP" | "TWITTER";
	/** A flag indicating if the user should be updated after authenticating to the external OIDC identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if authenticationEnabled is true. */
	updateUser?: boolean;
	/** A flag indicating if the user should be updated after user verification to the external OIDC identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if verificationEnabled is true. */
	updateUserVerification?: boolean;
	/** The IDaaS user attribute ID used to find IDaaS users associated with an external OIDC identity provider user authentication. This value is used if authenticationEnabled is true. */
	userAttributeId?: string;
	/** The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to populate user attributes when it is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. If configured, the full set of mappings must be configured. This value is used if createUser, updateUser, or updateVerificationUser is true. */
	userAttributeMappings?: OidcIdentityProviderAttributeMapping[];
	/** The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external OIDC identity provider user authentication. If configured, the full set of mappings must be configured. This value is used if authenticationEnabled is true. */
	userAuthMatchMappings?: OidcIdentityProviderUserAuthMatchMapping[];
	/** The external OIDC identity provider claim used to find IDaaS users associated with an external OIDC identity provider user authentication. This value is used if authenticationEnabled is true. */
	userClaim?: string;
	/** The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external OIDC identity provider user verification. If configured, the full set of mappings must be configured. This value is used if verificationEnabled is true. */
	userVerMatchMappings?: OidcIdentityProviderUserVerMatchMapping[];
	/** The space separated list of user information claims to request as part of the external OIDC identity provider user authentication or user verification request. */
	userinfoClaims?: string;
	/** The user information endpoint for the external OIDC identity provider. */
	userinfoEndpoint?: string;
	/** A flag indicating if the external OIDC identity provider can be used for user verification. */
	verificationEnabled?: boolean;
};
type OidcIdentityProviderParms = {
	/** The space separated list of authentication context request values to request as part of the external OIDC identity provider user authentication or user verification request. */
	acrValues?: string;
	/** The space separated list of authentication method request values to request as part of the external OIDC identity provider user authentication or user verification request. This is required when creating an IDV IDP. */
	amrValues?: string;
	/** A flag indicating if the external OIDC identity provider can be used for user authentication. If enabled, userAttributeId and userClaim are required. */
	authenticationEnabled?: boolean;
	/** The authorization endpoint for the external OIDC identity provider. This value is required when creating an IDP. */
	authorizationEndpoint?: string;
	/** The URI of the logo to display on the login button for this external OIDC identity provider. */
	buttonImage?: string;
	/** The unique text to display on the login button for this external OIDC identity provider. This value is required when creating an IDP. */
	buttonText?: string;
	/** The client authentication method to use with the external OIDC identity provider. The default value is ClientAuthenticationMethod.CLIENT_SECRET_BASIC. */
	clientAuthenticationMethod?: "CLIENT_SECRET_BASIC" | "CLIENT_SECRET_POST";
	/** The client identifier provided by the external OIDC identity provider. This value is required when creating an IDP. */
	clientId?: string;
	/** The client secret provided by the external OIDC identity provider. This value is required when creating an IDP. */
	clientSecret?: string;
	/** A flag indicating if the user should be created after authenticating to the external OIDC identity provider if it doesn't exist. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if authenticationEnabled is true. */
	createUser?: boolean;
	/** A flag indicating if this is the tenant's default identity provider. This value applies only to non-domain based identity providers. Only one identity provider can be set as the default at a time. */
	defaultProvider?: boolean;
	/** The space separated list of domains associated with the external OIDC identity provider for use with user authentication. */
	domains?: string;
	/** The association between a group claim returned from the external OIDC identity provider and authorization groups. This mapping is used to associate OIDC identity provider external groups when a user is created or modified based on user authentication or when it is modified based on an external OIDC identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true and groupMapping is present. */
	externalGroupMappings?: IdentityProviderExternalGroupMapping[];
	/** The value of user fields that need to be set the external OIDC identity provider when acquiring user information. This value is required when creating a TWITTER IDP. */
	fields?: string;
	/** The UUIDs of groups that will be assigned to users created after an external OIDC identity provider user authentication. An empty list means the user will be assigned to All Groups. If configured, the full set of groups must be configured. This value can only be set if createUser is true. */
	groupIds?: string[];
	/** The association between a specified claim returned from the external OIDC identity provider and IDaaS groups. This mapping is used to associated IDaaS groups when a user is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true. */
	groupMapping?: string;
	/** The space separated list of id token claims to request as part of the external OIDC identity provider user authentication or user verification request. */
	idTokenClaims?: string;
	/** The issuer URI for the external OIDC identity provider. This value is required when creating an IDP. */
	issuer?: string;
	/** The JWKS URI endpoint for the external OIDC identity provider used to verify a token signature. This value is required when creating an IDP except for TWITTER. */
	jwksUri?: string;
	/** The max age to request as part of the external OIDC identity provider user authentication or user verification request. If -1, the value will not be included in the request. */
	maxAge?: number;
	/** The unique name of the external OIDC identity provider. This value is required when creating an IDP. */
	name?: string;
	/** The UUIDs of organizations that will be assigned to users created after an external OIDC identity provider user authentication. If configured, the full set of organizations must be configured. This value can only be set if createUser is true. */
	organizationIds?: string[];
	/** A flag indicating if the user information endpoint of the external OIDC identity provider should be signed and verified. */
	requireUserinfoSignature?: boolean;
	/** The revocation endpoint for the external OIDC identity provider. */
	revocationEndpoint?: string;
	/** The UUID of the role that will be assigned to users created after an external OIDC identity provider user authentication. An empty string means the user will not be assigned a role by default. This role acts as the default if role mapping is empty. This value can only be set if createUser is true. */
	roleId?: string;
	/** The association between a specified claim returned from the external OIDC identity provider and an IDaaS role. This mapping is used to associated an IDaaS role when a user is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true. */
	roleMapping?: string;
	/** The space separated list of scopes to request as part of the external OIDC identity provider user authentication or user verification request. This value is required when creating an IDP except for TWITTER. */
	scopes?: string;
	/** The token endpoint for the external OIDC identity provider. This value is required when creating an IDP. */
	tokenEndpoint?: string;
	/** The type of the external OIDC identity provider. Once created, this value cannot be updated. This value is required when creating an IDP. */
	"type"?: "FACEBOOK" | "GENERIC" | "GOOGLE" | "IDV" | "MICROSOFT" | "SP" | "TWITTER";
	/** A flag indicating if the user should be updated after authenticating to the external OIDC identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if authenticationEnabled is true. */
	updateUser?: boolean;
	/** A flag indicating if the user should be updated after user verification to the external OIDC identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if verificationEnabled is true. */
	updateUserVerification?: boolean;
	/** The IDaaS user attribute ID used to find IDaaS users associated with an external OIDC identity provider user authentication. This value can only be set if authenticationEnabled is true. */
	userAttributeId?: string;
	/** The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to populate user attributes when it is created or modified based on an external OIDC identity provider user authentication or when it is modified based on an external OIDC identity provider user verification. If configured, the full set of mappings must be configured. This value can only be set if createUser, updateUser, or updateVerificationUser is true. */
	userAttributeMappings?: OidcIdentityProviderAttributeMapping[];
	/** The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external OIDC identity provider user authentication. If configured, the full set of mappings must be configured. This value can only be set if authenticationEnabled is true. */
	userAuthMatchMappings?: OidcIdentityProviderUserAuthMatchMapping[];
	/** The external OIDC identity provider claim used to find IDaaS users associated with an external OIDC identity provider user authentication. This value can only be set if authenticationEnabled is true. */
	userClaim?: string;
	/** The association between the claims returned from the external OIDC identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external OIDC identity provider user verification. If configured, the full set of mappings must be configured. This value can only be set if verificationEnabled is true. */
	userVerMatchMappings?: OidcIdentityProviderUserVerMatchMapping[];
	/** The space separated list of user information claims to request as part of the external OIDC identity provider user authentication or user verification request. */
	userinfoClaims?: string;
	/** The user information endpoint for the external OIDC identity provider. */
	userinfoEndpoint?: string;
	/** A flag indicating if the external OIDC identity provider can be used for user verification. If enabled, userVerMatchMappings is required. */
	verificationEnabled?: boolean;
};
type OidcConfigurationParms = {
	/** The issuer URL of the OIDC/OAuth identity provider. */
	issuerUrl: string;
};
type OidcConfigurationResponse = {
	/** The authorization endpoint of the external OIDC identity provider. */
	authorizationEndpoint?: string;
	/** A list of claims supported by the external OIDC identity provider. */
	claimsSupported?: string[];
	/** The JWKS URI endpoint of the external OIDC identity provider used to verify a token signature. */
	jwksUri?: string;
	/** A flag indicating if the user information endpoint of the external OIDC identity provider should be signed and verified. */
	requireUserinfoSignature?: boolean;
	/** The revocation endpoint of the external OIDC identity provider. */
	revocationEndpoint?: string;
	/** A list of scopes supported by the external OIDC identity provider. */
	scopesSupported?: string[];
	/** The token endpoint of the external OIDC identity provider. */
	tokenEndpoint?: string;
	/** The user information endpoint of the external OIDC identity provider. */
	userinfoEndpoint?: string;
};
type SamlIdentityProviderAttributeMapping = {
	/** The name of the claim (attribute) being mapped. This value must be provided when creating or modifying an attribute mapping. */
	claim: string;
	/** The UUID of the SAML identity provider attribute mapping. */
	id?: string;
	/** The UUID of the SAML identity provider the attribute mapping belongs to. */
	samlIdentityProviderId?: string;
	userAttribute?: UserAttribute;
	/** The UUID of the IDaaS user attribute being mapped to. This value must be provided when creating or modifying an attribute mapping. */
	userAttributeId: string;
};
type SamlIdentityProviderUserAuthMatchMapping = {
	/** The name of the claim (attribute) being mapped. This value must be provided when creating or modifying a user authentication match mapping. */
	claim: string;
	/** The UUID of the SAML identity provider user authentication match mapping. */
	id?: string;
	/** The UUID of the SAML identity provider the user authentication match mapping belongs to. */
	samlIdentityProviderId?: string;
	userAttribute?: UserAttribute;
	/** The UUID of the IDaaS user attribute being mapped to. This value must be provided when creating or modifying a user authentication match mapping. */
	userAttributeId: string;
};
type SamlIdentityProviderUserVerMatchMapping = {
	/** The name of the claim (attribute) being mapped. This value must be provided when creating or modifying a user verification match mapping. */
	claim: string;
	/** The UUID of the SAML identity provider user verification match mapping. */
	id?: string;
	/** The UUID of the SAML identity provider the user verification match mapping belongs to. */
	samlIdentityProviderId?: string;
	userAttribute?: UserAttribute;
	/** The UUID of the IDaaS user attribute being mapped to. This value must be provided when creating or modifying a user verification match mapping. */
	userAttributeId: string;
};
type SamlIdentityProvider = {
	/** The space separated list of authentication context request values to request as part of the external SAML identity provider user authentication or user verification request. */
	acrValues?: string;
	/** The assertion consumer service URL provided to the external SAML identity provider. Leave empty to use default value. */
	acsUrl?: string;
	/** A flag indicating if the external SAML identity provider can be used for user authentication. */
	authenticationEnabled?: boolean;
	/** The URI of the logo to display on the login button for this external SAML identity provider. */
	buttonImage?: string;
	/** The unique text to display on the login button for this external SAML identity provider. */
	buttonText?: string;
	/** A flag indicating if the user should be created after authenticating to the external SAML identity provider if it doesn't exist. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if authenticationEnabled is true. */
	createUser?: boolean;
	/** A flag indicating if this is the tenant's default identity provider. This value applies only to non-domain based identity providers. Only one identity provider can be set as the default at a time. */
	defaultProvider?: boolean;
	/** The space separated list of domains associated with the external SAML identity provider for use with user authentication. */
	domains?: string;
	/** The association between a group claim returned from the external SAML identity provider and authorization groups. This mapping is used to associate SAML identity provider external groups when a user is created or modified based on user authentication or when it is modified based on an external SAML identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true and groupMapping is present. */
	externalGroupMappings?: IdentityProviderExternalGroupMapping[];
	/** A flag indicating if a force authentication should always be requested as part of the external SAML identity provider user authentication or user verification request. */
	forceAuthn?: boolean;
	/** The UUIDs of groups that will be assigned to users created after an external SAML identity provider user authentication. An empty list means the user will be assigned to All Groups. If configured, the full set of groups must be configured. This value is used if createUser is true. */
	groupIds?: string[];
	/** The association between a specified claim returned from the external SAML identity provider and IDaaS groups. This mapping is used to associated IDaaS groups when a user is created or modified based on an external SAML identity provider user authentication or when it is modified based on an external SAML identity provider user verification. This value is used if createUser, updateUser, or updateVerificationUser is true. */
	groupMapping?: string;
	/** The UUID of the external SAML identity provider. */
	id?: string;
	/** The issuer, or IDP Entity ID, for the external SAML identity provider. */
	issuer?: string;
	/** The unique name of the external SAML identity provider. */
	name?: string;
	/** The name ID policy format to request as part of the external OIDC identity provider user authentication or user verification request. */
	nameIdPolicyFormat?: string;
	/** The UUIDs of organizations that will be assigned to users created after an external SAML identity provider user authentication. If configured, the full set of organizations must be configured. This value is used if createUser is true. */
	organizationIds?: string[];
	/** A flag indicating if the SAML Assertion of the external SAML identity provider should be signed and verified. */
	requireAssertionSignature?: boolean;
	/** A flag indicating if the SAML Response of the external SAML identity provider should be signed and verified. */
	requireResponseSignature?: boolean;
	/** The UUID of the role that will be assigned to users created after an external SAML identity provider user authentication. An empty string means the user will not be assigned a role by default. This role acts as the default if role mapping is empty. This value can only be set if createUser is true. */
	roleId?: string;
	/** The association between a specified claim returned from the external SAML identity provider and an IDaaS role. This mapping is used to associated an IDaaS role when a user is created or modified based on an external SAML identity provider user authentication or when it is modified based on an external SAML identity provider user verification. This value is used if createUser, updateUser, or updateVerificationUser is true. */
	roleMapping?: string;
	/** The single logout endpoint for the external SAML identity provider. */
	sloEndpoint?: string;
	/** The SP entity ID provided to the external SAML identity provider. */
	spEntityId?: string;
	/** The single signon endpoint for the external SAML identity provider. */
	ssoEndpoint?: string;
	/** The type of the external SAML identity provider. Once created, this value cannot be updated. */
	"type"?: "GENERIC";
	/** A flag indicating if the user should be updated after authenticating to the external SAML identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if authenticationEnabled is true. */
	updateUser?: boolean;
	/** A flag indicating if the user should be updated after user verification to the external SAML identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value is used if verificationEnabled is true. */
	updateUserVerification?: boolean;
	/** The IDaaS user attribute ID used to find IDaaS users associated with an external SAML identity provider user authentication. This value is used if authenticationEnabled is true. */
	userAttributeId?: string;
	/** The association between the claims returned from the external SAML identity provider and IDaaS user attributes. These attributes are used to populate user attributes when it is created or modified based on an external SAML identity provider user authentication or when it is modified based on an external SAML identity provider user verification. If configured, the full set of mappings must be configured. This value is used if createUser, updateUser, or updateVerificationUser is true. */
	userAttributeMappings?: SamlIdentityProviderAttributeMapping[];
	/** The association between the claims returned from the external SAML identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external SAML identity provider user authentication. If configured, the full set of mappings must be configured. This value is used if authenticationEnabled is true. */
	userAuthMatchMappings?: SamlIdentityProviderUserAuthMatchMapping[];
	/** The external SAML identity provider claim (attribute) used to find IDaaS users associated with an external SAML identity provider user authentication. This value is used if authenticationEnabled is true. */
	userClaim?: string;
	/** If user name parameter is set to NameID, the value of the format of this value. */
	userNameFormat?: string;
	/** The name of the parameter to include with the SAML authentication request that will contain the value of the user's userid. Set the value to NameID to pass this value as part of the SAML Request message. */
	userNameParameter?: string;
	/** The association between the claims returned from the external SAML identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external SAML identity provider user verification. If configured, the full set of mappings must be configured. This value is used if verificationEnabled is true. */
	userVerMatchMappings?: SamlIdentityProviderUserVerMatchMapping[];
	/** The verification certificate used with the external SAML identity provider. */
	verificationCertificate?: string;
	/** The verification certificate2 used with the external SAML identity provider. */
	verificationCertificate2?: string;
	/** The verification certificate2 DN used with the external SAML identity provider. */
	verificationCertificate2DN?: string;
	/** The verification certificate2 expiry date used with the external SAML identity provider. */
	verificationCertificate2ExpiryDate?: string;
	/** The verification certificate DN used with the external SAML identity provider. */
	verificationCertificateDN?: string;
	/** The verification certificate expiry date used with the external SAML identity provider. */
	verificationCertificateExpiryDate?: string;
	/** A flag indicating if the external SAML identity provider can be used for user verification. */
	verificationEnabled?: boolean;
};
type SamlIdentityProviderParms = {
	/** The space separated list of authentication context request values to request as part of the external SAML identity provider user authentication or user verification request. */
	acrValues?: string;
	/** The assertion consumer service URL provided to the external SAML identity provider. Leave empty to use default value. */
	acsUrl?: string;
	/** A flag indicating if the external SAML identity provider can be used for user authentication. If enabled, userAttributeId and userClaim are required. */
	authenticationEnabled?: boolean;
	/** The URI of the logo to display on the login button for this external SAML identity provider. */
	buttonImage?: string;
	/** The unique text to display on the login button for this external SAML identity provider. This value is required when creating an IDP. */
	buttonText?: string;
	/** A flag indicating if the user should be created after authenticating to the external SAML identity provider if it doesn't exist. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if authenticationEnabled is true. */
	createUser?: boolean;
	/** A flag indicating if this is the tenant's default identity provider. This value applies only to non-domain based identity providers. Only one identity provider can be set as the default at a time. */
	defaultProvider?: boolean;
	/** The space separated list of domains associated with the external SAML identity provider for use with user authentication. */
	domains?: string;
	/** The association between a group claim returned from the external SAML identity provider and authorization groups. This mapping is used to associate SAML identity provider external groups when a user is created or modified based on user authentication or when it is modified based on an external SAML identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true and groupMapping is present. */
	externalGroupMappings?: IdentityProviderExternalGroupMapping[];
	/** A flag indicating if a force authentication should always be requested as part of the external SAML identity provider user authentication or user verification request. */
	forceAuthn?: boolean;
	/** The UUIDs of groups that will be assigned to users created after an external SAML identity provider user authentication. An empty list means the user will be assigned to All Groups. If configured, the full set of groups must be configured. This value can only be set if createUser is true. */
	groupIds?: string[];
	/** The association between a specified claim returned from the external SAML identity provider and IDaaS groups. This mapping is used to associated IDaaS groups when a user is created or modified based on an external SAML identity provider user authentication or when it is modified based on an external SAML identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true. */
	groupMapping?: string;
	/** The issuer, or IDP Entity ID, for the external SAML identity provider. */
	issuer?: string;
	/** The unique name of the external SAML identity provider. This value is required when creating an IDP. */
	name?: string;
	/** The name ID policy format to request as part of the external OIDC identity provider user authentication or user verification request. */
	nameIdPolicyFormat?: string;
	/** The UUIDs of organizations that will be assigned to users created after an external SAML identity provider user authentication. If configured, the full set of organizations must be configured. This value can only be set if createUser is true. */
	organizationIds?: string[];
	/** A flag indicating if the SAML Assertion of the external SAML identity provider should be signed and verified. */
	requireAssertionSignature?: boolean;
	/** A flag indicating if the SAML Response of the external SAML identity provider should be signed and verified. */
	requireResponseSignature?: boolean;
	/** The UUID of the role that will be assigned to users created after an external SAML identity provider user authentication. An empty string means the user will not be assigned a role by default. This role acts as the default if role mapping is empty. This value can only be set if createUser is true. */
	roleId?: string;
	/** The association between a specified claim returned from the external SAML identity provider and an IDaaS role. This mapping is used to associated an IDaaS role when a user is created or modified based on an external SAML identity provider user authentication or when it is modified based on an external SAML identity provider user verification. This value can only be set if createUser, updateUser, or updateVerificationUser is true. */
	roleMapping?: string;
	/** The single logout endpoint for the external SAML identity provider. */
	sloEndpoint?: string;
	/** The SP entity ID provided to the external SAML identity provider. This value is required when creating an IDP. */
	spEntityId?: string;
	/** The single signon endpoint for the external SAML identity provider. This value is required when creating an IDP. */
	ssoEndpoint?: string;
	/** The type of the external SAML identity provider. Once created, this value cannot be updated. This value is required when creating an IDP. */
	"type"?: "GENERIC";
	/** A flag indicating if the user should be updated after authenticating to the external SAML identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if authenticationEnabled is true. */
	updateUser?: boolean;
	/** A flag indicating if the user should be updated after user verification to the external SAML identity provider if it exists. The user attributes specified by the userAttributeMappings attribute are used to populate the user in IDaaS. This value can only be set if verificationEnabled is true. */
	updateUserVerification?: boolean;
	/** The IDaaS user attribute ID used to find IDaaS users associated with an external SAML identity provider user authentication. This value can only be set if authenticationEnabled is true. */
	userAttributeId?: string;
	/** The association between the claims returned from the external SAML identity provider and IDaaS user attributes. These attributes are used to populate user attributes when it is created or modified based on an external SAML identity provider user authentication or when it is modified based on an external SAML identity provider user verification. If configured, the full set of mappings must be configured. This value can only be set if createUser, updateUser, or updateVerificationUser is true. */
	userAttributeMappings?: SamlIdentityProviderAttributeMapping[];
	/** The association between the claims returned from the external SAML identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external SAML identity provider user authentication. If configured, the full set of mappings must be configured. This value can only be set if authenticationEnabled is true. */
	userAuthMatchMappings?: SamlIdentityProviderUserAuthMatchMapping[];
	/** The external SAML identity provider claim (attribute) used to find IDaaS users associated with an external SAML identity provider user authentication. This value can only be set if authenticationEnabled is true. */
	userClaim?: string;
	/** If user name parameter is set to NameID, the value of the format of this value. */
	userNameFormat?: string;
	/** The name of the parameter to include with the SAML authentication request that will contain the value of the user's userid. Set the value to NameID to pass this value as part of the SAML Request message. */
	userNameParameter?: string;
	/** The association between the claims returned from the external SAML identity provider and IDaaS user attributes. These attributes are used to match an existing IDaaS user based on an external SAML identity provider user verification. If configured, the full set of mappings must be configured. This value can only be set if verificationEnabled is true. */
	userVerMatchMappings?: SamlIdentityProviderUserVerMatchMapping[];
	/** The verification certificate used with the external SAML identity provider. */
	verificationCertificate?: string;
	/** The verification certificate2 used with the external SAML identity provider. */
	verificationCertificate2?: string;
	/** A flag indicating if the external SAML identity provider can be used for user verification. If enabled, userVerMatchMappings is required. */
	verificationEnabled?: boolean;
};
type SamlConfigurationParms = {
	/** The federation metadata URL of the SAML identity provider. */
	federationMetadataUrl: string;
};
type SamlInfoClaim = {
	/** The name of the claim attribute. */
	displayName?: string;
	/** The URI of the claim attribute. */
	uri?: string;
};
type SamlConfigurationResponse = {
	/** The list of claim attributes the SAML identity provider offers. */
	claims?: SamlInfoClaim[];
	/** The entity ID of the SAML identity provider configuration. */
	issuer?: string;
	/** The Single Logout URL of the SAML identity provider configuration. */
	sloUrl?: string;
	/** The Single Sign-on URL of the SAML identity provider configuration. */
	ssoUrl?: string;
};
type IpLocation = {
	/** The city name--always returned in upper-case. */
	cityName?: string;
	/** A two-character (alpha-2) ISO 3166-1  country code. */
	countryCode?: string;
	/** The IPv4 Address. */
	ipAddress?: string;
	/** The ISP name--always returned in upper-case. */
	isp?: string;
	/** The latitude. */
	latitude?: number;
	/** The longitude. */
	longitude?: number;
	/** Whether the IP provided is a private IP Address.  The value is only available when resolving an IP address to an IpLocation. */
	privateIpAddress?: boolean;
};
type OAuthRole = {
	/** The set of ancestor oauth role ids. */
	ancestorIds: string[];
	/** The set of descendant oauth role ids. */
	descendantIds: string[];
	/** The description of this oauth role. */
	description?: string;
	/** The UUID of this oauth role. This value is generated when the oauth role is created. */
	id: string;
	/** The set of resource server scopes ids associated with this oauth role based on inheritance from its ancestors. */
	inheritedResourceServerScopeIds: string[];
	/** The name of this oauth role. */
	name: string;
	/** The UUID of the parent of this oauth role, if one exists. */
	parentId?: string;
	/** The set of resource server scopes ids associated with this oauth role. */
	resourceServerScopeIds: string[];
};
type OrganizationParms = {
	/** The description of the organization. */
	description?: string;
	/** The display name of the organization. This value must be provided when creating an organization. */
	displayName?: string;
	/** The URI of the logo to display when showing organizations. */
	logoUri?: string;
	/** The name of the organization. This value must be provided when creating an organization. */
	name?: string;
};
type Organization = {
	/** The description of the organization. */
	description?: string;
	/** The display name of the organization. */
	displayName: string;
	/** The unique UUID assigned to the organization when it is created. */
	id: string;
	/** The URI of the logo to display when showing organizations. */
	logoUri?: string;
	/** The name of the organization. */
	name: string;
};
type OrganizationPage = {
	paging?: Paging;
	/** A single page from the list of Organizations found. */
	results: Organization[];
};
type TransactionDetail = {
	/** The transaction detail name. */
	detail?: string;
	usage?: ("RBA" | "TVS")[];
	/** The transaction detail value. */
	value?: string;
};
type OtpCreateParms = {
	/** Unique identifier of the Identity as a Service Authentication API application */
	applicationId: string;
	/** Provided client IP address. */
	clientIp?: string;
	/** Whether to deliver the OTP.  If not specified, this defaults to true. */
	deliverOTP?: boolean;
	/** Defines how a user receives their one-time passcode (Email, Text message (SMS), or Voice message (VOICE)). */
	otpDeliveryType?: "EMAIL" | "SMS" | "VOICE" | "WECHAT" | "WHATSAPP";
	/** Whether to return the OTP.  If not specified, this defaults to false. */
	returnOTP?: boolean;
	/** Defines transaction details to be associated with the OTP. */
	transactionDetails?: TransactionDetail[];
	/** User ID (containing the user ID or a user alias) of the Identity as a Service user the OTP is being created for. */
	userId: string;
};
type Otp = {
	/** The authorization token expiry time. */
	exp?: number;
	/** The OTP. */
	otp?: string;
	/** The OTP delivery type used.  The value is null if OTP delivery was not performed */
	otpDeliveryType?: "EMAIL" | "SMS" | "VOICE" | "WECHAT" | "WHATSAPP";
	/** The OTP Expiry Date. */
	otpExpiryDate?: string;
	/** The authorization token representing the OTP authentication challenge to complete. */
	token?: string;
};
type RoleUser = {
	/** A flag indicating if this role is one of the default roles. */
	defaultRole?: boolean;
	/** The UUID of the role. */
	id?: string;
	/** The description of the role. */
	roleDescription?: string;
	/** The name of the role */
	roleName: string;
	/** The number of users in this role. */
	usersInRole?: number;
};
type Permission = {
	/** The action to which this permission applies. */
	actionType: "VIEW" | "ADD" | "EDIT" | "REMOVE" | "ALL";
	/** The entity to which this permission applies. */
	entityType: "ALL" | "SUBSCRIBERS" | "USERS" | "APPLICATIONS" | "TOKENS" | "ROLES" | "SPROLES" | "CONTEXTRULES" | "AUTHORIZATIONGROUPS" | "USERATTRIBUTES" | "USERATTRIBUTEVALUES" | "AGENTS" | "GROUPS" | "SETTINGS" | "DIRECTORIES" | "DIRECTORYSYNC" | "DIRECTORYCONNECTIONS" | "TEMPLATES" | "USERSITEROLES" | "REPORTS" | "BULKUSERS" | "BULKGROUPS" | "USERPASSWORDS" | "SERVICEPROVIDERS" | "SERVICEPROVIDERACCOUNTS" | "USERMACHINES" | "CAS" | "BULKHARDWARETOKENS" | "BULKSMARTCARDS" | "DIGITALIDCONFIGS" | "DIGITALIDCONFIGVARIABLES" | "DIGITALIDCONFIGCERTTEMPS" | "DIGITALIDCONFIGSANS" | "SCDEFNS" | "SCDEFNPIVAPPLETCONFIGS" | "SCDEFNVARIABLES" | "SMARTCREDENTIALS" | "SMARTCREDENTIALSSIGNATURE" | "USERSPROLES" | "EXPECTEDLOCATIONS" | "USERLOCATIONS" | "USERRBASETTINGS" | "SPCLIENTCREDENTIALS" | "SPMANAGEMENTPLATFORM" | "ENTITLEMENTS" | "QUESTIONS" | "USERQUESTIONS" | "USERQUESTIONANSWERS" | "USERKBACHALLENGES" | "WORDSYNONYMS" | "GATEWAYS" | "GATEWAYCSRS" | "SPUSERMGMT" | "BULKIDENTITYGUARD" | "TEMPACCESSCODES" | "TEMPACCESSCODECONTENTS" | "GRIDS" | "GRIDCONTENTS" | "FIDOTOKENS" | "EXPORTREPORTS" | "CUSTOMIZATIONVARIABLES" | "BLACKLISTEDPASSWORDS" | "SPENTITLEMENTS" | "CREATETENANT" | "TENANTS" | "ARCHIVES" | "CERTIFICATES" | "INTELLITRUSTDESKTOPS" | "ACTIVESYNC" | "PRINTERS" | "ISSUANCE" | "OTPS" | "AD_CONNECTOR_DIRECTORIES" | "AZURE_DIRECTORIES" | "SCHEDULEDTASKS" | "CREDENTIALDESIGNS" | "ENROLLMENTS" | "BULKENROLLMENTS" | "EMAILTEMPLATES" | "EMAILVARIABLES" | "SENDEMAIL" | "SENDSCIM" | "SENDAZUREAD" | "DIRECTORYPASSWORD" | "TRANSACTIONITEMS" | "TRANSACTIONRULES" | "ENROLLMENTDESIGNS" | "HIGH_AVAILABILITY_GROUPS" | "PKIAASCREDENTIALS" | "DIGITALIDCERTIFICATES" | "PIVCONTENTSIGNER" | "RESOURCESERVERAPIS" | "RESOURCESERVERSCOPES" | "USEROAUTHTOKENS" | "GROUPPOLICIES" | "OAUTHROLES" | "IDENTITYPROVIDERS" | "SMARTCARDS" | "IPLISTS" | "DOMAINCONTROLLERCERTS" | "OTPPROVIDERS" | "PREFERREDOTPPROVIDERS" | "SPIDENTITYPROVIDERS" | "PUSHCREDENTIALS" | "DIRECTORYSEARCHATTRIBUTES" | "DIRECTORYATTRIBUTES" | "RISKENGINES" | "SCIMPROVISIONINGS" | "RATELIMITING" | "CLAIMS" | "CONTACTVERIFICATION" | "HOSTNAMESETTINGS" | "MAGICLINKS" | "MAGICLINKCONTENTS" | "AUTHENTICATIONFLOWS" | "FACE" | "TOKENACTIVATIONCONTENTS" | "PASSTHROUGH" | "POLICYOVERRIDE" | "ORGANIZATIONS" | "WEBHOOKS" | "WEBHOOK_NOTIFICATION" | "VCDEFNS" | "VCS" | "PLAYINTEGRITYCREDENTIALS" | "VPDEFNS" | "ACRS" | "FLEET_MANAGEMENT_ALERT" | "VERIFYUSER" | "USER_PRINTER_PREFERENCE" | "NAMEDPASSWORDS";
	/** The UUID of this permission. */
	id: string;
	/** The role type to which this permission applies. */
	roleType: "SITE_ADMINISTRATOR" | "ACCOUNT_MANAGER";
};
type Role = {
	/** A flag indicating if administrators with this role can manage all roles and all users. */
	allRoles?: boolean;
	/** A flag indicating if this role is one of the default roles. */
	defaultRole?: boolean;
	/** The description of the role. */
	description?: string;
	/** The UUIDs of groups associated with this role when Group Management is DEFINED. This attribute is ignored if Group Management is ALL or OWN. */
	groupIds?: string[];
	/** The type of the group management. Defaults to ALL if not provided. */
	groupManagement?: "ALL" | "DEFINED" | "OWN";
	/** The UUID of the role. */
	id?: string;
	/** If allRoles is false, this attribute lists the roles and administrators in these roles that can be administered by administrators with this role.  Administrators will also be able to manage end users. */
	managedRoles?: Role[];
	/** The name of the role. */
	name: string;
	/** A list of the permissions assigned to this role. */
	permissions?: Permission[];
	/** The type of the role. */
	roleType: "SITE_ADMINISTRATOR" | "ACCOUNT_MANAGER";
	/** A flag indicating if this role is a super administrator. */
	superAdministrator?: boolean;
};
type ScDefnVariable = {
	/** The default value of this variable. */
	defaultValue?: string;
	/** A flag indicating if values for this variable should be displayed. */
	displayable?: boolean;
	/** A flag indicating if the initial value for this variable should be generated. */
	generate?: boolean;
	/** A length value used when generating values for this variable. */
	generateLength?: number;
	/** The UUID of this SC Defn Variable. */
	id?: string;
	/** A flag indicating if values for this variable can be modified. */
	modifiable?: boolean;
	/** The name of this SC Defn Variable. */
	name?: string;
	/** A value that specifies the order of this variable with respect to the other variables in the SC Defn. */
	order?: number;
	/** Optional prompt to be used when prompting for a value for this variable. */
	prompt?: string;
	/** A flag indicating if a value is required for this variable. */
	required?: boolean;
	/** A value specifying restrictions on digits appearing in values of this variable. */
	restrictionDigits?: "ALLOWED" | "REQUIRED" | "NOT_ALLOWED" | "NOT_SET";
	/** A value specifying restrictions on lowercase characters appearing in values of this variable. */
	restrictionLower?: "ALLOWED" | "REQUIRED" | "NOT_ALLOWED" | "NOT_SET";
	/** A value indicating a maximum for values of this variable. How this is enforced depends on the variable type. */
	restrictionMax?: number;
	/** A value indicating a minimum for values of this variable. How this is enforced depends on the variable type. */
	restrictionMin?: number;
	/** A value specifying a regex that values of this variable must match. */
	restrictionRegex?: string;
	/** A value specifying restrictions on special characters appearing in values of this variable. */
	restrictionSpecial?: "ALLOWED" | "REQUIRED" | "NOT_ALLOWED" | "NOT_SET";
	/** A value specifying restrictions on uppercase characters appearing in values of this variable. */
	restrictionUpper?: "ALLOWED" | "REQUIRED" | "NOT_ALLOWED" | "NOT_SET";
	/** The UUID of the SC Defn that owns this variable definition. */
	scDefnId?: string;
	/** The type of this variable. */
	"type"?: "STRING" | "BOOLEAN" | "INTEGER" | "UUID";
	/** A flag indicating if values of this variable must be unique and if so within what scope. */
	uniqueness?: "GLOBAL" | "USER" | "NONE";
	/** A value that allows a variable to be defined unique in the scope of another variable. */
	uniquenessScopeId?: string;
};
type ScDefn = {
	/** A flag indicating if smart credentials using this SC definition must have a card digital id config defined. */
	cardDigitalIdConfigRequired?: boolean;
	/** A flag indicating if smart credentials using this SC definition must have a card holder digital id config defined. */
	cardHolderDigitalIdConfigRequired?: boolean;
	/** Requirements for digits in card PINs for smart credentials for this SC Defn. */
	cardPinDigits?: "ALLOWED" | "REQUIRED" | "NOT_ALLOWED" | "NOT_SET";
	/** The length of card PINs generated for smart credentials for this SC Defn. */
	cardPinLength?: number;
	/** Requirements for lowercase letters in card PINs for smart credentials for this SC Defn. */
	cardPinLower?: "ALLOWED" | "REQUIRED" | "NOT_ALLOWED" | "NOT_SET";
	/** The maximum number of times a wrong PIN can be entered incorrectly before it locks out the smart credential. */
	cardPinMaxAttempts?: number;
	/** The maximum PIN length of card PINs for smart credentials for this SC Defn. */
	cardPinMaxLength?: number;
	/** The maximum number of times a PIN can be used before it must be changed after it is set by an administrator. */
	cardPinMaxUsesAfterAdminReset?: number;
	/** The minimum PIN length of card PINs for smart credentials for this SC Defn. */
	cardPinMinLength?: number;
	/** Requirements for special characters in card PINs for smart credentials for this SC Defn. */
	cardPinSpecial?: "ALLOWED" | "REQUIRED" | "NOT_ALLOWED" | "NOT_SET";
	/** Requirements for uppercase letters in card PINs for smart credentials for this SC Defn. */
	cardPinUpper?: "ALLOWED" | "REQUIRED" | "NOT_ALLOWED" | "NOT_SET";
	/** The UUID of the default card digital id config.  If not set, there is no default. */
	defaultCardDigitalIdConfigId?: string;
	/** The UUID of the default card holder digital id config.  If not set, there is no default. */
	defaultCardHolderDigitalIdConfigId?: string;
	/** A flag indicating if this is the default SC Defn. */
	defaultSCDefn?: boolean;
	/** The UUID of this SC Defn. */
	id?: string;
	/** The lifetime (in months) of smart credentials created for this SC Defn. */
	lifetime?: number;
	/** The name of this SC Defn. */
	name?: string;
	/** The UUID of the PIV applet configuration associated with this smart credential definition. */
	pivAppletConfigId?: string;
	/** The UUID of the CA that defines the PIV Content Signer for this SC definition. If not set, the PIV Content Signer is derived from the digital id configs. */
	pivContentSignerCAId?: string;
	/** Smart Credential Definition Variables defined for this SC Defn. */
	variables?: ScDefnVariable[];
};
type ScDefnGetParms = {
	/** The name of the smart credential definition to be retrieved. */
	name: string;
};
type EntrustStAuthenticatorSettings = {
	/** The amount of time in seconds that an activation request is valid.  Default is 300 seconds. */
	activationLifetime?: number;
	/** The list of activation types that will be performed.  Allowed values are: CLASSIC (return activation values that must be manually entered into the mobile application), ONLINE (return a link that when clicked will launch the mobile application) and OFFLINE (return a QR code that can be scanned by the mobile application).  If no values are specified in the list then activation types are not updated. */
	activationTypes?: ("CLASSIC" | "ONLINE" | "OFFLINE")[];
	/** A flag indicating if the mobile app allows the user to take action on a notification without opening the app. */
	allowActionableNotifications?: boolean;
	/** A boolean value that specifies whether device biometric is allowed. Default is true. */
	allowDeviceBiometric?: boolean;
	/** A flag indicating if the Mobile soft token can be activated on a rooted device. Default is false. */
	allowUnsecureDevice?: boolean;
	/** The package name of the custom Android application. */
	appVerificationAndroidPackageName?: string;
	/** The bundle id of the custom IOS application. */
	appVerificationIOSBundleId?: string;
	/** The team id of the custom IOS application. */
	appVerificationIOSTeamId?: string;
	/** A flag indicating if app verification is required during activation. */
	appVerificationRequired?: boolean;
	/** A flag indicating if the facial recognition feature supported by the Entrust Soft Token application is allowed. The default is false. */
	facialRecognitionAllowed?: boolean;
	/** The maximum number of 30 second timestamps that a result response is validated. Default is 120. */
	maxResetTimeSteps?: number;
	/** The maximum number of 30 second timesteps over which a response is validated. The default is 10. */
	maxTimeSteps?: number;
	/** Characters that can appear in a mutual challenge. Can contain any non-whitespace character. Default is all digits. */
	mutualChallengeAlphabet?: string;
	/** A flag indicating if the Push Authentication Mutual Challenge is enabled. The default is false. */
	mutualChallengeEnabled?: boolean;
	/** An integer value that specifies what percent of requests have a mutual challenge. Default is 100. */
	mutualChallengeForPercentOfRequests?: number;
	/** The length of the mutual challenge. Default is 2. */
	mutualChallengeLength?: number;
	/** The number of mutual challenges return in a batch. Default is 3. */
	mutualChallengeSize?: number;
	/** The length of the random password generated to encrypt an activation QR code. Default is 8. */
	offlineActivationPasswordLength?: number;
	/** The length of the random password generated for an online activation. Default is 16. */
	onlineActivationPasswordLength?: number;
	/** The length of the OTP generated by the soft token. The default is 8. */
	otpLength?: 6 | 8;
	/** A flag indicating if this token requires that a PIN be enabled on the Entrust Soft Token application. The default is true. */
	pinRequired?: boolean;
	/** A flag indicating if device verification is required during activation. */
	requireDeviceVerificationOnActivation?: boolean;
	/** Specifies the URL scheme used in soft token activation URLs. It should specify the URL scheme associated with the mobile application to be used. This value should only be changed if you are using your own mobile application written using the Entrust ST SDK.  The default value is igmobileotp which corresponds to the Entrust ST application. */
	scheme?: string;
};
type FaceAccountSettings = {
	/** Token used to authenticate Onfido API requests. */
	apiKey: string;
	/** UUID of the Onfido account settings in IDaaS. */
	id?: string;
	/** Region of the Onfido account. Allowed values: EU, US, CA. */
	region: "EU" | "US" | "CA";
	/** Onfido webhook token used to validate incoming webhook payloads. */
	webhookToken: string;
};
type FidoAndroidOriginSettings = {
	/** An array of SHA-256 fingerprints of the app's signing certificate(s). */
	fingerprints: string[];
	/** Specifies the android app's package name. */
	packageName: string;
};
type FidoIosOriginSettings = {
	/** Specifies the Apple developer Team ID. */
	appIdentifierPrefix: string;
	/** Application's unique bundle ID to associate with the server. */
	bundleIdentifier: string;
};
type FidoAllowedRpid = {
	/** Collection of different android app origin configurations. */
	androidOrigins?: FidoAndroidOriginSettings[];
	/** Allowed FIDO relying party ID hostname value. This value can not contain a port. */
	hostname: string;
	/** Collection of different ios app association configurations. */
	iosOrigins?: FidoIosOriginSettings[];
	/** Determines if subdomains are allowed for this relying party ID. */
	subdomainsAllowed?: boolean;
	/** Determines if the relying party ID is system defined. */
	systemDefined: boolean;
};
type FidoAuthenticatorSettings = {
	/** Attestation preference for passkey/FIDO2 registration. Determines how much information about the authenticator (security key/passkey) is shared during registration. NONE: No authenticator details shared (recommended for privacy). INDIRECT: Basic information shared in a privacy-preserving way (balanced approach). DIRECT: Full authenticator details shared (use when you need to verify specific device models). */
	attestation?: "NONE" | "INDIRECT" | "DIRECT";
	/** A boolean value indicating if synced passkey/FIDO2 tokens should be blocked. */
	backupEligibleCheck: boolean;
	/** List of allowed relying party IDs for passkey/FIDO2 registration. */
	fidoRelyingPartyAllowlist: FidoAllowedRpid[];
	/** A boolean value indicating if passkey/FIDO2 relying party allow list is enabled. */
	fidoRelyingPartyAllowlistEnabled: boolean;
	/** The minimum authentication level required to use FIDO self user actions through the Authentication API. */
	passkeyAuthenticatorLevel: string;
	/** Should the token be embedded on the device or stored externally? */
	registrationAuthenticatorAttachment: "EITHER" | "PLATFORM" | "CROSS_PLATFORM";
	/** Should the User ID be stored on the Passkey/FIDO2 token? */
	registrationRequireResidentKey: "DISCOURAGED" | "PREFERRED" | "REQUIRED";
	/** Should the token perform user verification? */
	registrationUserVerification: "DISCOURAGED" | "PREFERRED" | "REQUIRED";
	/** The time in seconds that a client will wait for the FIDO token to respond. Value must be between 5 and 300. */
	timeout: number;
	/** A boolean value indicating if user presence is checked by the passkey/FIDO2 token. */
	userPresentCheck: boolean;
};
type FidoAuthenticatorSettingsParms = {
	/** Attestation preference for passkey/FIDO2 registration. Determines how much information about the authenticator (security key/passkey) is shared during registration. NONE: No authenticator details shared (recommended for privacy). INDIRECT: Basic information shared in a privacy-preserving way (balanced approach). DIRECT: Full authenticator details shared (use when you need to verify specific device models). */
	attestation?: "NONE" | "INDIRECT" | "DIRECT";
	/** A boolean value indicating if synced passkey/FIDO2 tokens should be blocked. */
	backupEligibleCheck?: boolean;
	/** List of allowed relying party IDs for passkey/FIDO2 registration. */
	fidoRelyingPartyAllowlist?: FidoAllowedRpid[];
	/** A boolean value indicating if passkey/FIDO2 relying party allow list is enabled. */
	fidoRelyingPartyAllowlistEnabled?: boolean;
	/** The minimum authentication level required to use FIDO self user actions through the Authentication API. */
	passkeyAuthenticatorLevel?: string;
	/** Should the token be embedded on the device or stored externally? */
	registrationAuthenticatorAttachment?: "EITHER" | "PLATFORM" | "CROSS_PLATFORM";
	/** Should the User ID be stored on the Passkey/FIDO2 token? */
	registrationRequireResidentKey?: "DISCOURAGED" | "PREFERRED" | "REQUIRED";
	/** Should the token perform user verification? */
	registrationUserVerification?: "DISCOURAGED" | "PREFERRED" | "REQUIRED";
	/** The time in seconds that a client will wait for the FIDO token to respond. Value must be between 5 and 300. */
	timeout?: number;
	/** A boolean value indicating if user presence is checked by the passkey/FIDO2 token. */
	userPresentCheck?: boolean;
};
type FidoAssociationFileRequest = {
	/** The relying party ID that hosts the association file. */
	rpId: string;
};
type FidoAndroidAssetLinksTargets = {
	/** The namespace string for the association. */
	"namespace": string;
	/** The package name of the Android app. */
	package_name?: string;
	/** The list of SHA-256 certificate fingerprints for the signing certificates. */
	sha256_cert_fingerprints?: string[];
};
type FidoAndroidAssetLinks = {
	/** List of relationships describing the association permissions between the website and the app. */
	relation: string[];
	target: FidoAndroidAssetLinksTargets;
};
type FidoAppleAppSiteAssociationWebcredentials = {
	/** A list of app IDs that can use passkey for the associated website. */
	apps: string[];
};
type FidoAppleAppSiteAssociation = {
	webcredentials: FidoAppleAppSiteAssociationWebcredentials;
};
type CorsOrigin = {
	/** CORS origin UUID. This value is generated when the origin is created. */
	id: string;
	/** Allowed CORS origin. This value can contain port. Wildcard can be used for ports but not for domains.  */
	origin: string;
};
type GeneralSettings = {
	/** The amount of time in seconds admin user sessions remain active without user interaction before automatically expiring. If not specified, then authenticationSessionLifetime value is used. */
	adminUserAuthenticationSessionLifetime?: number;
	/** The amount of time in seconds standard user sessions remain active without user interaction before automatically expiring. Default is 900. */
	authenticationSessionLifetime?: number;
	/** A setting that indicates the type of token automatically created for the user when it is created. Choices are NONE, ENTRUST_SOFT_TOKEN or GOOGLE_AUTHENTICATOR. Default is NONE. */
	authenticatorActivationType?: "NONE" | "ENTRUST_SOFT_TOKEN" | "GOOGLE_AUTHENTICATOR";
	/** A flag that indicates if CORS is enabled for this account. Deprecated, configure it through admin portal. */
	corsEnabled?: boolean;
	/** A list of origins that cross-origin requests are allowed from. Deprecated, configure it through admin portal. */
	corsOrigins?: CorsOrigin[];
	/** A flag that indicates if a grid card is created for the user when it is created. */
	defaultGrid?: boolean;
	/** A flag that indicates whether to automatically enroll a smart credential for the user when it is created. Default is false. */
	defaultMobileSmartCredential?: boolean;
	/** A flag that indicates if a default password is created for the user when it is created. Default is false. */
	defaultPassword?: boolean;
	/** The amount of time in seconds before a dynamic linking transaction expired. Default is 300. */
	dynamicLinkingTransactionLifetime?: number;
	/** Indicates whether to enable Enhanced Authentication Details or not. */
	enableEnhancedAuthenticationDetails?: boolean;
	/** The amount of time in seconds that administrators can grant for users. */
	inactivityGracePeriod?: number;
	/** The number of failed authentications before a user is locked out. Default is 5. */
	lockoutCount?: number;
	/** The amount of time in seconds before a user lockout expires.  A value of 0 means the lockout never expires. Minimum is 0. Default is 0. */
	lockoutLifetime?: number;
	/** The lockout mode to use for your IntelliTrust account. The AUTHENTICATOR lockout mode means a per-authenticator lockout will be enforced. When a user locks an authenticator they can no longer use that authenticator but can still use an alternative authenticator to log in. The USER lockout mode will lock out a user if any of their authenticators have been locked. */
	lockoutMode?: "AUTHENTICATOR" | "USER";
	/** Indicates whether to block users who have not authenticated for a time being. */
	manageInactiveUsers?: boolean;
	/** The maximum number of FIDO tokens that a user can have.  Default is 5. */
	maxFIDOTokensPerUser?: number;
	/** The maximum number of Face Biometrics that a user can have. Default is 5. */
	maxFacesPerUser?: number;
	/** The maximum number of grids that a user can have.  Default is 5. */
	maxGridsPerUser?: number;
	/** Maximum number of queued push transactions. Default is 1. */
	maxNumberOfPushTransactionsQueued?: number;
	/** The maximum number of smart credentials that a user can have.  Default is 3. */
	maxSmartCredentialsPerUser?: number;
	/** The maximum number of tokens that a user can have.  Default is 5. */
	maxTokensPerUser?: number;
	/** The amount of time in seconds before a push authentication requires expires if a response is not received from the mobile application.  Default is 300. */
	pushAuthenticationLifetime?: number;
	/** The amount of time in seconds that a push transaction can be queued.  Default is 60. */
	pushTransactionLifetime?: number;
	/** Indicates whether the Get Started wizard should be shown or not. */
	showOnboardingWizard?: boolean;
	/** The UUID of the Smart Credential Definition to use when a user enrolls a Smart Credential. */
	smartCredentialDefn?: string;
	/** The amount of time in seconds for a user to be inactive. */
	userInactivityThreshold?: number;
};
type GoogleAuthenticatorSettings = {
	/** The maximum number of 30 second timestamps that a result response is validated. Default is 120. */
	maxResetTimeSteps?: number;
	/** The maximum number of 30 second timesteps over which a response is validated. The default is 10. */
	maxTimeSteps?: number;
};
type PasswordResetSettings = {
	/** Flag indicates if ignore ip address for rba will be allowed or not. */
	allowIgnoreIpAddressForRba?: boolean;
	/** The list of second factor authenticator types that can be used during a password reset operation. */
	authenticators?: ("MACHINE" | "PASSWORD" | "EXTERNAL" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "SMARTCREDENTIALPUSH" | "PASSWORD_AND_SECONDFACTOR" | "SMART_LOGIN" | "IDP" | "PASSKEY" | "IDP_AND_SECONDFACTOR" | "USER_CERTIFICATE" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	/** For a KBA authenticator, it is the number of questions that the user must answer--not supported if these settings are part of a Group Policy (not the Global Policy). */
	challengeSize?: number;
	/** Indicates whether an email should be sent to notify the user account has been locked, unlocked, or an attempt of unlock has occurred. */
	emailAccount?: boolean;
	/** Indicates if OTP can be sent to email. */
	emailOtpEnabled?: boolean;
	/** Indicates whether password reset is enabled. */
	enabled?: boolean;
	/** Groups that can perform a password reset operation--not supported if these settings are part of a Group Policy (not the Global Policy). */
	groups?: Group[];
	/** ID of the password reset settings. */
	id?: string;
	/** The ID of the named password. */
	namedPasswordId?: string;
	/** The name of the password. */
	namedPasswordName?: string;
	/** Indicates whether two forms of second factor authentication must be completed before a password reset operation can be done. */
	twoSecondFactorRequired?: boolean;
	/** Indicates whether the user account should be unlocked after a password reset operation is completed. */
	unlockAccount?: boolean;
	/** Indicates the version of this model. */
	version?: number;
	/** For a KBA authenticator, it is the number of questions that the user could answer incorrectly and still be considered a valid response--not supported if these settings are part of a Group Policy (not the Global Policy). */
	wrongAnswersAllowed?: number;
};
type ScVariableValue = {
	scDefnVariable?: ScDefnVariable;
	/** The UUID of the SC Defn Variable that defines the variable. */
	scDefnVariableId?: string;
	/** The variable value. */
	value?: string;
};
type SmartCredentialParms = {
	/** The UUID of the Card Digital Id config of this smart credential. It can be specified in either the create or update operations.  If not set, the smart credential will not have a Card Digital Id. */
	cardDigitalConfigId?: string;
	/** The UUID of the Card Holder Digital Id config of this smart credential. It can be specified in either the create or update operations.  If not set, the smart credential will not have a Card Holder Digital Id. */
	cardHolderDigitalConfigId?: string;
	/** The UUID of the Smart Credential Definition that defines this smart credential. It must be specified when the smart credential is created and can be updated for an existing smart credential. */
	scDefnId?: string;
	/** The state of the smart credential.  Only smart credentials in the ACTIVE state can be used for authentication. */
	state?: "ACTIVE" | "INACTIVE";
	/** The UUID of the user that owns this smart credential. This value must be specified when the smart credential is created and is read-only after that. */
	userId?: string;
	/** When creating or modifying a smart credential, the variable values specify a list of variable values to be set. */
	variableValues?: ScVariableValue[];
};
type DigitalIdConfigCertTemplate = {
	/** The UUID of the Digital Id Config that owns this Digital Id Config Cert Template. */
	digitalIdConfigId?: string;
	/** The UUID of the Digital Id Config Cert Template. */
	id?: string;
	/** The key type of the Digital Id Config Cert Template. */
	keyType?: "RSA_2048" | "EC_P_256";
	/** The lifetime (in months) of the certificate created with this Digital Id Config Cert Template. */
	lifetime?: number;
	/** The name of the Digital Id Config Cert Template. */
	name?: string;
	/** The PIV container of the Digital Id Config Cert Template. */
	pivContainer?: "PivAuth" | "CardAuth" | "DigSig" | "KeyMgmt" | "None";
	/** A flag indicating whether to use the CA's default certificate lifetime. */
	useCaDefaultCertLifetime?: boolean;
};
type DigitalIdConfigSubjectAltName = {
	/** The UUID of the digital id config that owns this subjectAltName. */
	digitalIdConfigId?: string;
	/** The UUID of this Digital Id Config SubjectAltName. */
	id?: string;
	/** The type of subjectAltName. */
	"type"?: "EMAIL" | "UPN" | "IP" | "DNS" | "OTHER" | "X400" | "DN" | "EDI" | "URI" | "REGISTERED_ID";
	/** The value for the subjectAltName. */
	value?: string;
};
type DigitalIdConfigVariable = {
	/** The UUID of the Digital Id Config that owns this Digital Id Config Variable. */
	digitalIdConfigId?: string;
	/** The UUID of the Digital Id Config Variable. */
	id?: string;
	/** A flag indicating if values for this variable are included in the Digital Id's DN when it is generated by the CA. */
	includedInDN?: boolean;
	/** The name of the Digital Id Config Variable. */
	name?: string;
	/** The type of the Digital Id Config Variable. */
	"type"?: "CERTIFICATE" | "USER" | "VARIABLE" | "CUSTOM";
	/** The value of the Digital Id Config Variable. */
	value?: string;
};
type DigitalIdConfig = {
	/** If true, digital ids using this config will be set to have all CA groups. */
	allCAGroups?: boolean;
	/** If allCAGroups is set to false then digital ids using this config will use this specified list of CA groups. */
	caGroups?: string[];
	/** The UUID of the CA for this digital id config. */
	caId?: string;
	/** The name of the CA for this digital id config. */
	caName?: string;
	/** The CA type of this Digital Id Config. */
	caType?: "EDC" | "MS" | "PKIAAS";
	/** A list of cert templates associated with this digital id config. */
	certTemplates?: DigitalIdConfigCertTemplate[];
	/** The CA certificate type which digital ids using this config will use. */
	certificateType?: string;
	/** When creating a digital id config, default values can be provided from this specified digital id config template. */
	digitalIdConfigTemplateId?: string;
	/** A flag indicating if digital ids using this config will create directory entries in the CA. */
	directoryEntry?: boolean;
	/** The format which digital ids using this config will use for their DN. */
	dnFormat?: string;
	/** Whether digital ids using this config should include the searchbase in their DN. */
	dnFormatSearchbaseIncluded?: boolean;
	/** The UUID of this Digital Id Config. */
	id?: string;
	/** The name of this Digital Id Config. */
	name?: string;
	/** The CA role which digital ids using this config will use. */
	role?: string;
	/** The searchbase within the CA in which digital ids using this config will be created. */
	searchbase?: string;
	/** A list of subjectAltNames associated with this digital id config. */
	subjectAltNames?: DigitalIdConfigSubjectAltName[];
	/** The type of digital id. */
	"type"?: "PIV_CARDHOLDER" | "PIV_CARD";
	/** The CA user type which digital ids using this config will use. */
	userType?: string;
	/** A list of variables associated with this digital id config. */
	variables?: DigitalIdConfigVariable[];
};
type DigitalIdCert = {
	/** The description providing the purpose of this certificate. */
	description?: string;
	/** The UUID of the digital id to which this certificate belongs */
	digitalIdId?: string;
	/** The type of the digital Id to which this certificate belongs. */
	digitalIdType?: "PIV_CARDHOLDER" | "PIV_CARD";
	/** The UUID of this Digital Id Certificate. */
	id?: string;
	/** The issuer DN of this certificate. */
	issuerDN?: string;
	/** The expiry date of this certificate. */
	notAfter?: string;
	/** The issue date of this certificate. */
	notBefore?: string;
	/** The name of the PIV container that stores this certificate on the smart card. */
	pivContainer?: string;
	/** The serial number of this certificate. */
	serialNumber?: string;
	/** The status of this certificate. If not set, the revocation status has not been retrieved from the CA. */
	status?: "ACTIVE" | "REVOKED" | "HOLD" | "EXPIRED" | "NOT_AVAILABLE";
	/** The subject DN of this certificate. */
	subjectDN?: string;
};
type DigitalId = {
	/** The certificates associated with this digital id. */
	certificates?: DigitalIdCert[];
	/** The UUID of the digital Id config that defines this digital Id. */
	digitalIdConfigId?: string;
	/** The name of the digital id Config that defines this digital Id. */
	digitalIdConfigName?: string;
	/** The type of this digital Id. */
	digitalIdConfigType?: "PIV_CARDHOLDER" | "PIV_CARD";
	/** The current DN of the digital id. */
	dn?: string;
	/** The UUID of this DigitalId. */
	id?: string;
};
type SmartCredential = {
	/** A list of administration actions currently allowed for this smart credential. */
	allowedActions?: ("ACTIVATE" | "REACTIVATE" | "UPDATE" | "UNASSIGN" | "UNBLOCK" | "ENABLE" | "DISABLE" | "DELETE" | "VIEW_CERTIFICATES")[];
	cardDigitalConfig?: DigitalIdConfig;
	/** The UUID of the Card Digital Id config of this smart credential. If not set, the smart credential will not have a Card Digital Id. */
	cardDigitalConfigId?: string;
	/** Indicates if the card digitalid config is required or not. */
	cardDigitalConfigRequired?: boolean;
	cardHolderDigitalConfig?: DigitalIdConfig;
	/** The UUID of the Card Holder Digital Id config of this smart credential. If not set, the smart credential will not have a Card Holder Digital Id. */
	cardHolderDigitalConfigId?: string;
	/** Indicates if the card holder digitalid config is required or not. */
	cardHolderDigitalConfigRequired?: boolean;
	/** A list of certificates associated with this smart credential. */
	certificates?: DigitalIdCert[];
	/** The chip id of the smart card set when the smart credential is encoded. */
	chipId?: string;
	/** A flag indicating if the smart credential is enrolled on a verified device. */
	deviceVerified: boolean;
	/** A list of digital ids associated with this smart credential. */
	digitalIds?: DigitalId[];
	/** For smart credentials that have failed to encode, the encode message stores a message providing information about the failure. */
	encodeMsg?: string;
	/** The encode state of a smart credential indicates if encoding has started, completed successfully or failed. */
	encodeState?: "ENCODE_START" | "ENCODE_DONE" | "ENCODE_ERROR";
	/** The enrollment state of a smart credential indicates if all of the necessary enrollment values have been collected. Only smart credentials in the ENROLLED state can be activated. */
	enrollState?: "ENROLLING" | "ENROLLED";
	/** For issued smart credentials, the expiry date is the date on which the smart credential will expire. */
	expiryDate?: string;
	/** The unique UUID assigned to the smart credential when it is created. */
	id?: string;
	/** The date on which the smart credential was issued. */
	issueDate?: string;
	/** A flag indicating if notification is enabled for this smart credential. */
	notifyEnabled?: boolean;
	/** The platform of the Mobile SC application on which this smart credential was encoded. */
	platform?: string;
	/** The UUID of the Smart Credential Definition that defines this smart credential. */
	scDefnId?: string;
	/** The name of the smart credential definition of this smart credential. */
	scDefnName?: string;
	/** The unique serial number of the smart credential generated when it is created. */
	serialNumber?: string;
	/** The state of the smart credential.  Only smart credentials in the ACTIVE state can be used for authentication. */
	state?: "ACTIVE" | "INACTIVE";
	/** The UUID of the user that owns this smart credential. */
	userId?: string;
	/** The user Id of the user that owns this smart credential. */
	userUserId?: string;
	/** Variable values for this smart credential */
	variableValues?: ScVariableValue[];
	/** The version of the Mobile SC application on which this smart credential was encoded. */
	version?: string;
};
type ExportCertificate = {
	/** Certificate information as a PEM encoded value. */
	certificate?: string;
};
type ActivateSmartCredentialParms = {
	/** A map which consists of additional attributes and values to be used for smart credential encoding. Currently the only value that is supported is the value with name "photo" where the value is a Base-64 encoded JPEG or PNG image or a data URL of the form "data:image/<type>;base64,<data>" where <type> is jpeg or png and <data> is a Base-64 encoded JPEG or PNG image. */
	additionalUserInfo?: {
		[key: string]: string;
	};
	/** A flag indicating if the activation email should be delivered to the user.  If not set, it defaults to false. */
	deliverActivationEmail?: boolean;
	/** A flag indicating if the target is mobile smart credential. */
	mobile?: boolean;
	/** A list of which activation types (LINK or QRCODE) should use a random password to encrypt the activation information. If the list is null or empty, QRCODE activation will require a password and LINK will not. */
	requirePassword?: ("LINK" | "QRCODE")[];
	/** A list of activation types (LINK or QRCODE) to perform.  If the list is null or empty, all activation types are performed */
	"type"?: ("LINK" | "QRCODE")[];
};
type ActivateSmartCredentialResult = {
	/** If either the QR Code URL or the Link URL were password protected, the password needed to unprotect them. */
	activationPassword?: string;
	/** The HTTP version of the link activation URL */
	linkHttpURL?: string;
	/** The link activation URL */
	linkURL?: string;
	/** Base-64 encoded activation QR Code */
	qrCode?: string;
	/** The activation URL encoded into the QR Code */
	qrCodeURL?: string;
};
type SmartCredentialChangeStateParms = {
	/** The new state of the smart credential. */
	state?: "ACTIVE" | "INACTIVE";
};
type SmartCredentialCompleteSignParms = {
	/** For smart credential push Signature the transaction can be canceled by setting cancel to true. */
	cancelTransaction?: boolean;
	/** The transactionId for smart credential complete sign operation. */
	transactionId?: string;
};
type SmartCredentialCompleteSignResponse = {
	/** The smart credential complete sign base-64 encoded certificate Chain. */
	certChain?: string[];
	/** The smart credential complete sign response digestSignature. */
	digestSignature?: string;
	/** The smart credential complete sign response status. */
	status?: "CONFIRM" | "CONCERN" | "CANCEL" | "NO_RESPONSE";
};
type SmartCredentialStartSignParms = {
	/** The digest value that will be signed by the smart credential. */
	digest?: string;
	/** The hashing algorithm that will be used to sign the digest value. It must be one of the values "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512". */
	digestHashAlg?: string;
	/** Specify which key on the smart credential is used to sign the digest. If not specified it defaults to PIV_AUTHENTICATION. */
	digestKey?: "PIV_AUTHENTICATION" | "DIGITAL_SIGNATURE" | "CARD_AUTHENTICATION";
	/** The smart credential push signature challenge that appears in the user's mobile application. */
	summary?: string;
};
type SmartCredentialStartSignResponse = {
	/** The smart credential push signature transactionId returned from the start sign operation. */
	transactionId?: string;
};
type SmartCredentialUnblockParms = {
	/** The smart credential unblock challenge generated from the smart credential. */
	challenge?: string;
};
type SmartCredentialUnblockResponse = {
	/** The smart credential unblock response that needs to be provided to the smart credential to allowed it  to complete the unblock operation. */
	response?: string;
};
type SyncUserParms = {
	/** The directory id for this synchronization.  This value is required */
	directoryId: string;
	/** The id of the user to be synchronized.  The type of the id is specified by idType. */
	id: string;
	/** The type of the id identifying the user.  The value can be one of UUID (the user's internal UUID) or USERID (the user's userId). The value of EXTERNALID  is currently not supported.  If not specified, this defaults to USERID. */
	idType?: "UUID" | "USERID" | "EXTERNALID";
};
type SyncUser = {
	/** The directory Id for this user. */
	directoryId?: string;
	/** The directory uuid for this user. */
	directoryUuid?: string;
	/** The searchBase Id for this user. */
	searchBaseId?: string;
	/** The outcome of the synchronization. */
	status: "CONVERTED" | "CREATED" | "DELETED" | "LOCALIZED_ENABLED" | "LOCALIZED_DISABLED" | "UPDATED";
	/** The user Id for this user. */
	userId: string;
	/** The uuid for this user. */
	uuid: string;
};
type UnsyncUserParms = {
	/** The id of the user to be unsynchronized.  The type of the id is specified by idType. */
	id: string;
	/** The type of the id identifying the user.  The value can be one of UUID (the user's internal UUID) or USERID (the user's userId). The value of EXTERNALID  is currently not supported.  If not specified, this defaults to USERID. */
	idType?: "UUID" | "USERID" | "EXTERNALID";
};
type SpIdentityProvider = {
	/** The client id of this tenant management. */
	clientId?: string;
	/** The default max age of this tenant management. */
	defaultMaxAge?: number;
	/** Whether this tenant management should display consent. */
	displayConsent?: boolean;
	/** Whether tenant management is enabled. */
	enabled: boolean;
	/** The initiate login URI of this tenant management. */
	initiateLoginUri?: string;
	/** The name of this tenant management. */
	name: string;
	/** The signing key of this tenant management. */
	signingKeyId?: string;
};
type SpIdentityProviderParms = {
	/** Whether an initial default resource rule accessible to all users should be created for this tenant management. This is only used if tenant management was previously disabled. If not set, it defaults to false. */
	createDefaultResourceRule?: boolean;
	/** The default max age of this tenant management. If not set, it is not used. */
	defaultMaxAge?: number;
	/** If an initial default resource rule is enabled, whether to disable SSO. This is only used if an initial default resource rule is being enabled. If not set, it defaults to false. */
	disableSSODefaultResourceRule?: boolean;
	/** Whether this tenant management should display consent. If not set, it defaults to false. */
	displayConsent?: boolean;
	/** Whether tenant management is enabled. */
	enabled: boolean;
	/** The signing key of this tenant management. */
	signingKeyId?: string;
};
type TokenParms = {
	/** When modifying unassigned tokens the list of UUIDs of groups to which the tokens will belong. If an empty list is provided, the unassigned token will not belong to any groups. */
	groups?: string[];
};
type ActivateCompleteParms = {
	/** The registration code displayed by the Mobile ST application needed to complete activation of the token. */
	registrationCode?: string;
};
type ActivateParms = {
	/** A flag indicating if Identity as a Service should send an activation email including the activation information to the end user. If not specified, this attribute defaults to false. */
	deliverActivationEmail?: boolean;
	/** A flag indicating if the QR code for offline activation is returned.  The link encoded in the QR code is always returned for clients that want to encode their own QR code.  If not specified, this attribute defaults to false. */
	returnQRCode?: boolean;
	/** The Base32-encoded secret of the token. If provided, IDaaS will use this value as the token seed and activate the token. This value is only supported for Google Authenticator. Value must contain at least 10 bytes and must not exceed 64 bytes. */
	secret?: string;
	/** The list of activation types that will be performed.  Allowed values are: CLASSIC (return activation values that must be manually entered into the mobile application), ONLINE (return a link that when clicked will launch the mobile application) and OFFLINE (return a QR code that can be scanned by the mobile application).  If no values are specified in the list, then all activation types are performed. */
	"type"?: ("CLASSIC" | "ONLINE" | "OFFLINE")[];
};
type ActivateResult = {
	/** The activation address for the token.  This value should be entered into the Mobile ST application if you want to perform manual activaiton. */
	activationAddress?: string;
	/** The activation code for the token.  This value should be entered into the Mobile ST application if you want to perform manual activation */
	activationCode?: string;
	/** The HTTP activation URL.  Clicking on this URL on your mobile device will redirect you to the Mobile ST application to perform activation. */
	activationOnlineHttpURL?: string;
	/** The application specific activation URL.  Clicking on this URL on your mobile device will launch the Mobile ST application to perform activation. */
	activationOnlineURL?: string;
	/** If the Mobile ST prompts you to enter an activation password during activation, this attribute is the password you must enter. */
	activationPassword?: string;
	/** The base-64 encoded activation QR code.  This QR code can be scanned by the Mobile ST application to perform activation. */
	activationQRCode?: string;
	/** The URL encoded in the activation QR code. */
	activationURL?: string;
	/** The serial number of the token. */
	serialNumber?: string;
};
type AssignParms = {
	/** When the assign operation is not being performed by an administrator, a token response from the token being assigned must be provided. */
	response?: string;
	/** When assigning a token to a known user, this argument specifies the serial number of the token being assigned. */
	serialNumber?: string;
	/** When assigning a token to a user this attribute optionally specifies the type of token to be assigned. It can be a value of OATH_PHYSICAL_TOKEN or ENTRUST_LEGACY_TOKEN. This attribute is only required if the serial number is not unique. */
	tokenType?: string;
	/** When assigning a known token to a user, this argument specifies the user Id or user alias of the user to which the token will be assigned. */
	userId?: string;
};
type AssignedTokenParms = {
	/** Optional label to identify an assigned token: a String up to 100 characters. */
	label?: string;
};
type ChangeStateParms = {
	/** The new state of the token.  The state can be changed from ACTIVE to INACTIVE or INACTIVE to ACTIVE. */
	state: "NEW" | "ACTIVATING" | "ACTIVE" | "INACTIVE" | "UNASSIGNED";
};
type ResetParms = {
	/** An optional token response used to reset the token. */
	response?: string;
};
type UnlockParms = {
	/** The unlock challenge generated by the token when it is locked. */
	unlockChallenge: string;
};
type UnlockResult = {
	/** The unlock code generated by the service in response to the unlock challenge. This value should be entered into the token to complete the unlock. */
	unlockCode: string;
};
type TransactionRuleDescription = {
	/** The description of this transaction rule. */
	description: string;
	/** The UUID of this transaction rule. */
	id: string;
	/** The name of this transaction rule. */
	name: string;
};
type UserAttributeParms = {
	/** A flag indicating if users must have a value for this user attribute. If not specified when creating a user attribute if defaults to false. */
	mandatory?: boolean;
	/** The name of this user attribute. This must be specified when creating a user attribute. */
	name?: string;
	/** Type of user attribute. */
	"type"?: "NONE" | "OTP_EMAIL" | "OTP_SMS" | "OTP_VOICE" | "OTP_WECHAT" | "OTP_WHATSAPP";
	/** A flag indicating if this attribute is intended to be unique. If not specified when creating a user attribute it defaults to false. */
	"unique"?: boolean;
};
type UserQuestion = {
	/** The question's answer. */
	answer?: string;
	/** The UUID of the KBA question/answer. */
	id?: string;
	/** The question. */
	question?: string;
};
type UserChangeStateParms = {
	/** The new state of the user. */
	state?: "ACTIVE" | "INACTIVE";
};
type ExpectedLocation = {
	/** The city name--always returned in upper-case. */
	city?: string;
	/** A two-character (alpha-2) ISO 3166-1  country code. */
	countryCode?: string;
	/** The UUID of this expected location. */
	id?: string;
	/** The IPv4 Address. */
	ipAddress?: string;
	/** The ISP name--always returned in upper-case. */
	isp?: string;
	/** Whether the IP provided is a private IP Address.  The value is ignored when adding an ExpectedLocation. It is returned when getting ExpectedLocations if the location has an IP address defined */
	privateIpAddress?: boolean;
};
type UserExpectedLocations = {
	/** The list of expected locations stored for this user. */
	expectedLocations: ExpectedLocation[];
	/** The maximum number of expected locations that can be stored for this user. */
	maximumExpectedLocations: number;
};
type FaceUpdateParms = {
	/** Date the authenticator will expire. */
	expiry?: string;
	/** The ID of the authenticator to update. */
	id?: string;
	/** The status of the authenticator. */
	status?: "ACTIVATING" | "ACTIVE" | "FAILED" | "EXPIRED" | "REVIEW" | "DISABLED" | "NEW";
};
type FaceEncryptedToken = {
	/** Unique identifier for the user. Used to associate the encrypted biometric token with a specific user in Onfido. */
	customerUserId: string;
	/** Base64-encoded string containing the encrypted biometric token generated by Onfido after successful user verification. */
	encryptedBiometricToken: string;
};
type FaceCreateParms = {
	/** The Onfido applicant UUID. Used to link the Face Biometric to the correct applicant. Applicable for server stored biometric web flows. */
	applicantId?: string;
	/** If set to true, an activation email will be sent to the user. Applicable only for mobile flows. */
	deliverActivationEmail?: boolean;
	encryptedBiometricToken?: FaceEncryptedToken;
	/** If set to true, the response will include a QR code for activation. Applicable only for mobile flows. */
	returnQRCode?: boolean;
	/** The Onfido workflow run UUID. Used to link the Face Biometric to the correct workflow run. Applicable for server stored biometric web flows. */
	workflowRunId?: string;
};
type FaceAuthenticator = {
	/** The ID of the applicant in Onfido. */
	applicantId?: string;
	/** Date the authenticator was created. */
	created?: string;
	/** Date the authenticator will expire. */
	expiry?: string;
	/** The ID of the Face Biometric. */
	id?: string;
	/** Date the authenticator was last used. */
	lastUsed?: string;
	/** If the authenticator was registered on mobile. */
	mobile?: boolean;
	/** The mobile device platform on which a Face Biometric was registered. */
	platform?: string;
	/** The serial number of the Face Biometric. */
	serialNumber?: string;
	/** The status of the authenticator. */
	status?: "ACTIVATING" | "ACTIVE" | "FAILED" | "EXPIRED" | "REVIEW" | "DISABLED" | "NEW";
};
type UserPassword = {
	/** Indicates if the user's password has been found in a data breach. */
	compromised?: boolean;
	/** The date at which the next password expiry notification will be sent. */
	expiryNotificationDate?: string;
	/** The date at which the password will expire. */
	expiryTime?: string;
	/** Indicates if the user will be forced to change their password the next time the user authenticates with it. */
	forceUpdate?: boolean;
	/** The ID of the user password. */
	id?: string;
	/** The last time the password was changed. */
	lastChangedTime?: string;
	/** The date and time of the last Have I Been Pwned api call performed on this password. */
	lastCompromisedCheckTime?: string;
	/** The named password associated to the user. */
	namedPasswordId?: string;
	/** The value of the new password generated by IDaaS if requested by the client. */
	newPassword?: string;
	/** A flag that indicates if the user has a password. */
	present?: boolean;
};
type UserMachineAuthenticator = {
	/** When this machine secret expires in UTC time */
	expiryTime?: string;
	/** Identifies the device/machine */
	id: string;
	/** Identifies the device/machine from the end-user point of view */
	label: string;
	/** When this machine secret was last used */
	lastUsedTime?: string;
	/** When this machine secret was created in UTC time */
	registrationTime: string;
};
type MachineAuthenticatorRegistration = {
	/** The device fingerprint. It must be a valid fingerprint as produced by Entrust SDK. */
	fingerprint?: string;
	/** Identifies the device/machine from the end-user point of view. */
	label: string;
};
type MachineAuthenticator = {
	/** The device fingerprint if it's required during Machine authentication. It will always be null when returned from IDaaS as part of the response body. */
	fingerprint?: string;
	/** machineNonce */
	machineNonce?: string;
	/** sequenceNonce */
	sequenceNonce?: string;
};
type MachineAuthenticatorRegistrationResult = {
	machineAuthenticator?: MachineAuthenticator;
	userMachineAuthenticator?: UserMachineAuthenticator;
};
type MagicLink = {
	/** The date and time the Magic Link was created. */
	created?: string;
	/** The email address the Magic Link was delivered to. */
	email?: string;
	/** The date and time the Magic Link will expire. */
	expiry?: string;
	/** The redirect URL to be used after the Magic Link is clicked. */
	redirectUrl?: string;
	/** The type of Magic Link that was sent. */
	"type"?: string;
};
type MagicLinkCreateParms = {
	/** Automatically send the Magic Link if the user has a default email or one is specified that matches a configured email. */
	autoSend?: boolean;
	/** The email to send the Magic Link to if it exists. */
	email?: string;
	/** Automatically redirect the user to an external URL after completing registration or password reset. The URL must match one of the allowed URLs. */
	redirectUrl?: string;
	/** The type of magic link to create. If not specified, defaults to REGISTRATION. */
	"type"?: string;
};
type MagicLinkResponse = {
	/** Expiry date of the Magic Link. */
	expiryDate?: string;
	/** The generated Magic Link. This value will only be returned if the administrator has the MAGICLINKCONTENTS:VIEW permission and autoSend is set to false. */
	url?: string;
};
type UserOrganizationParms = {
	/** A list of organization UUIDs to be assigned to this user.  If specified, these organizations replace existing organizations. */
	organizations?: string[];
};
type UserPasswordValidationParms = {
	/** If set to true, existing password history is ignored. */
	ignorePasswordHistory?: boolean;
	/** The ID of the named password. */
	namedPasswordId?: string;
	/** New password value that needs to be validated.  */
	password?: string;
};
type UserPasswordStrength = {
	/** Evaluated password strength score. <br><br> 0:very weak | 1:weak | 2:average | 3:good | 4:strong */
	score?: number;
	/** Suggestions on how the password strength can be improved. */
	suggestions?: string[];
};
type UserPasswordValidationResponse = {
	/** True if password meets the active directory complexity requirements. */
	adComplexity?: boolean;
	/** True if password meets the userId requirements. Password must not contain user alias. */
	alias?: boolean;
	/** True if password meets the alpha numeric requirements. */
	alphaNumeric?: boolean;
	/** True if password does not contain a blacklisted password. */
	blacklisted?: boolean;
	/** Type of the directory the user is associated with, ON_PREM, AZURE or AD Connector. */
	directoryType?: "ON_PREM" | "AZURE" | "AD_CONNECTOR";
	/** True if password meets the full name requirements. Full Name must not be in the password. */
	fullName?: boolean;
	/** True if password meets the length requirements. */
	length?: boolean;
	/** True if password meets the lower case requirements. */
	lowerCase?: boolean;
	/** List of validations that cannot be determined mostly due to user is AD managed. */
	nondeterministicValidations?: string[];
	/** True if password meets the numeric requirements. */
	numeric?: boolean;
	/** True if password does not match the history if enabled. */
	passwordHistory?: boolean;
	/** True if password meets the repeated characters requirements. */
	repeatedCharacters?: boolean;
	/** True if password meets the minimum strength requirements. */
	strength?: boolean;
	/** True if password meets the upper case requirements. */
	upperCase?: boolean;
	/** True if password meets the userId requirements. Password must not contain userId. */
	userID?: boolean;
	userPasswordStrength?: UserPasswordStrength;
};
type UserPasswordParms = {
	/** If set to true, this flag indicates existing password history is cleared before the new password is created. */
	clearPasswordHistory?: boolean;
	/** A value for the current password when changing the AD-User password.  */
	currentPassword?: string;
	/** A flag indicating whether to email a new password to the user.  It defaults to true. */
	emailPassword?: boolean;
	/** The date at which the password will expire. */
	expiryTime?: string;
	/** If set to true, this value indicates the user will be forced to change their password upon next password authentication. */
	forceUpdate?: boolean;
	/** A flag indicating whether a new random password is generated. It defaults to false. */
	generatePassword?: boolean;
	/** The ID of the named password. */
	namedPasswordId?: string;
	/** A value for the new password when setting the user password. This value is ignored if generatePassword is set to true. */
	password?: string;
	/** Define the password format of new password, it's BCRYPT when importing BCrypted password, it's GETACCESS when importing GetAccess password,it defaults to CLEARTEXT if not provided.When passwordFormat is BCRYPT or GETACCESS, the following restrictions must be enforced:<ul><li>1.the user must be an IDaaS local user.</li><li>2.currentPassword must be null.</li><li>3.generatePassword must be false.</li><li>4.emailPassword must be false.</li><li>5.returnPassword must be false.</li></ul> */
	passwordFormat?: "CLEARTEXT" | "BCRYPT" | "GETACCESS";
	/** A flag indicating if a password generated by IDaaS should be returned to the caller. This flag is ignored  if the password is passed from the client.  It defaults to false. */
	returnPassword?: boolean;
};
type UserFaceSettings = {
	/** The lifetime of the authenticator in days. */
	lifetime: number;
};
type UserPasswordSettings = {
	/** A boolean flag indication if adComplexity is enabled. */
	adComplexity?: boolean;
	/** Specifies if an lowercase character is required, allowed or not allowed in the password. */
	includeLowercase?: "REQUIRED" | "ALLOWED" | "NOT_ALLOWED";
	/** Specifies if non-alphanumeric character is required, allowed or not allowed in the password. */
	includeNonalphanumeric?: "REQUIRED" | "ALLOWED" | "NOT_ALLOWED";
	/** Specifies if a numeric character is required, allowed or not allowed in the password. */
	includeNumber?: "REQUIRED" | "ALLOWED" | "NOT_ALLOWED";
	/** Specifies if an uppercase character is required, allowed or not allowed in the password. */
	includeUppercase?: "REQUIRED" | "ALLOWED" | "NOT_ALLOWED";
	/** The lifetime of the password in days. */
	lifetimeDays?: number;
	/** The maximum length of the password. */
	maximumLength?: number;
	/** Maximum number of repeated characters allowed */
	maximumRepeated?: number;
	/** The minimum length of the password. */
	minimumLength?: number;
	/** The minimum lifetime of the password restricting how frequently the password can be changed. */
	minimumLifetime?: number;
	/** Minimum password strength. Password set/update will be rejected, if strength of the password is less than this value. 0: Disabled, 1: Weak protection from throttled online attacks: very guessable, 3: Good protection from offline attacks: safely unguessable, 4: Strong protection from offline attacks: very unguessable */
	minimumStrength?: number;
	/** Indicates whether the named password policy is enabled for the user. */
	namedPasswordEnabled?: boolean;
	/** The ID of the named password. */
	namedPasswordId?: string;
	/** Number of lower case characters required. */
	numberOfLowercaseRequired?: number;
	/** Required number of non alpha numeric characters required. */
	numberOfNonalphanumericRequired?: number;
	/** Number of numeric characters required. */
	numberOfNumericRequired?: number;
	/** Number of upper case characters required. */
	numberOfUppercaseRequired?: number;
	/** Size of password history for a user. */
	passwordHistorySize?: number;
};
type TempAccessCode = {
	/** The actual temporary access code.  This value will only be returned if the administrator has the TEMPACCESSCODECONTENTS:VIEW permission. */
	code?: string;
	/** The date on which this temporary access code was created. */
	createDate?: string;
	/** A flag indicating if this temporary access code is expired now. */
	expired?: boolean;
	/** The expiry date of this temporary access code.  If not set, it never expires. */
	expiryDate?: string;
	/** The unique UUID assigned to the temporary access code when it is created. */
	id?: string;
	/** The maximum number of times this temporary access code can be used.  If not set, there are no limits. */
	maxUses?: number;
	/** The number of times this temporary access code has been used. */
	numUses?: number;
};
type TokenCreateParms = {
	activateParms?: ActivateParms;
};
type UserLocation = {
	/** The city name--always returned in upper-case. */
	city?: string;
	/** A two-character (alpha-2) ISO 3166-1  country code. */
	countryCode?: string;
	/** The date this user location will expire. */
	expiryDate?: string;
	/** The UUID of the user location. */
	id: string;
	/** The IPv4 Address. */
	ipAddress?: string;
	/**  The ISP name--always returned in upper-case. */
	isp?: string;
	/** The time of the last authentication from this location. */
	lastAuthenticationTime: string;
	/** The latitude. */
	latitude?: number;
	/** The longitude. */
	longitude?: number;
	/** The number of times this location was used during authentication. */
	numberOfAuthentications: number;
	/** Whether the IP provided is a private IP Address. */
	privateIpAddress?: boolean;
};
type KnowledgeBasedAuthenticator = {
	/** The maximum number of questions a user can answer for KBA. If zero, then KBA is disabled. This value is not used when adding or updating a KBA. If provided, it will be ignored. */
	maximumNumberOfQuestions?: number;
	/** The maximum number of characters in an answer. This value is not used when adding or updating a KBA. If provided, it will be ignored. */
	maximumResponseSize?: number;
	/** The minimum number of questions a user must answer to perform KBA. Defaults to the maximum Q&A challenge size setting. This value is not used when adding or updating a KBA. If provided, it will be ignored. */
	minimumNumberOfQuestions?: number;
	/** The list of question/answer pairs stored for a user. This is the only attribute required when adding or updating a KBA. */
	userQuestions: UserQuestion[];
};
type UserRbaSettings = {
	/** A flag indicating if the IP address is considered when checking to see if two locations are the same. */
	locationHistoryIpCheckRequired?: boolean;
	/** The maximum number of user locations stored in location history. */
	maximumLocationHistory?: number;
	/** A flag indicating if a velocity check is performed when checking the current location against location history. */
	velocityCheckRequired?: boolean;
};
type WebhookEvent = {
	/** Subset of resource, or group IDs of the webhook event. All resources are selected by default if this parameter is not specified. */
	filter?: string;
	/** The ID of the webhook event. This value is not needed when creating/updating a webhook. */
	id?: string;
	/** The event type set to trigger the webhook. */
	"type": "user.created" | "user.updated" | "user.deleted" | "user.registration.completed" | "authentication.succeeded" | "authentication.failed" | "password.updated" | "magiclink.email.sent" | "grid.created" | "grid.email.sent" | "grid.password.email.sent" | "passkey.created" | "passkey.updated" | "passkey.deleted" | "kba.question.created" | "token.created" | "token.activated" | "token.activated.online" | "token.seed.rotated" | "hardware.token.assigned" | "face.biometric.created" | "credential.create" | "credential.update" | "credential.delete" | "credential.print";
};
type Webhook = {
	/** HTTPS endpoint URL where webhook event notifications will be sent. Must be a valid HTTPS URL. */
	callbackUrl: string;
	/** Indicates whether the webhook is active and will receive event notifications. Disabled webhooks will not receive any events. */
	enabled: boolean;
	/** List of event types that will trigger this webhook. If not specified, all available events will be sent. */
	events?: WebhookEvent[];
	/** Indicates whether the webhook has passed its expiry date and is no longer active. */
	expired?: boolean;
	/** Timestamp indicating when the webhook will automatically expire and stop receiving events. Null indicates no expiration. */
	expiryDate?: string;
	/** Unique identifier for the webhook. This value is automatically generated upon webhook creation and cannot be modified. */
	id: string;
	/** Descriptive name for the webhook to help identify its purpose. */
	name?: string;
	/** Secure authentication token used to verify webhook request authenticity. Use this token to validate incoming webhook requests. */
	token?: string;
};
type WebhookParms = {
	/** HTTPS endpoint URL where webhook event notifications will be sent. Must be a valid HTTPS URL. */
	callbackUrl: string;
	/** Indicates whether the webhook is active and will receive event notifications. Disabled webhooks will not receive any events. */
	enabled?: boolean;
	/** List of event types that will trigger this webhook. If not specified, all available events will be sent. */
	events: WebhookEvent[];
	/** How long to keep the webhook alive for <b>(in days)</b>. Value of 0 means no expiration. Once a webhook has reached expiry, it will be marked as <b>disabled</b>. This parameter is optional and is not set by default. */
	expiry?: number;
	/** Descriptive name for the webhook to help identify its purpose. */
	name: string;
};
type WebhookTestParms = {
	/** Optional callback URL to use for this test request instead of the webhook's configured callback URL. Must be a valid URL. */
	callbackUrl?: string;
};
type ResourceRuleNameId = {
	/** The unique UUID assigned to the resource rule when it is created. */
	id: string;
	/** The name of the resource rule. */
	name: string;
};
type ApplicationResourceRule = {
	/** The UUID of the application. */
	id?: string;
	/** The name of the application. */
	name?: string;
	/** List of resource rules associated to this application. */
	resourceRules: ResourceRuleNameId[];
};
type LoginFlow = {
	/** Whether the login flow is enabled or not. */
	enabled: boolean;
	/** Identifies the login flow type. */
	loginFlowType: "USER_LOGIN" | "SMART_LOGIN" | "IDP_LOGIN" | "PASSKEY_LOGIN" | "USER_CERTIFICATE_LOGIN";
};
type OtpPreferenceDetails = {
	/** A list of uuids of the otp contact attributes in order which indicates the OTP contacts preference. */
	contactAttributes?: string[];
	/** Indicates the type of the otp preference details. */
	"type": "EMAIL" | "SMS" | "VOICE" | "WECHAT" | "WHATSAPP" | "NONE";
};
type AuthenticationFlow = {
	/** List of applications using this authentication flow. */
	applications?: ApplicationResourceRule[];
	/** The unique UUID assigned to the authentication flow when it is created. */
	id: string;
	/** The identity providers, both OIDC and SAML, supported when the IDP login flow is enabled--limited info is returned. This parameter should be used instead of oidcIdentityProviders. */
	identityProviders?: IdentityProvider[];
	/** A flag indicating whether the authentication flow uses the tenant's default IDP. When true, domain-based IDPs are not supported. */
	idpDefault?: boolean;
	/** A flag indicating if the authentication flow will be using domain-based IDPs. */
	idpDomainBased?: boolean;
	/** The authenticator type to use during in the second step of a two-step authentication scenario when the identity provider Login flow is enabled and requires a second factor. PASSTHROUGH is not supported. */
	idpLoginSecondStep?: ("NONE" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "USER_CERTIFICATE" | "SMARTCREDENTIALPUSH" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	/** List of login flows. */
	loginFlows: LoginFlow[];
	/** The name of the authentication flow. */
	name: string;
	/** The Named Password Id used for password authentication. */
	namedPasswordId?: string;
	/** The OIDC identity providers supported when the IDP login flow is enabled--limited info is returned. This parameter is deprecated, use identityProviders instead. */
	oidcIdentityProviders?: OidcIdentityProvider[];
	/** The order preference to use for OTP delivery. */
	otpDeliveryPreference?: OtpPreferenceDetails[];
	/** A flag indicating if group based OTP policy can be overridden by the authentication flow OTP policy. */
	overrideOtpContacts?: boolean;
	/** A flag indicating if the authentication flow can be modified or deleted. */
	readOnly: boolean;
	/** The authenticator type to use in the first step of a two-step authentication scenario when the  User Login flow is enabled. */
	userLoginFirstStep?: "NONE" | "EXTERNAL" | "PASSWORD" | "KBA" | "OTP" | "TOKEN" | "TOKENPUSH" | "SMARTCREDENTIALPUSH" | "IDP" | "PASSKEY" | "SMART_LOGIN" | "USER_CERTIFICATE" | "FACE" | "DENY" | "MAGICLINK";
	/** The authenticator type to use during in the second step of a two-step authentication scenario when the User Login flow is enabled. */
	userLoginSecondStep?: ("NONE" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "USER_CERTIFICATE" | "SMARTCREDENTIALPUSH" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
};
type AuthenticationFlowParms = {
	/** The UUIDs of the identity providers, both OIDC and SAML, supported when the IDP login flow is enabled--at least one is required. This parameter should be used instead of oidcIdentityProviderIds. */
	identityProviderIds?: string[];
	/** A flag indicating whether the authentication flow uses the tenant's default IDP. When true, domain-based IDPs are not supported. */
	idpDefault?: boolean;
	/** A flag indicating if the authentication flow will be using domain-based IDPs. */
	idpDomainBased?: boolean;
	/** The authenticator type to use during in the second step of a two-step authentication scenario when the identity provider Login flow is enabled and requires a second factor. PASSTHROUGH is not supported. */
	idpLoginSecondStep?: ("NONE" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "USER_CERTIFICATE" | "SMARTCREDENTIALPUSH" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	/** List of enabled login flows--at least one must be enabled. If a login flow is not provided, then it's treated as disabled. Enabled login flows must be supported by the account entitlement. */
	loginFlows: LoginFlow[];
	/** The name of the authentication flow. */
	name?: string;
	/** The Named Password Id used for password authentication. */
	namedPasswordId?: string;
	/** The UUIDs of the OIDC identity providers supported when the IDP login flow is enabled--at least one is required. This parameter is deprecated, use identityProviderIds instead. */
	oidcIdentityProviderIds?: string[];
	/** Indicates the otp delivery preference in order. */
	otpDeliveryPreference?: OtpPreferenceDetails[];
	/** A flag indicating if group based OTP policy can be overridden by the authentication flow. */
	overrideOtpContacts?: boolean;
	/** The authenticator type to use in the first step of a two-step authentication scenario when the  User Login flow is enabled. */
	userLoginFirstStep?: "NONE" | "EXTERNAL" | "PASSWORD" | "KBA" | "OTP" | "TOKEN" | "TOKENPUSH" | "SMARTCREDENTIALPUSH" | "IDP" | "PASSKEY" | "SMART_LOGIN" | "USER_CERTIFICATE" | "FACE" | "DENY" | "MAGICLINK";
	/** The list of authenticator types to use in the second step of a two-step authentication scenario when the User Login flow is enabled. Use an empty array when none is required. */
	userLoginSecondStep?: ("NONE" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "USER_CERTIFICATE" | "SMARTCREDENTIALPUSH" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
};
type DeleteAuthenticationFlowResult = {
	/** Indicates if the authentication flow was deleted. */
	deleted: boolean;
	error?: ErrorInfo;
	/** List of resource rules using the authentication flow if the delete fails because the authentication flow is in use. It will be null in any other case. */
	resourceRules?: string[];
};
type GridParms = {
	/** When modifying unassigned grids the list of UUIDs of groups to which the grids will belong. If an empty list is provided, the unassigned grid will not belong to any groups. */
	groups?: string[];
};
type GridChangeStateParms = {
	/** The new state of the grid must be ACTIVE, INACTIVE, or CANCELED. The existing state of the grid must be ACTIVE, INACTIVE or PENDING */
	state?: "ACTIVE" | "INACTIVE" | "UNASSIGNED" | "PENDING" | "CANCELED";
};
type EntityAttribute = {
	/** The name of the attribute. */
	name?: string;
	/** The value of the attribute. */
	value?: string;
};
type ModifiedEntityAttribute = {
	/** The name of the attribute. */
	name?: string;
	/** The new value of the attribute. */
	newValue?: string;
	/** The old value of the attribute. */
	oldValue?: string;
};
type AuditDetails = {
	/** A  list of attributes when an entity is added or removed. */
	entityAttributes?: EntityAttribute[];
	/** List of tokens referencing event attributes that can be used in the audit message. */
	messageTokens?: string[];
	/** A  list of attributes when an entity is modified. */
	modifiedEntityAttributes?: ModifiedEntityAttribute[];
};
type AccountAuditEvent = {
	/** The UUID of the account containing this audit event. */
	accountId?: string;
	auditDetails?: AuditDetails;
	/** For a management event, the action that was performed. */
	entityAction?: string;
	/** For a management event, the UUID of the entity that was acted upon. */
	entityId?: string;
	/** For a management event, the name of the entity that was acted upon. */
	entityName?: string;
	/** For a management event, the entity type that was acted upon. */
	entityType?: string;
	/** The category of the event.  Values are AUTHENTICATION or MANAGEMENT. */
	eventCategory?: "AUTHENTICATION" | "MANAGEMENT" | "ISSUANCE";
	/** The outcome of the event.  Values are success or fail. */
	eventOutcome?: "SUCCESS" | "FAIL";
	/** The time of this event. */
	eventTime: string;
	/** The type of the event. */
	eventType?: string;
	/** Version information for future use. */
	eventVersion?: string;
	/** The UUID of this audit event. */
	id?: string;
	/** A message key describing the event. */
	message?: string;
	/** The permission used for a management event. */
	requiredPermission?: string;
	/** The UUID of the resource associated with the event.  For example the UUID of the application to which a user is authenticating. */
	resourceId?: string;
	/** The name of the resource. */
	resourceName?: string;
	/** A UUID of the service provider role used for a management event. */
	serviceProviderAdminRoleId?: string;
	/** The name of the service provider role. */
	serviceProviderAdminRoleName?: string;
	/** The IP address of the client performing this event. */
	sourceIp?: string;
	/** The UUID of the subject that performed this event.  For administration events the subject will be the administrator or administration API application that performed the event.  For authentication events the subject will be the user that performed the authentication. */
	subject?: string;
	/** The name of the subject that performed this event.  For users the value will be the user's user Id. For administration API applications, the value will be the application's name. */
	subjectName?: string;
	/** The type of the subject that performed this event.  Values are USER or ADMIN_API. */
	subjectType?: "USER" | "ADMIN_API" | "SERVICE_PROVIDER" | "AGENT";
	/** The UUID of the subscriber/site management role used for a management event. */
	subscriberAdminRoleId?: string;
	/** The name of the subscriber/site management role. */
	subscriberAdminRoleName?: string;
	/** Information about what authenticator was used for an authentication event. */
	token?: string;
};
type AuditEventPage = {
	paging?: Paging;
	/** A single page from the list of audit events found. */
	results: AccountAuditEvent[];
};
type DateTimeContext = {
	/** If true, the startDateTime and endDateTime define the allowed range. If false, the startDateTime and endDateTime define the denied range. */
	allowedDateTime?: boolean;
	/** If true, the startTime and endTime define the allowed time range. If false, the startTime and endTime define the denied time range. */
	allowedTime?: boolean;
	/** If true, the resource rule evaluating the context will return Access Denied. */
	denyAccess: boolean;
	/** If specifying a date range, the end date of the range. */
	endDateTime?: string;
	/** If specifying a time range, the end time of the range. The value should be of the form hh:mm:ss */
	endTime?: string;
	/** The number of risk points that apply if this context applies. */
	riskPoint: number;
	/** If specifying a date range, the start date of the range. */
	startDateTime?: string;
	/** If specifying a time range, the start time of the range. The value should be of the form hh:mm:ss */
	startTime?: string;
	/** If specifying a time range, the days of the week to which the time range will apply. */
	weekDays?: ("Mon" | "Tue" | "Wed" | "Thu" | "Fri" | "Sat" | "Sun")[];
	/** The time zone or fixed offset in which dates and times are interpreted. For example, a value like -05:00 to specify a fixed offset of 5 hours behind UTC, or a time zone ID like America/New_York to account for regional time zone rules, including daylight saving time. Set this value if you want to interpret times (e.g., 8 AM to 5 PM) in the customer's local time zone rather than the timezone of the service. If not specified, the default is Z (UTC). */
	zoneId?: string;
};
type DeviceCertificateContext = {
	/** If true, the resource rule evaluating the context will return Access Denied. */
	denyAccess: boolean;
	/** The number of risk points that apply if this context applies. */
	riskPoint: number;
};
type IpContext = {
	/** The UUID of an existing IP List that defines IPs that can access the resource. Risk applies if the given IP address is not found in the IP List. If specified, the allowed IP List takes precedence over the denied IP List. */
	allowedIpList?: string;
	/** List of IP Address ranges (in CIDR notation) that are allowed access the resource. Risk applies if the given IP address is not in one of the allowed IP ranges. If specified, the allowed IP values take precedence over the denied IP values. */
	allowedIpRanges?: string[];
	/** The UUID of an existing IP List that defines IPs that cannot access the resource. Risk applies if the given IP address is found in the IP List. The denied IP List is ignored if an allowed IP List is specified. */
	deniedIpList?: string;
	/** List of IP Address ranges (in CIDR notation) that cannot access the resource. Risk applies if the given IP address is in one of the denied IP ranges. The denied IP values are ignored if allowed IP ranges are specified. */
	deniedIpRanges?: string[];
	/** If true, the resource rule evaluating the context will return Access Denied. */
	denyAccess: boolean;
	/** The number of risk points that apply if this context applies. */
	riskPoint: number;
	/** The type of IpContext. If not specified, this value defaults to CUSTOM. */
	"type"?: "CUSTOM" | "IPLIST";
};
type KbaContext = {
	/** Number of questions that the user must answer. If not provided, the default QA challenge size in the KBA settings is used. */
	challengeSize?: number;
	/** If true, the resource rule evaluating the context will return Access Denied. */
	denyAccess: boolean;
	/** Number of questions that the user could answer incorrectly and still be considered a valid response. If not provided, the default wrong answers allowed in the KBA settings is used. */
	wrongAnswersAllowed?: number;
};
type LocationContext = {
	/** If true, the list of countries defines allowed countries. If false, the list of countries defines denied countries. */
	allowed: boolean;
	/** If true, then allows anonymous/TOR IP addresses. If false, then denies anonymous/TOR IP addresses. */
	anonymousAllowed: boolean;
	/** List of country codes (ISO alpha-2) that can access(allowed=true) or not access (allowed=false). */
	countryCodes: string[];
	/** If true, the resource rule evaluating the context will return Access Denied. */
	denyAccess: boolean;
	/** The number of risk points that apply if this context applies. */
	riskPoint: number;
};
type LocationHistoryContext = {
	/** If true, the resource rule evaluating the context will return Access Denied. */
	denyAccess: boolean;
	/** The number of risk points that apply if this context applies. */
	riskPoint: number;
};
type MachineContext = {
	/** If true, the resource rule evaluating the context will return Access Denied. */
	denyAccess: boolean;
	/** The risk points apply if the machine authenticator risk is below or equal to this value. */
	riskLimit: number;
	/** The number of risk points that apply if this context applies. */
	riskPoint: number;
};
type TransactionRuleRisk = {
	/** The risk score that applies if this transaction rule is triggered. */
	riskScore: number;
	/** The id of the transaction rule associated with this risk definition. */
	transactionRuleId: string;
};
type TransactionContext = {
	/** If true, the resource rule evaluating the context will return Access Denied. */
	denyAccess: boolean;
	/** The name of this transaction context. */
	name: string;
	/** The risk points apply if the accumulated risk of each configured transaction rule is above this value. */
	riskLimit: number;
	/** The number of risk points that apply if this context applies. */
	riskPoint: number;
	/** The transaction rules associated with this context. */
	transactionRuleRisks: TransactionRuleRisk[];
};
type TravelVelocityContext = {
	/** If true, the resource rule evaluating the context will return Access Denied. */
	denyAccess: boolean;
	/** The number of risk points that apply if this context applies. */
	riskPoint: number;
};
type ResourceRule = {
	/** Identifies how the resource rule acr access filter operates. NA: The resource rule will apply to all requests. This is the default value. NONE: The resource rule will only apply if no acrs were requested. ANY: The resource rule will only apply if acrs were requested. SPECIFIC: The resource rule will only apply if acrs were requested and one of the requested acrs matches one from a specified list. */
	acrFilter?: "NA" | "NONE" | "ANY" | "SPECIFIC";
	/** The acrs associated with this resource rule if acrFilter is set to SPECIFIC. The resource rule will only apply if a requested acr is one of the specified acrs. */
	acrs?: Acr[];
	dateTimeContext?: DateTimeContext;
	/** The description of the resource rule. */
	description?: string;
	deviceCertificateContext?: DeviceCertificateContext;
	/** A flag indicating if single-sign on is disabled for this resource rule. */
	disableSSO: boolean;
	/** Identifies how the resource rule domain idp access filter operates. This is the default value. NA: The resource rule will apply to all requests. NONE: The resource rule will only apply if the user does not have a domain-based IDP. ANY: The resource rule will only apply if the user has a domain-based IDP. SPECIFIC: The resource rule will only apply if the user has a domain-based IDP and the user's domain matches one from a specified list. */
	domainIdpFilter?: "NA" | "NONE" | "ANY" | "SPECIFIC";
	/** The domain-based identity providers associated with this resource rule if domainIdpFilter is set to SPECIFIC. The resource rule will only apply to users using one of the specified domain-based identity providers. */
	domainIdps?: IdentityProvider[];
	/** A flag indicating if this resource rule is enabled or not.  Only enabled resource rules are considered during authentication. */
	enabled?: boolean;
	/** The groups associated with this resource rule. The resource rule only applies to users in one of the specified groups. A resource rule must specify at least one group which can be the default All Groups if you want the resource rule to apply to all users. */
	groups: Group[];
	highRiskAuthenticationFlow?: AuthenticationFlow;
	/** A flag indicating if Smart Login is enabled for High risk. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. */
	highRiskEnableSmartLogin?: boolean;
	/** The authenticator type to use in the first step of a two-step authentication scenario when the risk score is High. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. */
	highRiskFirstStep?: "NONE" | "EXTERNAL" | "PASSWORD" | "KBA" | "OTP" | "TOKEN" | "TOKENPUSH" | "SMARTCREDENTIALPUSH" | "IDP" | "PASSKEY" | "SMART_LOGIN" | "USER_CERTIFICATE" | "FACE" | "DENY" | "MAGICLINK";
	/** The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is High. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. */
	highRiskSecondStep?: ("NONE" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "USER_CERTIFICATE" | "SMARTCREDENTIALPUSH" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	/** The unique UUID assigned to the resource rule when it is created. */
	id?: string;
	ipContext?: IpContext;
	kbaContext?: KbaContext;
	locationContext?: LocationContext;
	locationHistoryContext?: LocationHistoryContext;
	lowRiskAuthenticationFlow?: AuthenticationFlow;
	/** A flag indicating if Smart Login is enabled for Low risk. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. */
	lowRiskEnableSmartLogin?: boolean;
	/** The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Low. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. */
	lowRiskFirstStep?: "NONE" | "EXTERNAL" | "PASSWORD" | "KBA" | "OTP" | "TOKEN" | "TOKENPUSH" | "SMARTCREDENTIALPUSH" | "IDP" | "PASSKEY" | "SMART_LOGIN" | "USER_CERTIFICATE" | "FACE" | "DENY" | "MAGICLINK";
	/** The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Low. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. */
	lowRiskSecondStep?: ("NONE" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "USER_CERTIFICATE" | "SMARTCREDENTIALPUSH" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	/** Risk scores below this value are considered Low risk. */
	lowRiskThreshold?: number;
	machineContext?: MachineContext;
	mediumRiskAuthenticationFlow?: AuthenticationFlow;
	/** A flag indicating if Smart Login is enabled for Medium risk. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. */
	mediumRiskEnableSmartLogin?: boolean;
	/** The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Medium. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. */
	mediumRiskFirstStep?: "NONE" | "EXTERNAL" | "PASSWORD" | "KBA" | "OTP" | "TOKEN" | "TOKENPUSH" | "SMARTCREDENTIALPUSH" | "IDP" | "PASSKEY" | "SMART_LOGIN" | "USER_CERTIFICATE" | "FACE" | "DENY" | "MAGICLINK";
	/** The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Medium. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. */
	mediumRiskSecondStep?: ("NONE" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "USER_CERTIFICATE" | "SMARTCREDENTIALPUSH" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	/** Risk scores below this value are considered Medium risk. Risk scores equal or greater than this value are considered High risk. */
	mediumRiskThreshold?: number;
	/** The name of the resource rule. */
	name: string;
	/** The UUID of the resource to which this resource rule is assigned. */
	resourceId?: string;
	/** The name of the resource to which this resource rule is assigned. */
	resourceName?: string;
	/** If risk engine rules are defined, the transaction contexts specify the levels at which risk is applied to the authentication request if the corresponding risk engine rules trigger risk. */
	riskEngineContexts?: TransactionContext[];
	/** A flag indicating if second factor can be skipped if the user does not exist and the first factor is EXTERNAL. */
	skipSecondFactorIfUserNotExist: boolean;
	/** A flag indicating if this resource rule enforces strict access. Strict access means that if this rule denies access, the user is denied access even if other resource rules allow access. */
	strictAccess: boolean;
	/** A flag indicating if this resource rule is associated with a system resource including the Admin and User portals. A resource rule for a system resource cannot be deleted.  They can only be disabled if there is at least one enabled resource rule for the resource. */
	systemResourceContext?: boolean;
	/** If transaction details are specified during an authentication request, the transaction contexts specify the levels at which risk is applied to the authentication request if the corresponding transaction rules trigger risk. A maximum of two are allowed. */
	transactionContexts?: TransactionContext[];
	travelVelocityContext?: TravelVelocityContext;
};
type ResourceRuleRead = {
	/** Identifies how the resource rule acr access filter operates. NA: The resource rule will apply to all requests. This is the default value. NONE: The resource rule will only apply if no acrs were requested. ANY: The resource rule will only apply if acrs were requested. SPECIFIC: The resource rule will only apply if acrs were requested and one of the requested acrs matches one from a specified list. */
	acrFilter?: "NA" | "NONE" | "ANY" | "SPECIFIC";
	/** The acrs associated with this resource rule if acrFilter is set to SPECIFIC. The resource rule will only apply if a requested acr is one of the specified acrs. */
	acrs?: Acr[];
	/** The resource rules API version used to create or last update this resource rule. If the resource rule is at version 2, then it cannot be updated using a version 1 API. */
	apiVersion?: 1 | 2;
	dateTimeContext?: DateTimeContext;
	/** The description of the resource rule. */
	description?: string;
	deviceCertificateContext?: DeviceCertificateContext;
	/** A flag indicating if single-sign on is disabled for this resource rule. */
	disableSSO: boolean;
	/** Identifies how the resource rule domain idp access filter operates. This is the default value. NA: The resource rule will apply to all requests. NONE: The resource rule will only apply if the user does not have a domain-based IDP. ANY: The resource rule will only apply if the user has a domain-based IDP. SPECIFIC: The resource rule will only apply if the user has a domain-based IDP and the user's domain matches one from a specified list. */
	domainIdpFilter?: "NA" | "NONE" | "ANY" | "SPECIFIC";
	/** The domain-based identity providers associated with this resource rule if domainIdpFilter is set to SPECIFIC. The resource rule will only apply to users using one of the specified domain-based identity providers. */
	domainIdps?: IdentityProvider[];
	/** A flag indicating if this resource rule is enabled or not.  Only enabled resource rules are considered during authentication. */
	enabled?: boolean;
	/** The groups associated with this resource rule. The resource rule only applies to users in one of the specified groups. A resource rule must specify at least one group which can be the default All Groups if you want the resource rule to apply to all users. */
	groups: Group[];
	highRiskAuthenticationFlow?: AuthenticationFlow;
	/** A flag indicating if Smart Login is enabled for High risk. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. */
	highRiskEnableSmartLogin?: boolean;
	/** The authenticator type to use in the first step of a two-step authentication scenario when the risk score is High. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. */
	highRiskFirstStep?: "NONE" | "EXTERNAL" | "PASSWORD" | "KBA" | "OTP" | "TOKEN" | "TOKENPUSH" | "SMARTCREDENTIALPUSH" | "IDP" | "PASSKEY" | "SMART_LOGIN" | "USER_CERTIFICATE" | "FACE" | "DENY" | "MAGICLINK";
	/** The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is High. This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. */
	highRiskSecondStep?: ("NONE" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "USER_CERTIFICATE" | "SMARTCREDENTIALPUSH" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	/** The unique UUID assigned to the resource rule when it is created. */
	id?: string;
	ipContext?: IpContext;
	kbaContext?: KbaContext;
	locationContext?: LocationContext;
	locationHistoryContext?: LocationHistoryContext;
	lowRiskAuthenticationFlow?: AuthenticationFlow;
	/** A flag indicating if Smart Login is enabled for Low risk. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. */
	lowRiskEnableSmartLogin?: boolean;
	/** The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Low. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. */
	lowRiskFirstStep?: "NONE" | "EXTERNAL" | "PASSWORD" | "KBA" | "OTP" | "TOKEN" | "TOKENPUSH" | "SMARTCREDENTIALPUSH" | "IDP" | "PASSKEY" | "SMART_LOGIN" | "USER_CERTIFICATE" | "FACE" | "DENY" | "MAGICLINK";
	/** The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Low. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. */
	lowRiskSecondStep?: ("NONE" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "USER_CERTIFICATE" | "SMARTCREDENTIALPUSH" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	/** Risk scores below this value are considered Low risk. */
	lowRiskThreshold?: number;
	machineContext?: MachineContext;
	mediumRiskAuthenticationFlow?: AuthenticationFlow;
	/** A flag indicating if Smart Login is enabled for Medium risk. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. */
	mediumRiskEnableSmartLogin?: boolean;
	/** The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Medium. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. */
	mediumRiskFirstStep?: "NONE" | "EXTERNAL" | "PASSWORD" | "KBA" | "OTP" | "TOKEN" | "TOKENPUSH" | "SMARTCREDENTIALPUSH" | "IDP" | "PASSKEY" | "SMART_LOGIN" | "USER_CERTIFICATE" | "FACE" | "DENY" | "MAGICLINK";
	/** The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Medium. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. */
	mediumRiskSecondStep?: ("NONE" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "USER_CERTIFICATE" | "SMARTCREDENTIALPUSH" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	/** Risk scores below this value are considered Medium risk. Risk scores equal or greater than this value are considered High risk. */
	mediumRiskThreshold?: number;
	/** The name of the resource rule. */
	name: string;
	/** The UUID of the resource to which this resource rule is assigned. */
	resourceId?: string;
	/** The name of the resource to which this resource rule is assigned. */
	resourceName?: string;
	/** If risk engine rules are defined, the transaction contexts specify the levels at which risk is applied to the authentication request if the corresponding risk engine rules trigger risk. */
	riskEngineContexts?: TransactionContext[];
	/** A flag indicating if second factor can be skipped if the user does not exist and the first factor is EXTERNAL. */
	skipSecondFactorIfUserNotExist: boolean;
	/** A flag indicating if this resource rule enforces strict access. Strict access means that if this rule denies access, the user is denied access even if other resource rules allow access. */
	strictAccess: boolean;
	/** A flag indicating if this resource rule is associated with a system resource including the Admin and User portals. A resource rule for a system resource cannot be deleted.  They can only be disabled if there is at least one enabled resource rule for the resource. */
	systemResourceContext?: boolean;
	/** If transaction details are specified during an authentication request, the transaction contexts specify the levels at which risk is applied to the authentication request if the corresponding transaction rules trigger risk. A maximum of two are allowed. */
	transactionContexts?: TransactionContext[];
	travelVelocityContext?: TravelVelocityContext;
};
type ResourceRuleParms = {
	/** Identifies how the resource rule acr access filter operates. NA: The resource rule will apply to all requests. This is the default value. NONE: The resource rule will only apply if no acrs were requested. ANY: The resource rule will only apply if acrs were requested. SPECIFIC: The resource rule will only apply if acrs were requested and one of the requested acrs matches one from a specified list. */
	acrFilter?: "NA" | "NONE" | "ANY" | "SPECIFIC";
	/** The UUIDs of acrs associated with this resource rule if acrFilter is set to SPECIFIC. The resource rule will only apply if a requested acr is one of the specified acrs. If acrFilter is set to SPECIFIC, at least one acrId should be specified otherwise the resource rule will never apply. */
	acrIds?: string[];
	dateTimeContext?: DateTimeContext;
	/** The description of the resource rule. */
	description?: string;
	deviceCertificateContext?: DeviceCertificateContext;
	/** A flag indicating if single-sign on is disabled for this resource rule. */
	disableSSO?: boolean;
	/** Identifies how the resource rule domain idp access filter operates. This is the default value. NA: The resource rule will apply to all requests. NONE: The resource rule will only apply if the user does not have a domain-based IDP. ANY: The resource rule will only apply if the user has a domain-based IDP. SPECIFIC: The resource rule will only apply if the user has a domain-based IDP and the user's domain matches one from a specified list. */
	domainIdpFilter?: "NA" | "NONE" | "ANY" | "SPECIFIC";
	/** The UUIDs of domain-based identity providers associated with this resource rule if domainIdpFilter is set to SPECIFIC. The resource rule will only apply to users using one of the specified domain-based identity providers. If domainIdpFilter is set to SPECIFIC, at least one domainIdpId should be specified otherwise the resource rule will never apply. */
	domainIdpIds?: string[];
	/** A flag indicating if this resource rule is enabled or not.  Only enabled resource rules are considered during authentication. */
	enabled?: boolean;
	/** The UUIDs of groups associated with this resource rule. The resource rule will only apply to users in one of the specified groups. When creating a resource rule, if no groupsIds are specified, the resource rule will apply to all users. */
	groupIds?: string[];
	/** The groups associated with this resource rule. The resource rule only applies to users in one of the specified groups. If no groups are specified, the resource rule applies to all users.  This attribute is ignored if the groupIds attribute is specified. The groupIds attribute should be used instead. */
	groups?: Group[];
	/** The UUID of the authentication flow to use when the risk score is High. Required with v2 APIs. */
	highRiskAuthenticationFlow?: string;
	/** A flag indicating if Smart Login is enabled for High risk.This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. */
	highRiskEnableSmartLogin?: boolean;
	/** The authenticator type to use in the first step of a two-step authentication scenario when the risk score is High. Only the values NONE, EXTERNAL, PASSWORD or DENY should be used for highRiskFirstStep. Other values are defined for backwards compatibility. Some values are not supported by all application types.This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. */
	highRiskFirstStep?: "NONE" | "EXTERNAL" | "PASSWORD" | "KBA" | "OTP" | "TOKEN" | "TOKENPUSH" | "SMARTCREDENTIALPUSH" | "IDP" | "PASSKEY" | "SMART_LOGIN" | "USER_CERTIFICATE" | "FACE" | "DENY" | "MAGICLINK";
	/** The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is High. Some values are not supported by all application types.This parameter is deprecated, use the highRiskAuthenticationFlow attribute with v2 APIs. */
	highRiskSecondStep?: ("NONE" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "USER_CERTIFICATE" | "SMARTCREDENTIALPUSH" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	ipContext?: IpContext;
	kbaContext?: KbaContext;
	locationContext?: LocationContext;
	locationHistoryContext?: LocationHistoryContext;
	/** The UUID of the authentication flow to use when the risk score is Low. Required with v2 APIs. */
	lowRiskAuthenticationFlow?: string;
	/** A flag indicating if Smart Login is enabled for Low risk.This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. */
	lowRiskEnableSmartLogin?: boolean;
	/** The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Low.  Only the values NONE, EXTERNAL, PASSWORD should be used for lowRiskFirstStep.  The value DENY can only be specified for low risk authentication when using Smart Login, otherwise DENY can only be specified for medium or high risk values. Other values are defined for backwards compatibility. Some values are not supported by all application types. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. */
	lowRiskFirstStep?: "NONE" | "EXTERNAL" | "PASSWORD" | "KBA" | "OTP" | "TOKEN" | "TOKENPUSH" | "SMARTCREDENTIALPUSH" | "IDP" | "PASSKEY" | "SMART_LOGIN" | "USER_CERTIFICATE" | "FACE" | "DENY" | "MAGICLINK";
	/** The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Low. Some values are not supported by all application types. This parameter is deprecated, use the lowRiskAuthenticationFlow attribute with v2 APIs. */
	lowRiskSecondStep?: ("NONE" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "USER_CERTIFICATE" | "SMARTCREDENTIALPUSH" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	/** Risk scores below this value are considered Low risk. */
	lowRiskThreshold?: number;
	machineContext?: MachineContext;
	/** The UUID of the authentication flow to use when the risk score is Medium. Required with v2 APIs. */
	mediumRiskAuthenticationFlow?: string;
	/** A flag indicating if Smart Login is enabled for Medium risk.This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. */
	mediumRiskEnableSmartLogin?: boolean;
	/** The authenticator type to use in the first step of a two-step authentication scenario when the risk score is Medium. Only the values NONE, EXTERNAL, PASSWORD or DENY should be used for mediumRiskFirstStep. Other values are defined for backwards compatibility.  Some values are not supported by all application types. This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. */
	mediumRiskFirstStep?: "NONE" | "EXTERNAL" | "PASSWORD" | "KBA" | "OTP" | "TOKEN" | "TOKENPUSH" | "SMARTCREDENTIALPUSH" | "IDP" | "PASSKEY" | "SMART_LOGIN" | "USER_CERTIFICATE" | "FACE" | "DENY" | "MAGICLINK";
	/** The authenticator type to use during in the second step of a two-step authentication scenario when the risk score is Medium. Some values are not supported by all application types.This parameter is deprecated, use the mediumRiskAuthenticationFlow attribute with v2 APIs. */
	mediumRiskSecondStep?: ("NONE" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "USER_CERTIFICATE" | "SMARTCREDENTIALPUSH" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	/** Risk scores below this value are considered Medium risk. Risk scores equal or greater than this value are considered High risk. */
	mediumRiskThreshold?: number;
	/** The name of the resource rule. */
	name?: string;
	/** When updating a resource rule, if removeDateTimeContext is set to true, the existing date time context is removed. This attribute is ignored when creating a resource rule. */
	removeDateTimeContext?: boolean;
	/** When updating a resource rule, if removeDeviceCertificateContext is set to true, the existing device certificate context is removed. This attribute is ignored when creating a resource rule. */
	removeDeviceCertificateContext?: boolean;
	/** When updating a resource rule, if removeIPContext is set to true, the existing IP context is removed. This attribute is ignored when creating a resource rule. */
	removeIPContext?: boolean;
	/** When updating a resource rule, if removeKBAContext is set to true, the existing KBA context is removed. This attribute is ignored when creating a resource rule. */
	removeKBAContext?: boolean;
	/** When updating a resource rule, if removeLocationContext is set to true, the existing location context is removed. This attribute is ignored when creating a resource rule. */
	removeLocationContext?: boolean;
	/** When updating a resource rule, if removeLocationHistoryContext is set to true, the existing location history context is removed. This attribute is ignored when creating a resource rule. */
	removeLocationHistoryContext?: boolean;
	/** When updating a resource rule, if removeMachineContext is set to true, the existing machine context is removed. This attribute is ignored when creating a resource rule. */
	removeMachineContext?: boolean;
	/** When updating a resource rule, if removeTravelVelocityContext is set to true, the existing travel velocity context is removed. This attribute is ignored when creating a resource rule. */
	removeTravelVelocityContext?: boolean;
	/** The UUID of the resource to which this resource rule is assigned. This value is only used when creating a resource rule. */
	resourceId?: string;
	/** If risk engine rules are defined, the transaction contexts specify the level at which risk is applied to the authentication request if the corresponding risk engine rules trigger risk. If set to null, no changes are made. If set to an empty set, transaction contexts are removed. */
	riskEngineContexts?: TransactionContext[];
	/** A flag indicating if second factor will be skipped if user doesn't exist when the first factor was EXTERNAL. */
	skipSecondFactorIfUserNotExist?: boolean;
	/** A flag indicating if this resource rule enforces strict access. Strict access means that if this rule denies access, the user is denied access even if other resource rules allow access. */
	strictAccess?: boolean;
	/** If transaction details are specified during an authentication request, the transaction contexts specify the level at which risk is applied to the authentication request if the corresponding transaction rules trigger risk. A maximum of two are allowed. If set to null, no changes are made. If set to an empty set, transaction contexts are removed. */
	transactionContexts?: TransactionContext[];
	travelVelocityContext?: TravelVelocityContext;
};
type FaceCreateResponse = {
	/** The QR code used to register the mobile Face Biometric. */
	activationQRCode?: string;
	/** The activation URL used to register the mobile Face Biometric. */
	activationUrl?: string;
	/** The ID of the applicant in Onfido. */
	applicantId?: string;
	/** Date the authenticator was created. */
	created?: string;
	/** Date the authenticator will expire. */
	expiry?: string;
	/** The ID of the Face Biometric. */
	id?: string;
	/** If the authenticator was created for mobile. */
	mobile?: boolean;
	/** The serial number of the Face Biometric. */
	serialNumber?: string;
	/** The status of the authenticator. */
	status?: "ACTIVATING" | "ACTIVE" | "FAILED" | "EXPIRED" | "REVIEW" | "DISABLED" | "NEW";
};
type OtpDeliveryMethod = {
	/** Whether the method is enabled. */
	enabled?: boolean;
	/** The OTP delivery method type. */
	name?: "EMAIL" | "SMS" | "VOICE" | "WECHAT" | "WHATSAPP";
};
type OtpAuthenticatorSettings = {
	/** Indicates whether client applications can delivery OTP to default delivery contact or can enforce users to choose an OTP delivery. */
	defaultDeliveryEnabled?: boolean;
	/** The allowed OTP delivery mechanisms in order of preference. Default is SMS, followed by Email, and Voice.  */
	deliveryMethods?: OtpDeliveryMethod[];
	/** Indicates whether the OTP expiry date will be included in the OTP SMS message */
	includeOtpExpiryDate?: boolean;
	/** Characters that can appear in a RANDOM OTP. Can contain any non-whitespace character. Default is all digits.  */
	otpAlphabet?: string;
	/** The default OTP delivery mechanism. This attribute is deprecated, use the deliveryMethods attribute. */
	otpDefaultDelivery?: "EMAIL" | "SMS" | "VOICE" | "WECHAT" | "WHATSAPP" | "NONE";
	/** Id of the default OTP delivery attribute. Deprecated : Use default attribute specific to delivery mechanism instead eg. otpSmsDefaultDeliveryAttribute, otpEmailDefaultDeliveryAttribute */
	otpDefaultDeliveryAttribute?: string;
	/** Indicates the order preference to use for OTP delivery. */
	otpDeliveryPreference?: OtpPreferenceDetails[];
	/** Id of the default Email OTP delivery attribute. */
	otpEmailDefaultDeliveryAttribute?: string;
	/** The length of an OTP. Default is 8. */
	otpLength?: number;
	/** The lifetime of an OTP in seconds. Default is 300. */
	otpLifetime?: number;
	/** The format of SMS messages when delivering an OTP SMS message. Default is SERVICENAME_OTP. */
	otpSMSFormat?: "SERVICENAME_OTP" | "OTP_SERVICENAME";
	/** Id of the default SMS OTP delivery attribute. */
	otpSmsDefaultDeliveryAttribute?: string;
	/** The type of OTP generated.  Choices are RANDOM or MEMO_PASSCODE. Default is RANDOM */
	otpType?: "RANDOM" | "MEMO_PASSCODE";
	/** Id of the default Voice OTP delivery attribute. */
	otpVoiceDefaultDeliveryAttribute?: string;
	/** Id of the default WeChat OTP delivery attribute. */
	otpWeChatDefaultDeliveryAttribute?: string;
	/** Id of the default Whatsapp OTP delivery attribute. */
	otpWhatsappDefaultDeliveryAttribute?: string;
	/** Indicates whether masked OTP contact attribute values are included in authentication API. */
	showOtpDeliveryContact?: boolean;
};
type UserAlias = {
	/** The UUID of this user alias set when the user alias is created. */
	id?: string;
	/** The type of user alias. A value of USERID is used for an alias that will represent the actual user id value. A value of CUSTOM is used for aliases manually created by an administrator.  A value of DERIVED is defined for future use and should not be used at this time. */
	"type"?: "CUSTOM" | "DERIVED" | "USERID";
	/** The UUID of the user to which this user alias belongs. */
	userId?: string;
	/** The value for the user alias. */
	value?: string;
};
type UserAttributeValue = {
	/** A flag indicating if this user attribute value can be modified. */
	editable?: boolean;
	/** The UUID of this user attribute value set when the user attribute value is created. */
	id?: string;
	/** The last time the attribute value was updated. */
	lastUpdate?: string;
	userAttribute?: UserAttribute;
	/** The UUID of the user attribute that defines this user attribute value.  The userAttributeId must be provided when creating or modifying a user attribute value. */
	userAttributeId?: string;
	/** The UUID of the user to which this user attribute value belongs. */
	userId?: string;
	/** The value for the user attribute. */
	value?: string;
};
type UserExtraAttribute = {
	/** The name for the extra user attribute. */
	name?: string;
	/** Type of custom user attribute. */
	"type"?: "NONE" | "OTP_EMAIL" | "OTP_SMS" | "OTP_VOICE" | "OTP_WECHAT" | "OTP_WHATSAPP";
	/** The value for the extra user attribute. */
	value?: string;
};
type UserExtraAttributeRead = {
	/** The UUID of this extra user attribute. */
	id?: string;
	/** The name for the extra user attribute. */
	name?: string;
	/** Type of custom user attribute. */
	"type"?: "NONE" | "OTP_EMAIL" | "OTP_SMS" | "OTP_VOICE" | "OTP_WECHAT" | "OTP_WHATSAPP";
	/** The value for the extra user attribute. */
	value?: string;
};
type UserParms = {
	/** Indicates if the user is granted a new frozen grace period. This value is not used when creating a user. If provided, it will be ignored. */
	applyGracePeriod?: boolean;
	/** The email address of this user.  This value may or may not be required depending on configuration.  If it is required, it must be specified when creating the user.  If it is required, it must be specified when updating the user and a value is not currently set.  It must be set to use EMAIL OTP authentication and other features that require an email address.  To remove the existing value, set the value to an empty string. */
	email?: string;
	/** Indicates if a verification email message should be sent to the user if the user now requires verification. The user's policy requiring user verification must also be enabled for the user. If not set, this value defaults to true. */
	emailVerification?: boolean;
	/** An optional external ID for this user.  This value can be used to track the external identity of an Identity as a Service user. To unset the external ID, specify an empty string. */
	externalId?: string;
	/** An optional value that describes the source when the user is synchronized from an external source. To unset the external source, specify an empty string. */
	externalSource?: string;
	/** The first name of this user.  This value may or may not be required depending on configuration.  If it is required, it must be specified when creating the user.  If it is required, it must be specified when updating the user and a value is not currently set.  To remove the existing value, set the value to an empty string. */
	firstName?: string;
	/** A list of group UUIDs to be assigned to this user.  If specified, these groups replace existing groups. */
	groups?: string[];
	/** The last name of this user.    This value may or may not be required depending on configuration.  If it is required, it must be specified when creating the user.  If it is required, it must be specified when updating the user and a value is not currently set.  To remove the existing value, set the value to an empty string. */
	lastName?: string;
	/** The locale of this user.  If not set, the default account locale will be used. To remove the existing value, set the value to an empty string. */
	locale?: "da" | "de" | "en" | "es" | "fr" | "it" | "ja" | "ko" | "nl" | "nb" | "pl" | "pt" | "ru" | "sv" | "th" | "tr" | "zh-cn" | "zh-tw";
	/** Indicates if all the user's authenticators are locked or not. */
	lock?: boolean;
	/** The mobile number of this user.  This value may or may not be required depending on configuration.  If it is required, it must be specified when creating the user.  If it is required, it must be specified when updating the user and a value is not currently set.  It must be set to use SMS OTP authentication.  To remove the existing value, set the value to an empty string. */
	mobile?: string;
	/** A list of oauth role UUIDs to be assigned to this user.  If specified, these oauth roles replace existing oauth roles. */
	oauthRoles?: string[];
	/** A list of organization UUIDs to be assigned to this user.  If specified, these organizations replace existing organizations. */
	organizations?: string[];
	/** The phone number of this user.  This value may or may not be required depending on configuration.  If it is required, it must be specified when creating the user.  If it is required, it must be specified when updating the user and a value is not currently set.  It must be set to use VOICE OTP authentication.  To remove the existing value, set the value to an empty string. */
	phone?: string;
	/** Preferred OTP delivery type (SMS, EMAIL or VOICE) or SYSTEM to use the system defined default. */
	preferredOtpDelivery?: "EMAIL" | "SMS" | "VOICE" | "SYSTEM";
	/** Preferred OTP delivery contact attribute for the given type (i.e., OTP_EMAIL, OTP_SMS, OTP_VOICE. An empty string means no override for that type). */
	preferredOtpDeliveryContactAttributes?: {
		[key: string]: string;
	};
	/** Indicates whether self-registration is required. If not set when the user is created, this value defaults to true. */
	registrationRequired?: boolean;
	/** The security ID of this user. The security ID is a unique value used to identity the user when performing smart card login to Microsoft Windows. */
	securityId?: string;
	/** The state of this user.  Only users in the ACTIVE state can perform authentication. If not set when the user is created, this value defaults to ACTIVE. */
	state?: "ACTIVE" | "INACTIVE";
	/** A list of user aliases for this user. Alias values must be unique with respect to the userId and other aliases of this user and other users. */
	userAliases?: UserAlias[];
	/** A list of user attribute values for this user. */
	userAttributeValues?: UserAttributeValue[];
	/** A list of extra optional attributes for this user. */
	userExtraAttributes?: UserExtraAttribute[];
	/** The user ID for this user.  This value is required when creating the user, optional during update. The userId must be unique with respect to aliases of this user and the userId and aliases of all other users. */
	userId?: string;
	/** The user principal name of this user.  This value may or may not be required depending on configuration.  If it is required, it must be specified when creating the user.  If it is required, it must be specified when updating the user and a value is not currently set.  To remove the existing value, set the value to an empty string. */
	userPrincipalName?: string;
	/** Indicates whether verification is required. If not set when the user is created, this value defaults to true. */
	verificationRequired?: boolean;
};
type UserParmsRead = {
	/** Indicates if the user is granted a new frozen grace period. This value is not used when creating a user. If provided, it will be ignored. */
	applyGracePeriod?: boolean;
	/** The email address of this user.  This value may or may not be required depending on configuration.  If it is required, it must be specified when creating the user.  If it is required, it must be specified when updating the user and a value is not currently set.  It must be set to use EMAIL OTP authentication and other features that require an email address.  To remove the existing value, set the value to an empty string. */
	email?: string;
	/** Indicates if a verification email message should be sent to the user if the user now requires verification. The user's policy requiring user verification must also be enabled for the user. If not set, this value defaults to true. */
	emailVerification?: boolean;
	/** An optional external ID for this user.  This value can be used to track the external identity of an Identity as a Service user. To unset the external ID, specify an empty string. */
	externalId?: string;
	/** An optional value that describes the source when the user is synchronized from an external source. To unset the external source, specify an empty string. */
	externalSource?: string;
	/** The first name of this user.  This value may or may not be required depending on configuration.  If it is required, it must be specified when creating the user.  If it is required, it must be specified when updating the user and a value is not currently set.  To remove the existing value, set the value to an empty string. */
	firstName?: string;
	/** A list of group UUIDs to be assigned to this user.  If specified, these groups replace existing groups. */
	groups?: string[];
	/** The last name of this user.    This value may or may not be required depending on configuration.  If it is required, it must be specified when creating the user.  If it is required, it must be specified when updating the user and a value is not currently set.  To remove the existing value, set the value to an empty string. */
	lastName?: string;
	/** The locale of this user.  If not set, the default account locale will be used. To remove the existing value, set the value to an empty string. */
	locale?: "da" | "de" | "en" | "es" | "fr" | "it" | "ja" | "ko" | "nl" | "nb" | "pl" | "pt" | "ru" | "sv" | "th" | "tr" | "zh-cn" | "zh-tw";
	/** Indicates if all the user's authenticators are locked or not. */
	lock?: boolean;
	/** The mobile number of this user.  This value may or may not be required depending on configuration.  If it is required, it must be specified when creating the user.  If it is required, it must be specified when updating the user and a value is not currently set.  It must be set to use SMS OTP authentication.  To remove the existing value, set the value to an empty string. */
	mobile?: string;
	/** A list of oauth role UUIDs to be assigned to this user.  If specified, these oauth roles replace existing oauth roles. */
	oauthRoles?: string[];
	/** A list of organization UUIDs to be assigned to this user.  If specified, these organizations replace existing organizations. */
	organizations?: string[];
	/** The phone number of this user.  This value may or may not be required depending on configuration.  If it is required, it must be specified when creating the user.  If it is required, it must be specified when updating the user and a value is not currently set.  It must be set to use VOICE OTP authentication.  To remove the existing value, set the value to an empty string. */
	phone?: string;
	/** Preferred OTP delivery type (SMS, EMAIL or VOICE) or SYSTEM to use the system defined default. */
	preferredOtpDelivery?: "EMAIL" | "SMS" | "VOICE" | "SYSTEM";
	/** Preferred OTP delivery contact attribute for the given type (i.e., OTP_EMAIL, OTP_SMS, OTP_VOICE. An empty string means no override for that type). */
	preferredOtpDeliveryContactAttributes?: {
		[key: string]: string;
	};
	/** Indicates whether self-registration is required. If not set when the user is created, this value defaults to true. */
	registrationRequired?: boolean;
	/** The security ID of this user. The security ID is a unique value used to identity the user when performing smart card login to Microsoft Windows. */
	securityId?: string;
	/** The state of this user.  Only users in the ACTIVE state can perform authentication. If not set when the user is created, this value defaults to ACTIVE. */
	state?: "ACTIVE" | "INACTIVE";
	/** A list of user aliases for this user. Alias values must be unique with respect to the userId and other aliases of this user and other users. */
	userAliases?: UserAlias[];
	/** A list of user attribute values for this user. */
	userAttributeValues?: UserAttributeValue[];
	/** A list of extra optional attributes for this user. */
	userExtraAttributes?: UserExtraAttributeRead[];
	/** The user ID for this user.  This value is required when creating the user, optional during update. The userId must be unique with respect to aliases of this user and the userId and aliases of all other users. */
	userId?: string;
	/** The user principal name of this user.  This value may or may not be required depending on configuration.  If it is required, it must be specified when creating the user.  If it is required, it must be specified when updating the user and a value is not currently set.  To remove the existing value, set the value to an empty string. */
	userPrincipalName?: string;
	/** Indicates whether verification is required. If not set when the user is created, this value defaults to true. */
	verificationRequired?: boolean;
};
type UserAlternateEmails = {
	/** Name of the email attribute. */
	name?: string;
	/** Value of the email attribute. */
	value?: string;
};
type UserAuthenticatorLockoutStatus = {
	/** Determines if this authenticator is currently locked out. */
	locked?: boolean;
	/** The date the user was locked. Null means the user is not locked. */
	lockoutDate?: string;
	/** if remainingAuthenticationAttempts is 0 then a lockoutExpiryDate of null means the lockout never expires. Otherwise a value of null means the user isn't locked out. */
	lockoutExpiryDate?: string;
	/** The users named password authentication that is locked out. */
	name?: string;
	/** The number of authentication attempts remaining before the user is locked out. */
	remainingAuthenticationAttempts?: number;
	/** The type of the authenticator. */
	"type"?: "MACHINE" | "PASSWORD" | "EXTERNAL" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "SMARTCREDENTIALPUSH" | "PASSWORD_AND_SECONDFACTOR" | "SMART_LOGIN" | "IDP" | "PASSKEY" | "IDP_AND_SECONDFACTOR" | "USER_CERTIFICATE" | "FACE" | "PASSTHROUGH" | "MAGICLINK";
};
type UserPasswordDetails = {
	/** The name of the password. */
	name?: string;
	/** The ID of the named password. */
	namedPasswordId?: string;
	/** A flag indicating if the user password is compromised. */
	passwordCompromised?: boolean;
	/** The password expiration time. */
	passwordExpirationTime?: string;
};
type User = {
	/** A list of all the users alternate emails. */
	alternateEmails?: UserAlternateEmails[];
	/** A list of all authenticators that the user has with their lockout status. */
	authenticatorLockoutStatus?: UserAuthenticatorLockoutStatus[];
	/** The DN of the user in the directory the user was synchronized from. */
	directoryDN?: string;
	/** If the user was synchronized from a directory, the UUID of that directory. */
	directoryId?: string;
	/** If the user was synchronized from a directory, the name of that directory. */
	directoryName?: string;
	/** The objectGUID of the user in the directory the user was synchronized from. */
	directoryObjectGUID?: string;
	/** The type of the directory user was synchronized from. */
	directoryType?: "ON_PREM" | "AZURE" | "AD_CONNECTOR";
	/** The email address of this user.  This value may or may not be required depending on configuration. It must be set to use EMAIL OTP authentication and other features that require an email address. */
	email?: string;
	/** An optional external ID for this user.  This value can be used to track the external identity of an Identity as a Service user.  */
	externalId?: string;
	/** An optional value that describes the source when the user is synchronized from an external source. */
	externalSource?: string;
	/** A list of all the FIDO tokens owned by this user. */
	fidoTokens?: FidoToken[];
	/** The first name of this user.  This value may or may not be required depending on configuration. */
	firstName?: string;
	/** Indicates whether a user is unable to authenticate due to inactivity. */
	frozen?: boolean;
	/** Indicates a user's frozen grace period. */
	frozenGracePeriod?: string;
	/** A list of all the grids owned by this user. */
	grids?: Grid[];
	/** A list of all groups to which this user belongs. */
	groups?: Group[];
	/** The unique UUID for this user.  This value is generated by the service when a user is created. */
	id?: string;
	/** The last time this user successfully authenticated.  Null if the user has never authenticated. */
	lastAuthTime?: string;
	/** When the user was last modified. */
	lastModified?: string;
	/** The last name of this user.  This value may or may not be required depending on configuration. */
	lastName?: string;
	/** The locale of this user.  If not set, the default account locale will be used. */
	locale?: string;
	/** A flag indicating if this user is locked. */
	locked?: boolean;
	/** The user authenticators that are locked. */
	lockedAuthenticatorTypes?: ("MACHINE" | "PASSWORD" | "EXTERNAL" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "SMARTCREDENTIALPUSH" | "PASSWORD_AND_SECONDFACTOR" | "SMART_LOGIN" | "IDP" | "PASSKEY" | "IDP_AND_SECONDFACTOR" | "USER_CERTIFICATE" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	/** The user authenticators that are locked. Deprecated: use lockedAuthenticatorTypes */
	lockedAuthenticators?: ("PASSWORD" | "KBA" | "TEMP_ACCESS_CODE" | "GRID" | "OTP_EMAIL" | "OTP_SMS" | "OTP_VOICE" | "ENTRUST_SOFT_TOKEN" | "ENTRUST_SOFT_TOKEN_PUSH" | "GOOGLE_AUTHENTICATOR" | "HARDWARE_TOKEN" | "FIDO" | "SMARTCREDENTIALPUSH" | "USER_CERTIFICATE" | "MACHINE" | "FACE" | "PASSTHROUGH" | "TOKENCR" | "MAGICLINK")[];
	/** If the user is locked, this value will specify the time at which the lockout will expire. */
	lockoutExpiry?: string;
	/** Indicates whether Magic Links are enabled for this user. */
	magicLinkEnabled?: boolean;
	/** A flag indicating if this user was migrated from Entrust IdentityGuard. */
	migrated?: boolean;
	/** The mobile number of this user.  This value may or may not be required depending on configuration. It must be set to use SMS OTP authentication. */
	mobile?: string;
	/** A list of all oauth roles to which this user belongs. */
	oauthRoles?: OAuthRole[];
	/** A list of the user organizations. */
	organizations?: Organization[];
	/** If the user has an OTP, this attribute specifies when the user's OTP was created. */
	otpCreateTime?: string;
	/** A flag indicating if the user password is compromised. */
	passwordCompromised?: boolean;
	/** The password expiration time. */
	passwordExpirationTime?: string;
	/** The phone number of this user.  This value may or may not be required depending on configuration. It must be set to use VOICE OTP authentication. */
	phone?: string;
	/** Preferred OTP delivery type (SMS, EMAIL or VOICE) or SYSTEM to use the system defined default. */
	preferredOtpDelivery?: "EMAIL" | "SMS" | "VOICE" | "SYSTEM";
	/** Preferred OTP delivery contact attribute for the given type (i.e., OTP_EMAIL, OTP_SMS, OTP_VOICE. An empty string means no override for that type). */
	preferredOtpDeliveryContactAttributes?: {
		[key: string]: string;
	};
	/** Indicates whether registration is enabled for this user. */
	registrationEnabled?: boolean;
	/** Indicates whether self-registration is required. This attribute doesn't apply to administrators. */
	registrationRequired?: boolean;
	/** The security ID of this user. The security ID is a unique value used to identity the user when performing smart card login to Microsoft Windows. */
	securityId?: string;
	/** Indicates whether to show notifications to this user. */
	showNotification?: boolean;
	/** A list of all the smart credentials owned by this user. */
	smartCredentials?: SmartCredential[];
	/** The state of this user.  Only users in the ACTIVE state can perform authentication. */
	state?: "ACTIVE" | "INACTIVE";
	tempAccessCode?: TempAccessCode;
	/** A list of all the tokens owned by this user. */
	tokens?: Token[];
	/** The type of user.  A value of LDAP_AD means the user was synchronized from a directory. A value of MGMT_UI means the user was created in Identity as a Service. A value of EXTERNAL means the user was synchronized from an external source. */
	"type"?: "LDAP_AD" | "MGMT_UI" | "EXTERNAL";
	/** A list of user aliases for this user. */
	userAliases?: UserAlias[];
	/** A list of user attribute values for this user. */
	userAttributeValues?: UserAttributeValue[];
	/** The user authenticator preference list. */
	userAuthenticatorPreference?: ("MACHINE" | "PASSWORD" | "EXTERNAL" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "SMARTCREDENTIALPUSH" | "PASSWORD_AND_SECONDFACTOR" | "SMART_LOGIN" | "IDP" | "PASSKEY" | "IDP_AND_SECONDFACTOR" | "USER_CERTIFICATE" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	/** The time this user was created.  */
	userCreationTime?: string;
	/** A list of extra optional attributes for this user. */
	userExtraAttributes?: UserExtraAttribute[];
	/** The user ID for this user. */
	userId?: string;
	/** A list of the user password details. */
	userPasswordDetails?: UserPasswordDetails[];
	/** The user principal name of this user.  This value may or may not be required depending on configuration. */
	userPrincipalName?: string;
	/** Indicates whether verification is enabled for this user. */
	verificationEnabled?: boolean;
	/** Indicates whether verification is required. This attribute doesn't apply to administrators. */
	verificationRequired?: boolean;
};
type UserRead = {
	/** A list of all the users alternate emails. */
	alternateEmails?: UserAlternateEmails[];
	/** A list of all authenticators that the user has with their lockout status. */
	authenticatorLockoutStatus?: UserAuthenticatorLockoutStatus[];
	/** The DN of the user in the directory the user was synchronized from. */
	directoryDN?: string;
	/** If the user was synchronized from a directory, the UUID of that directory. */
	directoryId?: string;
	/** If the user was synchronized from a directory, the name of that directory. */
	directoryName?: string;
	/** The objectGUID of the user in the directory the user was synchronized from. */
	directoryObjectGUID?: string;
	/** The type of the directory user was synchronized from. */
	directoryType?: "ON_PREM" | "AZURE" | "AD_CONNECTOR";
	/** The email address of this user.  This value may or may not be required depending on configuration. It must be set to use EMAIL OTP authentication and other features that require an email address. */
	email?: string;
	/** An optional external ID for this user.  This value can be used to track the external identity of an Identity as a Service user.  */
	externalId?: string;
	/** An optional value that describes the source when the user is synchronized from an external source. */
	externalSource?: string;
	/** A list of all the FIDO tokens owned by this user. */
	fidoTokens?: FidoToken[];
	/** The first name of this user.  This value may or may not be required depending on configuration. */
	firstName?: string;
	/** Indicates whether a user is unable to authenticate due to inactivity. */
	frozen?: boolean;
	/** Indicates a user's frozen grace period. */
	frozenGracePeriod?: string;
	/** A list of all the grids owned by this user. */
	grids?: Grid[];
	/** A list of all groups to which this user belongs. */
	groups?: Group[];
	/** The unique UUID for this user.  This value is generated by the service when a user is created. */
	id?: string;
	/** The last time this user successfully authenticated.  Null if the user has never authenticated. */
	lastAuthTime?: string;
	/** When the user was last modified. */
	lastModified?: string;
	/** The last name of this user.  This value may or may not be required depending on configuration. */
	lastName?: string;
	/** The locale of this user.  If not set, the default account locale will be used. */
	locale?: string;
	/** A flag indicating if this user is locked. */
	locked?: boolean;
	/** The user authenticators that are locked. */
	lockedAuthenticatorTypes?: ("MACHINE" | "PASSWORD" | "EXTERNAL" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "SMARTCREDENTIALPUSH" | "PASSWORD_AND_SECONDFACTOR" | "SMART_LOGIN" | "IDP" | "PASSKEY" | "IDP_AND_SECONDFACTOR" | "USER_CERTIFICATE" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	/** The user authenticators that are locked. Deprecated: use lockedAuthenticatorTypes */
	lockedAuthenticators?: ("PASSWORD" | "KBA" | "TEMP_ACCESS_CODE" | "GRID" | "OTP_EMAIL" | "OTP_SMS" | "OTP_VOICE" | "ENTRUST_SOFT_TOKEN" | "ENTRUST_SOFT_TOKEN_PUSH" | "GOOGLE_AUTHENTICATOR" | "HARDWARE_TOKEN" | "FIDO" | "SMARTCREDENTIALPUSH" | "USER_CERTIFICATE" | "MACHINE" | "FACE" | "PASSTHROUGH" | "TOKENCR" | "MAGICLINK")[];
	/** If the user is locked, this value will specify the time at which the lockout will expire. */
	lockoutExpiry?: string;
	/** Indicates whether Magic Links are enabled for this user. */
	magicLinkEnabled?: boolean;
	/** A flag indicating if this user was migrated from Entrust IdentityGuard. */
	migrated?: boolean;
	/** The mobile number of this user.  This value may or may not be required depending on configuration. It must be set to use SMS OTP authentication. */
	mobile?: string;
	/** A list of all oauth roles to which this user belongs. */
	oauthRoles?: OAuthRole[];
	/** A list of the user organizations. */
	organizations?: Organization[];
	/** If the user has an OTP, this attribute specifies when the user's OTP was created. */
	otpCreateTime?: string;
	/** A flag indicating if the user password is compromised. */
	passwordCompromised?: boolean;
	/** The password expiration time. */
	passwordExpirationTime?: string;
	/** The phone number of this user.  This value may or may not be required depending on configuration. It must be set to use VOICE OTP authentication. */
	phone?: string;
	/** Preferred OTP delivery type (SMS, EMAIL or VOICE) or SYSTEM to use the system defined default. */
	preferredOtpDelivery?: "EMAIL" | "SMS" | "VOICE" | "SYSTEM";
	/** Preferred OTP delivery contact attribute for the given type (i.e., OTP_EMAIL, OTP_SMS, OTP_VOICE. An empty string means no override for that type). */
	preferredOtpDeliveryContactAttributes?: {
		[key: string]: string;
	};
	/** Indicates whether registration is enabled for this user. */
	registrationEnabled?: boolean;
	/** Indicates whether self-registration is required. This attribute doesn't apply to administrators. */
	registrationRequired?: boolean;
	/** The security ID of this user. The security ID is a unique value used to identity the user when performing smart card login to Microsoft Windows. */
	securityId?: string;
	/** Indicates whether to show notifications to this user. */
	showNotification?: boolean;
	/** A list of all the smart credentials owned by this user. */
	smartCredentials?: SmartCredential[];
	/** The state of this user.  Only users in the ACTIVE state can perform authentication. */
	state?: "ACTIVE" | "INACTIVE";
	tempAccessCode?: TempAccessCode;
	/** A list of all the tokens owned by this user. */
	tokens?: Token[];
	/** The type of user.  A value of LDAP_AD means the user was synchronized from a directory. A value of MGMT_UI means the user was created in Identity as a Service. A value of EXTERNAL means the user was synchronized from an external source. */
	"type"?: "LDAP_AD" | "MGMT_UI" | "EXTERNAL";
	/** A list of user aliases for this user. */
	userAliases?: UserAlias[];
	/** A list of user attribute values for this user. */
	userAttributeValues?: UserAttributeValue[];
	/** The user authenticator preference list. */
	userAuthenticatorPreference?: ("MACHINE" | "PASSWORD" | "EXTERNAL" | "KBA" | "TEMP_ACCESS_CODE" | "OTP" | "GRID" | "TOKEN" | "TOKENCR" | "TOKENPUSH" | "FIDO" | "SMARTCREDENTIALPUSH" | "PASSWORD_AND_SECONDFACTOR" | "SMART_LOGIN" | "IDP" | "PASSKEY" | "IDP_AND_SECONDFACTOR" | "USER_CERTIFICATE" | "FACE" | "PASSTHROUGH" | "MAGICLINK")[];
	/** The time this user was created.  */
	userCreationTime?: string;
	/** A list of extra optional attributes for this user. */
	userExtraAttributes?: UserExtraAttributeRead[];
	/** The user ID for this user. */
	userId?: string;
	/** A list of the user password details. */
	userPasswordDetails?: UserPasswordDetails[];
	/** The user principal name of this user.  This value may or may not be required depending on configuration. */
	userPrincipalName?: string;
	/** Indicates whether verification is enabled for this user. */
	verificationEnabled?: boolean;
	/** Indicates whether verification is required. This attribute doesn't apply to administrators. */
	verificationRequired?: boolean;
};
type UserGetParms = {
	/** If fetching a user by userId or alias, this value specifies, the userId or user alias of the user to be fetched. If fetching a user by externalId, this value specifies, the externalId of the user to be fetched. */
	userId: string;
};
type UpdateUserParms = {
	/** The id of the user to be updated.  The type of the id is specified by idType. */
	id: string;
	/** The type of the id identifying the user.  The value can be one of UUID (the user's internal UUID), USERID (the user's userId) or EXTERNALID (the externalId of the user). If not specified, this defaults to UUID. */
	idType?: "UUID" | "USERID" | "EXTERNALID";
	parms: UserParms;
};
type UpdateUserParmsRead = {
	/** The id of the user to be updated.  The type of the id is specified by idType. */
	id: string;
	/** The type of the id identifying the user.  The value can be one of UUID (the user's internal UUID), USERID (the user's userId) or EXTERNALID (the externalId of the user). If not specified, this defaults to UUID. */
	idType?: "UUID" | "USERID" | "EXTERNALID";
	parms: UserParmsRead;
};
type UpdateUsersParms = {
	/** If set to true, the operation stops on the first operation that fails.  Otherwise the operation continues for each specified user. If not specified, this defaults to false. */
	stopOnError?: boolean;
	/** The list of users to be updated. */
	users: UpdateUserParms[];
};
type UpdateUsersParmsRead = {
	/** If set to true, the operation stops on the first operation that fails.  Otherwise the operation continues for each specified user. If not specified, this defaults to false. */
	stopOnError?: boolean;
	/** The list of users to be updated. */
	users: UpdateUserParmsRead[];
};
type UpdateUserResult = {
	error?: ErrorInfo;
	/** Indicates if the user was successfully updated (true) or not (false). */
	success: boolean;
};
type CreateUsersParms = {
	/** If set to true, the operation stops on the first operation that fails.  Otherwise the operation continues for each specified user. If not specified, this defaults to false. */
	stopOnError?: boolean;
	/** The list of users to be created. */
	users: UserParms[];
};
type CreateUsersParmsRead = {
	/** If set to true, the operation stops on the first operation that fails.  Otherwise the operation continues for each specified user. If not specified, this defaults to false. */
	stopOnError?: boolean;
	/** The list of users to be created. */
	users: UserParmsRead[];
};
type CreateUserResult = {
	error?: ErrorInfo;
	/** Indicates if the user was successfully created (true) or not (false). */
	success: boolean;
	user?: User;
};
type CreateUserResultRead = {
	error?: ErrorInfo;
	/** Indicates if the user was successfully created (true) or not (false). */
	success: boolean;
	user?: UserRead;
};
type DeleteUserParms = {
	/** The id of the user to be deleted.  The type of the id is specified by idType. */
	id: string;
	/** The type of the id identifying the user.  The value can be one of UUID (the user's internal UUID), USERID (the user's userId) or EXTERNALID (the externalId of the user). If not specified, this defaults to UUID. */
	idType?: "UUID" | "USERID" | "EXTERNALID";
};
type DeleteUsersParms = {
	/** If set to true, the operation stops on the first operation that fails.  Otherwise the operation continues for each specified user. If not specified, this defaults to false. */
	stopOnError?: boolean;
	/** The list of users to be deleted. */
	users: DeleteUserParms[];
};
type DeleteUserResult = {
	error?: ErrorInfo;
	/** Indicates if the user was successfully deleted (true) or not (false). */
	success: boolean;
};
type Tenant = {
	/** A flag indicating if this tenant is an authentication account. */
	authenticationAccount: boolean;
	/** The name of the company that owns this tenant. */
	companyName: string;
	/** The contract mode of a tenant, allowable values = 'PRODUCTION', 'TRIAL', example='TRIAL'. */
	contractMode?: "PRODUCTION" | "TRIAL" | "UNKNOWN";
	/** The hostname of the tenant. */
	hostname: string;
	/** The UUID of this tenant within the service provider. */
	id: string;
	/** A flag indicating if this tenant is an issuance account. */
	issuanceAccount: boolean;
	/** A flag indicating if this tenant has been locked. */
	locked: boolean;
	/** The ID of the preferred OTP provider associated with this tenant, if any. Only visible to root tenant. */
	otpProviderId?: string;
	/** The previous hostname of the tenant. */
	previousHostname?: string;
	/** A flag indicating if this child tenant is a service provider. */
	serviceProvider: boolean;
	/** A flag indicating if this tenant is enabled for tenant management authentication. */
	spIdp: boolean;
};
type CreateTenantResult = {
	adminApiApplication?: AdminApiApplication;
	adminUser: User;
	tenant: Tenant;
};
type CreateTenantResultRead = {
	adminApiApplication?: AdminApiApplication;
	adminUser: UserRead;
	tenant: Tenant;
};
type CreateTenantAsyncStatus = {
	/** The error message describing the first error encountered processing the operation. */
	errorMessage?: string;
	/** The unique UUID of the operation. Used to get status and results of operation */
	id: string;
	/** The time this operation was initialized. */
	initTime?: string;
	/** The time at which the operation completed processing. */
	processingEndTime?: string;
	/** The time at which the operation began processing. */
	processingStartTime?: string;
	/** How long the operation took to complete processing in milliseconds. */
	processingTime?: number;
	/** The state of the operation. */
	state: "FAILED" | "CANCELLED" | "COMPLETED" | "AWAITING_DATA" | "PROCESSING" | "SCHEDULED";
	/** The subject of this operation. */
	subject?: string;
};
type UsersPage = {
	paging?: Paging;
	/** A single page with the list of users found. */
	results: User[];
};
type UsersPageRead = {
	paging?: Paging;
	/** A single page with the list of users found. */
	results: UserRead[];
};
type UsageInfo = {
	/** The aggregation period used. */
	aggregationPeriod: "DAILY" | "WEEKLY" | "MONTHLY";
	/** The service bundle. */
	bundleType?: string;
	/** The entitlements used in the aggregation period. */
	count: number;
	/** The end time of the aggregation period. */
	endTime: string;
	/** The unique UUID for this usage info. */
	id: string;
	/** The start time of the aggregation period. */
	startTime: string;
	/** The unique UUID of the tenant. */
	tenantId: string;
	/** Whether the usage is associated to a trial tenant. */
	trial: boolean;
	/** The type of this entitlement. */
	usageType: "USERS" | "ISSUANCE";
};
type UsageInfoPage = {
	paging?: Paging;
	/** A single page with the list of usage info found. */
	results: UsageInfo[];
};
type AdditionalFeature = {
	/** Enhanced geo location additional feature. */
	enhancedGeoLocation?: boolean;
};
type MobileFlashPass = {
	/** The entitlements consumed since start date during the entitlement period. */
	consumed?: number;
	/** The date when the entitlement will end. */
	endDate?: string;
	/** The number of FlashPass claims allowed during the period. */
	quantity?: number;
	/** The date when the entitlement starts. */
	startDate?: string;
};
type FleetManagement = {
	/** Add on column to store fleetManagementOptIn flag */
	addOn?: string;
	/** The entitlements consumed since start date during the entitlement period. */
	consumed?: number;
	/** The date when the entitlement will end. */
	endDate?: string;
	/** The number of FlashPass claims allowed during the period. */
	quantity?: number;
	/** The date when the entitlement starts. */
	startDate?: string;
};
type ServiceBundle = {
	/** Identifies the bundle. */
	bundleType: "ADVANCED" | "ESSENTIALS" | "PROFESSIONAL" | "ENTERPRISE" | "API" | "STANDARD" | "PLUS" | "PREMIUM" | "CONSUMER";
	/** A number that allows to sort bundles of the same category by precedence. Read-only currently. */
	rank?: number;
	/** An identifier used to report usage for this bundle. */
	usageReportId?: string;
};
type Issuance = {
	/** Add on column to store printer cert flag */
	addOn?: string;
	/** The entitlements consumed since start date during a Trial period. */
	consumed?: number;
	/** The date when the Trial period will end. This value is not returned if the account status is PRODUCTION. */
	endDate?: string;
	/** The number of print jobs allowed during the Trial period. This value is not returned if the account status is PRODUCTION. */
	quantity?: number;
	/** The service bundles supported. */
	serviceBundles: ServiceBundle[];
	/** The date when the Trial period starts. This value is not returned if the account status is PRODUCTION. */
	startDate?: string;
};
type PayToPrint = {
	/** Add on column to store PayToPrint addon */
	addOn?: string;
	/** The entitlements consumed since start date during the entitlement period. */
	consumed?: number;
	/** The date when the entitlement will end. */
	endDate?: string;
	/** The number of PayToPrint prints allowed during the period. */
	quantity?: number;
	/** The date when the entitlement starts. */
	startDate?: string;
};
type PrinterEntitlement = {
	/** The entitlements consumed since start date during the entitlement period. */
	consumed?: number;
	/** The date when the entitlement will end. */
	endDate?: string;
	/** The number of FlashPass claims allowed during the period. */
	quantity?: number;
	/** The date when the entitlement starts. */
	startDate?: string;
};
type Entitlement = {
	additionalFeatures?: AdditionalFeature;
	/** The contract mode of a tenant, allowable values = 'PRODUCTION', 'TRIAL', example='TRIAL'. */
	contractMode?: "PRODUCTION" | "TRIAL" | "UNKNOWN";
	/** The contract number of this entitlement. */
	contractNumber?: string;
	/** The customer ID. */
	customerId?: string;
	/** The end date of this entitlement in UTC time. */
	endDate: string;
	/** The entitlement ID. */
	entitlementId?: string;
	flashPass?: MobileFlashPass;
	fleetManagement?: FleetManagement;
	/** The USERS grace period end date of this entitlement in UTC time. */
	gracePeriodEndDate?: string;
	/** The unique UUID of this entitlement. */
	id: string;
	issuance?: Issuance;
	payToPrint?: PayToPrint;
	printer?: PrinterEntitlement;
	/** The quantity of this entitlement. */
	quantity: number;
	/** The unused quantity of this entitlement (USERS type only). */
	remaining?: number;
	/** Whether Smart Card Smart Login is enabled or not. */
	smartLoginEnabled?: boolean;
	smsVoice?: SmsVoice;
	/** The start date of this entitlement in UTC time. */
	startDate: string;
	/** The status of this entitlement. */
	status: "ACTIVE" | "INACTIVE" | "TERMINATED";
	/** The subscription line ID. */
	subscriptionLineId?: string;
	/** The type of this entitlement. */
	"type": "USERS" | "TRANSACTIONS";
	/** The entitlement bundles that defines the set of features available for authentication accounts. */
	userBundles?: ServiceBundle[];
	/** The billing type for user entitlements. Defaults to PRE_PAID if not provided. */
	usersBillingType?: "PRE_PAID" | "PAY_PER_USE";
};
type FlashPassParms = {
	/** The number of FlashPass pass claims allowed during the Trial period. */
	quantity?: 25 | 100;
};
type FleetManagementParms = object;
type IssuanceParms = {
	/** Add on column to store printer cert flag */
	addOn?: string;
	/** The date when the Trial period will end.  The value must be after the start date. If specified, this value cannot be more than 30 days after start date. */
	endDate?: string;
	/** The number of print jobs allowed during the Trial period (required during creation). */
	quantity?: 25 | 100;
	/** The service bundles supported. At least one bundle must be defined. */
	serviceBundles?: ServiceBundle[];
	/** The date when the Trial period starts. This value cannot be in the future. If not specified, it defaults to the current date. */
	startDate?: string;
};
type PrinterParms = object;
type SmsVoiceParms = {
	/** If set to true when updating an SMSVOICE entitlement, the existing entitlement is removed. This attribute is ignored when creating an SMSVOICE entitlement. */
	deleteEntitlement?: boolean;
	/** The date when the entitlement period will end.  The value must be after the start date.  */
	endDate?: string;
	/** The number of SMS/Voice credits allowed during the entitlement period. */
	quantity?: number;
	/** The number of SMS/Voice credits allowed when the entitlement is renewed. */
	renewalQuantity?: number;
	/** The date when the entitlement period starts. This value cannot be in the future. If not specified, it defaults to the current date. */
	startDate?: string;
};
type EntitlementParms = {
	additionalFeatures?: AdditionalFeature;
	/** The contract mode of a tenant (required during creation), allowable values = 'PRODUCTION', 'TRIAL'. */
	contractMode?: "PRODUCTION" | "TRIAL" | "UNKNOWN";
	/** The contract number. */
	contractNumber?: string;
	/** The customer ID. */
	customerId?: string;
	/** The date this entitlement will end.  The value must be after the start date. If not specified, this value defaults to the end date of the service provider's entitlement. */
	endDate?: string;
	/** The entitlement ID. */
	entitlementId?: string;
	flashPass?: FlashPassParms;
	fleetManagement?: FleetManagementParms;
	issuance?: IssuanceParms;
	printer?: PrinterParms;
	/** The number of entitlements assigned to the tenant (required during creation). The service provider must have enough available entitlements to meet this request. */
	quantity?: number;
	/** Whether Smart Card Smart Login is enabled or not. */
	smartLoginEnabled?: boolean;
	smsVoice?: SmsVoiceParms;
	/** The date this entitlement will start.  If not specified, it defaults to the current date.  This value cannot be in the future. */
	startDate?: string;
	/** The status of this entitlement. */
	status?: "ACTIVE" | "INACTIVE" | "TERMINATED";
	/** The subscription line ID. */
	subscriptionLineId?: string;
	/** The type of entitlement.  Currently this value must be USERS.  If not specified, this value defaults to USERS. */
	"type"?: "USERS" | "TRANSACTIONS";
	/** [DEPRECATED] The type of entitlement (ignored if type is provided).  Currently this value must be USERS. If not specified, this value defaults to USERS. */
	usageType?: "USERS" | "TRANSACTIONS";
	/** The entitlement bundles that defines the set of features available for authentication accounts. */
	userBundles?: ServiceBundle[];
	/** The billing type for user entitlements. Defaults to PRE_PAID if not provided. */
	usersBillingType?: "PRE_PAID" | "PAY_PER_USE";
};
type TenantsPage = {
	paging?: Paging;
	/** A single page with the list of tenants found. */
	results: Tenant[];
};
type TenantParms = {
	/** When creating a new tenant as a child of the root service provider set this to true if the tenant is to be an authentication service. If not specified, it defaults to true. You cannot set the authenticate and issuance values to both true or both false. A child of a non-root service provider inherits the value of its service provider and if specified, this value is ignored. */
	authenticationAccount?: boolean;
	/** The country two-letter code (ISO 3166-1) of the location of the company that will own this account. */
	companyCountry?: string;
	/** The name of the company that will own this account.  This value is required. */
	companyName: string;
	/** The province/state two-letter code (postal abbreviation) of the location of the company that will own this account. This value is required for companies in the United States or Canada when the companyCountry attribute is provided. */
	companyState?: string;
	/** The domain for this account. This value is required when creating a tenant */
	domain: string;
	/** When creating a new tenant as a child of the root service provider set this to true if the tenant is to be an issuance service. If not specified, it defaults to false. You cannot set the authenticate and issuance values to both true or both false. A child of a non-root service provider inherits the value of its service provider and if specified, this value is ignored. */
	issuanceAccount?: boolean;
	/** When creating a new tenant set this to true if the tenant is to be a service provider. */
	serviceProvider?: boolean;
};
type CreateTenantParms = {
	adminApiApplication?: AdminApiApplicationParms;
	adminUser: UserParms;
	/** A flag indicating if a welcome email should be delivered.  If not set, it defaults to false. */
	deliverWelcomeEmail?: boolean;
	entitlements?: EntitlementParms;
	tenant: TenantParms;
};
type CreateTenantParmsRead = {
	adminApiApplication?: AdminApiApplicationParms;
	adminUser: UserParmsRead;
	/** A flag indicating if a welcome email should be delivered.  If not set, it defaults to false. */
	deliverWelcomeEmail?: boolean;
	entitlements?: EntitlementParms;
	tenant: TenantParms;
};
/**
* Get account info
*/
declare function getAccoutInfoUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AccountInfo;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update account info
*/
declare function updateAccountInfoUsingPut({ accountInfoParms }: {
	accountInfoParms: AccountInfoParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get all acrs
*/
declare function getAcrsUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Acr[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create an acr
*/
declare function createAcrUsingPost({ acrParms }: {
	acrParms: AcrParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Acr;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get an acr
*/
declare function getAcrUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Acr;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete an acr
*/
declare function removeAcrUsingDelete({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Authenticate to an Admin API application.
*/
declare function authenticateAdminApiUsingPost({ adminApiAuthentication }: {
	adminApiAuthentication: AdminApiAuthentication;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AdminApiAuthenticationResult;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List application information
*/
declare function listApplicationInfoUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: ApplicationInfo[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List Admin API application
*/
declare function listAdminApiApplicationsUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AdminApiApplication[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create Admin API application
*/
declare function createAdminApiApplicationUsingPost({ adminApiApplicationParms }: {
	adminApiApplicationParms: AdminApiApplicationParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AdminApiApplication;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Regenerate Admin API application shared secret
*/
declare function updateAdminApiSharedSecretUsingPut({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: string;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get Admin API application
*/
declare function getAdminApiApplicationUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AdminApiApplication;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update Admin API application
*/
declare function updateAdminApiApplicationUsingPut({ id, adminApiApplicationParms }: {
	id: string;
	adminApiApplicationParms: AdminApiApplicationParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AdminApiApplication;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Remove Admin API application
*/
declare function removeAdminApiApplicationUsingDelete({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List Auth API applications
*/
declare function listAuthApiApplicationsUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AuthApiApplication[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create Auth API application
*/
declare function createAuthApiApplicationUsingPost({ authApiApplicationParms }: {
	authApiApplicationParms: AuthApiApplicationParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AuthApiApplication;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get Auth API application
*/
declare function getAuthApiApplicationUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AuthApiApplication;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update Auth API application
*/
declare function updateAuthApiApplicationUsingPut({ id, authApiApplicationParms }: {
	id: string;
	authApiApplicationParms: AuthApiApplicationParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Remove Auth API application
*/
declare function removeAuthApiApplicationUsingDelete({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List application templates
*/
declare function listApplicationTemplatesUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: ApplicationTemplate[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists a page of assigned tokens asynchronously
*/
declare function assignedTokenPageAsyncUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AsyncOperationStatus;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists a page of unassigned hardware tokens asynchronously
*/
declare function unassignedTokenPageAsyncUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AsyncOperationStatus;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get the result of an asynchronous list assigned tokens operation
*/
declare function assignedTokenPageAsyncResultUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: TokensPage;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get the status of an asynchronous list assigned tokens operation
*/
declare function assignedTokenPageAsyncStatusUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AsyncOperationStatus;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get the result of an asynchronous list unassigned tokens operation
*/
declare function unassignedTokenPageAsyncResultUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: TokensPage;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get the status of an asynchronous list unassigned tokens operation
*/
declare function unassignedTokenPageAsyncStatusUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AsyncOperationStatus;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a directory attribute mapping
*/
declare function getDirectoryAttrMappingUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: DirectoryAttributeMapping;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Authenticate Contact Verification Challenge
*/
declare function contactVerificationAuthenticateUsingPost({ otpVerificationAuthenticateValue }: {
	otpVerificationAuthenticateValue: OtpVerificationAuthenticateValue;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: OtpVerificationAuthenticateResponse;
} | {
	status: 400;
	data: Error;
} | {
	status: 401;
	data: Error;
} | {
	status: 429;
	data: Error;
}>>;
/**
* Get Contact Verification Challenge
*/
declare function contactVerificationChallengeUsingPost({ otpVerificationChallengeValue }: {
	otpVerificationChallengeValue: OtpVerificationChallengeValue;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: OtpVerificationChallengeResponse;
} | {
	status: 400;
	data: Error;
} | {
	status: 401;
	data: Error;
} | {
	status: 429;
	data: Error;
}>>;
/**
* List directories
*/
declare function listDirectoriesUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Directory[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a directory
*/
declare function getDirectoryUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Directory;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List directory attribute mappings
*/
declare function getDirectoryAttrMappingsUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: DirectoryAttributeMapping[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List directory sync settings
*/
declare function getDirectorySyncsUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: DirectorySync[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List directory group filters
*/
declare function getGroupFiltersUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: GroupFilter[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List directory searchbases
*/
declare function getSearchBasesUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SearchBase[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get directory synchronization status
*/
declare function getDirectorySyncStatusInfoUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: DirectorySyncStatusInfo;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get directory synchronization settings
*/
declare function getDirectorySyncUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: DirectorySync;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists domain-based identity providers
*/
declare function listDomainBasedIdentityProvidersUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: IdentityProvider[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get entitlement info
*/
declare function getSubscriberAccountActiveEntitlementsUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AccountEntitlement;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a Face Biometric by UUID
*/
declare function deleteFaceUsingDelete({ faceid }: {
	faceid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Send an activation email for the Face Biometric
*/
declare function sendFaceActivationEmailUsingPut({ faceid }: {
	faceid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Start FIDO token registration
*/
declare function startCreateFidoTokenUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: FidoRegisterChallenge;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Complete FIDO token registration
*/
declare function completeCreateFidoTokenUsingPost({ id, fidoRegisterResponse }: {
	id: string;
	fidoRegisterResponse: FidoRegisterResponse;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: FidoToken;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a FIDO token
*/
declare function getFidoTokenUsingGet({ fidoid }: {
	fidoid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: FidoToken;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update a FIDO token
*/
declare function updateFidoTokenUsingPut({ fidoid, fidoTokenParms }: {
	fidoid: string;
	fidoTokenParms: FidoTokenParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a FIDO token
*/
declare function deleteFidoTokenUsingDelete({ fidoid }: {
	fidoid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get FIDO tokens (paginated)
*/
declare function getFidoTokensPagedUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: FidoTokensPage;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create unassigned grids
*/
declare function createUnassignedGridsUsingPost({ gridCreateParms }: {
	gridCreateParms: GridCreateParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Grid[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get grid properties
*/
declare function getGridPropertiesUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: GridProperties;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Email a grid card to the card owner
*/
declare function deliverAssignedGridByEmailUsingPost({ gridid, emailParms }: {
	gridid: string;
	emailParms?: EmailParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Export a grid to PDF format
*/
declare function getSingleGridExportUsingGet({ gridid }: {
	gridid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: GridExport;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Assign a grid to a user by serial number
*/
declare function assignGridByIdUsingPut({ gridserialnumber, gridAssignParms }: {
	gridserialnumber: string;
	gridAssignParms: GridAssignParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Unassign a grid
*/
declare function unassignGridUsingPut({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists a page of unassigned grids
*/
declare function unassignedGridsPageUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: GridsPage;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get directory group filter
*/
declare function getGroupFilterUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: GroupFilter;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List groups
*/
declare function groupsUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Group[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create a group
*/
declare function createGroupUsingPost({ groupParms }: {
	groupParms: GroupParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Group;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a group by externalId
*/
declare function groupByExternalIdUsingPost({ groupId }: {
	groupId: GroupId;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Group;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a group
*/
declare function groupUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Group;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update a group
*/
declare function updateGroupUsingPut({ id, groupParms }: {
	id: string;
	groupParms: GroupParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Group;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Remove a group
*/
declare function deleteGroupUsingDelete({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List a page of groups
*/
declare function groupsPagedUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: GroupsPage;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists identity providers
*/
declare function listIdentityProvidersUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: IdentityProvider[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists OIDC identity providers
*/
declare function listOidcIdentityProvidersUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: OidcIdentityProvider[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create an OIDC identity provider
*/
declare function createOidcIdentityProviderUsingPost({ oidcIdentityProviderParms }: {
	oidcIdentityProviderParms: OidcIdentityProviderParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: OidcIdentityProvider;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Fetch OIDC Configuration for an OIDC identity provider
*/
declare function fetchOidcConfigurationUsingPost({ oidcConfigurationParms }: {
	oidcConfigurationParms: OidcConfigurationParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: OidcConfigurationResponse;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get an OIDC identity provider
*/
declare function getOidcIdentityProviderUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: OidcIdentityProvider;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update an OIDC identity provider
*/
declare function updateOidcIdentityProviderUsingPut({ id, oidcIdentityProviderParms }: {
	id: string;
	oidcIdentityProviderParms: OidcIdentityProviderParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: OidcIdentityProvider;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete an OIDC identity provider
*/
declare function deleteOidcIdentityProviderUsingDelete({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists SAML identity providers
*/
declare function listSamlIdentityProvidersUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SamlIdentityProvider[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create a SAML identity provider
*/
declare function createSamlIdentityProviderUsingPost({ samlIdentityProviderParms }: {
	samlIdentityProviderParms: SamlIdentityProviderParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SamlIdentityProvider;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Fetch SAML Configuration for a SAML identity provider
*/
declare function fetchSamlConfigurationUsingPost({ samlConfigurationParms }: {
	samlConfigurationParms: SamlConfigurationParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SamlConfigurationResponse;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a SAML identity provider
*/
declare function getSamlIdentityProviderUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SamlIdentityProvider;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update a SAML identity provider
*/
declare function updateSamlIdentityProviderUsingPut({ id, samlIdentityProviderParms }: {
	id: string;
	samlIdentityProviderParms: SamlIdentityProviderParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SamlIdentityProvider;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a SAML identity provider
*/
declare function deleteSamlIdentityProviderUsingDelete({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Download SAML Configuration for a SAML identity provider
*/
declare function getSamlConfigurationUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: string;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create IP location
*/
declare function ipLocationFromIpAddressUsingPost({ ipLocation }: {
	ipLocation: IpLocation;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: IpLocation;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List oauth roles
*/
declare function listOAuthRolesUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: OAuthRole[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create an organization
*/
declare function createOrganizationUsingPost({ organizationParms }: {
	organizationParms: OrganizationParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Organization;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get an organization
*/
declare function getOrganizationUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Organization;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update an organization
*/
declare function updateOrganizationUsingPut({ id, organizationParms }: {
	id: string;
	organizationParms: OrganizationParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Organization;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete an organization
*/
declare function removeOrganizationUsingDelete({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Add user to organization
*/
declare function createUserOrganizationAssociationUsingPost({ orgid, userid }: {
	orgid: string;
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Remove user from organization
*/
declare function deleteUserOrganizationAssociationUsingDelete({ orgid, userid }: {
	orgid: string;
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List a page of organizations
*/
declare function organizationsPagedUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: OrganizationPage;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Creates and returns an OTP
*/
declare function createOtpUsingPost({ otpCreateParms }: {
	otpCreateParms: OtpCreateParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Otp;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List roles
*/
declare function listSiteRolesUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: RoleUser[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a role
*/
declare function getSiteRoleUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Role;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List smart credential definitions
*/
declare function listScDefnsUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: ScDefn[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a smart credential definition by name
*/
declare function getScDefnByNameUsingPost({ scDefnGetParms }: {
	scDefnGetParms: ScDefnGetParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: ScDefn;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List allowed smart credential definitions
*/
declare function listAllowedScDefnsUsingGet({ userId }: {
	userId: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: ScDefn[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a smart credential definition
*/
declare function getScDefnUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: ScDefn;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a searchbase
*/
declare function getSearchBaseUsingGet({ searchbaseid }: {
	searchbaseid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SearchBase;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get Entrust ST Authenticator settings
*/
declare function getEntrustStAuthenticatorSettingsUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: EntrustStAuthenticatorSettings;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update Entrust ST Authenticator settings
*/
declare function updateEntrustStAuthenticatorSettingsUsingPut({ entrustStAuthenticatorSettings }: {
	entrustStAuthenticatorSettings: EntrustStAuthenticatorSettings;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get Onfido account settings used by the Face Biometric authenticator
*/
declare function getFaceAccountSettingsUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: FaceAccountSettings;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update Onfido account settings used by the Face Biometric authenticator
*/
declare function setFaceAccountSettingsUsingPut({ faceAccountSettings }: {
	faceAccountSettings: FaceAccountSettings;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get FIDO settings
*/
declare function getFidoSettingsUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: FidoAuthenticatorSettings;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update FIDO settings
*/
declare function updateFidoSettingsUsingPut({ fidoAuthenticatorSettingsParms }: {
	fidoAuthenticatorSettingsParms: FidoAuthenticatorSettingsParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Fetch Android association file for a FIDO relying party
*/
declare function fetchAndroidAssociationFileUsingPost({ fidoAssociationFileRequest }: {
	fidoAssociationFileRequest: FidoAssociationFileRequest;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: FidoAndroidAssetLinks[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Fetch Apple association file for a FIDO relying party
*/
declare function fetchAppleAssociationFileUsingPost({ fidoAssociationFileRequest }: {
	fidoAssociationFileRequest: FidoAssociationFileRequest;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: FidoAppleAppSiteAssociation;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get general settings
*/
declare function getGeneralSettingsUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: GeneralSettings;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update general settings
*/
declare function updateGeneralSettingsUsingPut({ generalSettings }: {
	generalSettings: GeneralSettings;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get Google Authenticator settings
*/
declare function getGoogleAuthenticatorSettingsUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: GoogleAuthenticatorSettings;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update Google Authenticator settings
*/
declare function updateGoogleAuthenticatorSettingsUsingPut({ googleAuthenticatorSettings }: {
	googleAuthenticatorSettings: GoogleAuthenticatorSettings;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get Password Reset settings
*/
declare function getPasswordResetSettingsUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: PasswordResetSettings;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update Password Reset settings
*/
declare function updatePasswordResetSettingsUsingPut({ passwordResetSettings }: {
	passwordResetSettings: PasswordResetSettings;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create a smart credential
*/
declare function createSmartCredentialUsingPost({ smartCredentialParms }: {
	smartCredentialParms: SmartCredentialParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SmartCredential;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Export a certificate from a smart credential
*/
declare function exportCertificateUsingGet({ id, format }: {
	id: string;
	format: "CA" | "P7" | "CERT";
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: ExportCertificate;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Hold a certificate from a smart credential
*/
declare function holdCertificateUsingPut({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Revoke a certificate from a smart credential
*/
declare function revokeCertificateUsingPut({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Unhold a certificate from a smart credential
*/
declare function unholdCertificateUsingPut({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a smart credential by serial number
*/
declare function getSmartCredentialBySerialNumberUsingGet({ sernum }: {
	sernum: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SmartCredential;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a smart credential
*/
declare function getSmartCredentialUsingGet({ id, revocationInfo }: {
	id: string;
	revocationInfo?: boolean;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SmartCredential;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update a smart credential
*/
declare function updateSmartCredentialUsingPut({ id, smartCredentialParms }: {
	id: string;
	smartCredentialParms: SmartCredentialParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a smart credential
*/
declare function deleteSmartCredentialUsingDelete({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Activate a smart credential
*/
declare function activateSmartCredentialUsingPut({ id, activateSmartCredentialParms }: {
	id: string;
	activateSmartCredentialParms: ActivateSmartCredentialParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: ActivateSmartCredentialResult;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Change smart credential state
*/
declare function changeSmartCredentialStateUsingPut({ id, smartCredentialChangeStateParms }: {
	id: string;
	smartCredentialChangeStateParms: SmartCredentialChangeStateParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Smart credential complete signature
*/
declare function completeSignSmartCredentialUsingPut({ id, smartCredentialCompleteSignParms }: {
	id: string;
	smartCredentialCompleteSignParms: SmartCredentialCompleteSignParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SmartCredentialCompleteSignResponse;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Smart credential start signature
*/
declare function startSignSmartCredentialUsingPut({ id, smartCredentialStartSignParms }: {
	id: string;
	smartCredentialStartSignParms: SmartCredentialStartSignParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SmartCredentialStartSignResponse;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Unassign a smart credential
*/
declare function unassignSmartCredentialUsingPut({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Unblock a smart credential
*/
declare function unblockSmartCredentialUsingPut({ id, smartCredentialUnblockParms }: {
	id: string;
	smartCredentialUnblockParms: SmartCredentialUnblockParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SmartCredentialUnblockResponse;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Synchronize a new user or an existing user
*/
declare function syncUserUsingPost({ syncUserParms }: {
	syncUserParms: SyncUserParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SyncUser;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Unsynchronize an existing user
*/
declare function unsyncUserUsingPost({ unsyncUserParms }: {
	unsyncUserParms: UnsyncUserParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get Tenant Identity Provider and Service Provider OIDC Application for Tenant Management.
*/
declare function getSpIdentityProviderUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SpIdentityProvider;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Set Tenant Identity Provider and Service Provider OIDC Application for Tenant Management
*/
declare function setSpIdentityProviderUsingPut({ id, spIdentityProviderParms }: {
	id: string;
	spIdentityProviderParms: SpIdentityProviderParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: SpIdentityProvider;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a token by serial number
*/
declare function getTokenBySerialNumberUsingGet({ sernum }: {
	sernum: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Token;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a token
*/
declare function getTokenUsingGet({ tokenid }: {
	tokenid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Token;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Modify a token
*/
declare function modifyTokenUsingPut({ tokenid, tokenParms }: {
	tokenid: string;
	tokenParms: TokenParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a token
*/
declare function deleteTokenUsingDelete({ tokenid }: {
	tokenid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Complete token activation
*/
declare function completeActivateTokenUsingPut({ tokenid, activateCompleteParms }: {
	tokenid: string;
	activateCompleteParms: ActivateCompleteParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Start token activation
*/
declare function startActivateTokenUsingPost({ tokenid, activateParms }: {
	tokenid: string;
	activateParms?: ActivateParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: ActivateResult;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Assign token to user
*/
declare function assignTokenByIdUsingPut({ tokenid, assignParms }: {
	tokenid: string;
	assignParms: AssignParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Modify an assigned token
*/
declare function modifyAssignedTokenUsingPut({ tokenid, assignedTokenParms }: {
	tokenid: string;
	assignedTokenParms: AssignedTokenParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Change token state
*/
declare function changeTokenStateUsingPut({ tokenid, changeStateParms }: {
	tokenid: string;
	changeStateParms: ChangeStateParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Reset a token
*/
declare function resetTokenUsingPut({ tokenid, resetParms }: {
	tokenid: string;
	resetParms: ResetParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Unassign a token
*/
declare function unassignTokenUsingPut({ tokenid }: {
	tokenid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Unlock a token
*/
declare function unlockTokenUsingPut({ tokenid, unlockParms }: {
	tokenid: string;
	unlockParms: UnlockParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UnlockResult;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists a page of assigned tokens
*/
declare function assignedTokenPageUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: TokensPage;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists a page of unassigned hardware tokens
*/
declare function unassignedTokenPageUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: TokensPage;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List all transaction rules
*/
declare function getTransactionRulesUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: TransactionRuleDescription[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List user attributes
*/
declare function listUserAttributesUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserAttribute[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create a user attribute
*/
declare function createUserAttributeUsingPost({ userAttributeParms }: {
	userAttributeParms: UserAttributeParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserAttribute;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a user attribute
*/
declare function getUserAttributeUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserAttribute;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Modify a user attribute
*/
declare function modifyUserAttributeUsingPut({ id, userAttributeParms }: {
	id: string;
	userAttributeParms: UserAttributeParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserAttribute;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a user attribute
*/
declare function deleteUserAttributeUsingDelete({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Modify user group membership
*/
declare function modifyUserAuthorizationGroupAssociationsUsingPut({ userid, body }: {
	userid: string;
	body: string[];
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Modify user oauth role membership
*/
declare function modifyUserOAuthRoleAssociationsUsingPut({ userid, body }: {
	userid: string;
	body: string[];
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a list of Knowledge-based questions that a user can answer
*/
declare function getKbaQuestionsUsingGet({ locale }: {
	locale: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserQuestion[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Assign a user to a grid
*/
declare function assignGridBySerialNumberUsingPut({ id, gridAssignParms }: {
	id: string;
	gridAssignParms: GridAssignParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update user state
*/
declare function updateUserStateUsingPut({ id, userChangeStateParms }: {
	id: string;
	userChangeStateParms: UserChangeStateParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Assign user to token
*/
declare function assignTokenBySerialNumberUsingPut({ id, assignParms }: {
	id: string;
	assignParms: AssignParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Unlock user
*/
declare function unlockUserUsingPut({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List expected locations for a user
*/
declare function listUserExpectedLocationsUsingGet({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserExpectedLocations;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Set expected locations for a user
*/
declare function setUserExpectedLocationsUsingPut({ userid, body }: {
	userid: string;
	body: ExpectedLocation[];
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update the Face Biometric for a given user
*/
declare function updateFaceUsingPut({ userid, faceUpdateParms }: {
	userid: string;
	faceUpdateParms: FaceUpdateParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create a Face Biometric for a user
*/
declare function createFaceUsingPost({ userid, faceCreateParms }: {
	userid: string;
	faceCreateParms: FaceCreateParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: FaceAuthenticator;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a list of Face Biometric for a given user
*/
declare function getFacesUsingGet({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: FaceAuthenticator[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete retained knowledge-based authenticator challenges
*/
declare function deleteUserKbaChallengesUsingDelete({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Gets a list of user passwords
*/
declare function getUserNamedPasswordsUsingGet({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserPassword[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List machine authenticators for a user
*/
declare function listMachineAuthenticatorsUsingGet({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserMachineAuthenticator[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create a Machine Authenticator
*/
declare function createMachineAuthenticatorUsingPost({ userid, machineAuthenticatorRegistration }: {
	userid: string;
	machineAuthenticatorRegistration: MachineAuthenticatorRegistration;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: MachineAuthenticatorRegistrationResult;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a Machine Authenticator
*/
declare function deleteMachineAuthenticatorUsingDelete({ userid, id }: {
	userid: string;
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get the Magic Link for a user
*/
declare function getMagicLinkUsingGet({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: MagicLink;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create and get the Magic Link for a user
*/
declare function createMagicLinkUsingPut({ userid, magicLinkCreateParms }: {
	userid: string;
	magicLinkCreateParms: MagicLinkCreateParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: MagicLinkResponse;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete the Magic Link for a given user
*/
declare function deleteMagicLinkUsingDelete({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Modify user organization membership
*/
declare function modifyUserAOrganizationAssociationsUsingPut({ userid, userOrganizationParms }: {
	userid: string;
	userOrganizationParms: UserOrganizationParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update and send a password expiry notification
*/
declare function sendPasswordExpiryNotificationUsingPut({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Validate user password
*/
declare function validateUserPasswordUsingPost({ userid, userPasswordValidationParms }: {
	userid: string;
	userPasswordValidationParms: UserPasswordValidationParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserPasswordValidationResponse;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update and send a password expiry notification using password ID
*/
declare function sendUserNamedPasswordExpiryNotificationUsingPut({ userid, namedpasswordid }: {
	userid: string;
	namedpasswordid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Gets a user password
*/
declare function getUserPasswordUsingGet({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserPassword;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Set a user password
*/
declare function setUserPasswordUsingPut({ userid, userPasswordParms }: {
	userid: string;
	userPasswordParms: UserPasswordParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserPassword;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a user password
*/
declare function deleteUserPasswordUsingDelete({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a user password using the password ID
*/
declare function deleteUserNamedPasswordUsingDelete({ userid, namedpasswordid }: {
	userid: string;
	namedpasswordid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List all site roles assigned to user
*/
declare function getUserRolesUsingGet({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Role[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get site role assigned to user
*/
declare function getUserSiteRoleAssociationUsingGet({ userid, roleid }: {
	userid: string;
	roleid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Role;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Set user role
*/
declare function modifyUserSiteRoleAssociationUsingPut({ userid, roleid }: {
	userid: string;
	roleid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a site role from a user
*/
declare function deleteUserSiteRoleAssociationUsingDelete({ userid, roleid }: {
	userid: string;
	roleid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a users Face Biometric settings
*/
declare function getUserFaceSettingsUsingGet({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserFaceSettings;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Gets a user password settings
*/
declare function getUserPasswordSettingsUsingGet({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserPasswordSettings;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get user password authenticator settings by named password ID
*/
declare function getUserNamedPasswordSettingsUsingGet({ userid, namedpasswordid }: {
	userid: string;
	namedpasswordid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserPasswordSettings;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a temporary access code
*/
declare function getTempAccessCodeUsingGet({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: TempAccessCode;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create a temporary access code
*/
declare function createTempAccessCodeUsingPost({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: TempAccessCode;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a temporary access code
*/
declare function deleteTempAccessCodeUsingDelete({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create a token
*/
declare function createTokenUsingPost({ userid, $type, tokenCreateParms }: {
	userid: string;
	$type: "ENTRUST_PHYSICAL_TOKEN" | "ENTRUST_SOFT_TOKEN" | "GOOGLE_AUTHENTICATOR" | "OATH_PHYSICAL_TOKEN" | "ENTRUST_LEGACY_TOKEN";
	tokenCreateParms?: TokenCreateParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Token;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get user location history
*/
declare function listUserLocationsUsingGet({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserLocation[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete user location history
*/
declare function deleteUserLocationsUsingDelete({ userid, body }: {
	userid: string;
	body: string[];
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get the knowledge-based authenticator
*/
declare function getUserKbaUsingGet({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: KnowledgeBasedAuthenticator;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Modify a knowledge-based authenticator
*/
declare function updateKnowledgeBasedAuthenticatorUsingPut({ userid, knowledgeBasedAuthenticator }: {
	userid: string;
	knowledgeBasedAuthenticator: KnowledgeBasedAuthenticator;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Add a knowledge-based authenticator
*/
declare function addKnowledgeBasedAuthenticatorUsingPost({ userid, knowledgeBasedAuthenticator }: {
	userid: string;
	knowledgeBasedAuthenticator: KnowledgeBasedAuthenticator;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete the knowledge-based authenticator
*/
declare function deleteUserKbaUsingDelete({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a question from the knowledge-based authenticator
*/
declare function deleteUserKbaQuestionUsingDelete({ userid, id }: {
	userid: string;
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get user risk-based authentication settings
*/
declare function getUserRbaSettingsUsingGet({ userid }: {
	userid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserRbaSettings;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update user risk-based authentication settings
*/
declare function updateUserRbaSettingsUsingPut({ userid, userRbaSettings }: {
	userid: string;
	userRbaSettings: UserRbaSettings;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* List webhooks
*/
declare function getWebhooksUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Webhook[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Register a webhook
*/
declare function createWebhookUsingPost({ webhookParms }: {
	webhookParms: WebhookParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Webhook;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Test a webhook
*/
declare function testWebhookUsingPost({ id, webhookTestParms }: {
	id: string;
	webhookTestParms?: WebhookTestParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a webhook by id
*/
declare function readWebhookUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Webhook;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update a webhook
*/
declare function updateWebhookUsingPut({ id, webhookParms }: {
	id: string;
	webhookParms: WebhookParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Webhook;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a webhook
*/
declare function deleteWebhookUsingDelete({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists a page of assigned grids asynchronously
*/
declare function assignedGridsPageAsyncUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AsyncOperationStatus;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists a page of unassigned grids asynchronously
*/
declare function unassignedGridsPageAsyncUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AsyncOperationStatus;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get the result of an asynchronous list assigned grids operation
*/
declare function assignedGridsPageAsyncResultUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: GridsPage;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get the status of an asynchronous list assigned grids operation
*/
declare function assignedGridsPageAsyncStatusUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AsyncOperationStatus;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get the result of an asynchronous list unassigned grids operation
*/
declare function unassignedGridsPageAsyncResultUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: GridsPage;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get the status of an asynchronous list unassigned grids operation
*/
declare function unassignedGridsPageAsyncStatusUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AsyncOperationStatus;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get all authentication flows
*/
declare function getAuthenticationFlowsUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AuthenticationFlow[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create an authentication flow
*/
declare function createAuthenticationFlowUsingPost({ authenticationFlowParms }: {
	authenticationFlowParms: AuthenticationFlowParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AuthenticationFlow;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get an authentication flow
*/
declare function getAuthenticationFlowUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AuthenticationFlow;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update an authentication flow
*/
declare function updateAuthenticationFlowUsingPut({ id, authenticationFlowParms }: {
	id: string;
	authenticationFlowParms: AuthenticationFlowParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AuthenticationFlow;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete an authentication flow
*/
declare function removeAuthenticationFlowUsingDelete({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: DeleteAuthenticationFlowResult;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a grid by serial number
*/
declare function getGridBySerialNumberUsingGet({ sernum }: {
	sernum: number;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Grid;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a grid
*/
declare function getGridUsingGet({ gridid }: {
	gridid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Grid;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Modify unassigned grid
*/
declare function modifyUnassignedGridUsingPut({ gridid, gridParms }: {
	gridid: string;
	gridParms: GridParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a grid
*/
declare function deleteGridUsingDelete({ gridid }: {
	gridid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Change state of grid
*/
declare function changeGridStateUsingPut({ gridid, gridChangeStateParms }: {
	gridid: string;
	gridChangeStateParms: GridChangeStateParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists a page of assigned grids
*/
declare function assignedGridsPageUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: GridsPage;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists a page of audit events
*/
declare function auditEventPageUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AuditEventPage;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists a page of audit events (SIEM)
*/
declare function siemAuditEventPageUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AuditEventPage;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get all resource rules
*/
declare function getResourceRulesUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: ResourceRuleRead[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create a resource rule
*/
declare function createResourceRuleUsingPost({ resourceRuleParms }: {
	resourceRuleParms: ResourceRuleParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: ResourceRuleRead;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get all resource rules for a resource
*/
declare function getResourceRulesForResourceUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: ResourceRuleRead[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a resource rule
*/
declare function getResourceRuleUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: ResourceRuleRead;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update a resource rule
*/
declare function updateResourceRuleUsingPut({ id, resourceRuleParms }: {
	id: string;
	resourceRuleParms: ResourceRuleParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a resource rule
*/
declare function removeResourceRuleUsingDelete({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create a Face Biometric for a user
*/
declare function createFaceAuthenticatorUsingPost({ userid, faceCreateParms }: {
	userid: string;
	faceCreateParms: FaceCreateParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: FaceCreateResponse;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create a grid
*/
declare function createGridUsingPost({ userid, gridCreateParms }: {
	userid: string;
	gridCreateParms?: GridCreateParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Grid;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get OTP authenticator settings
*/
declare function getOtpAuthenticatorSettingsUsingGet(opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: OtpAuthenticatorSettings;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update OTP authenticator settings
*/
declare function updateOtpAuthenticatorSettingsUsingPut({ otpAuthenticatorSettings }: {
	otpAuthenticatorSettings: OtpAuthenticatorSettings;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create a user
*/
declare function createUserUsingPost({ userParms }: {
	userParms: UserParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserRead;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a user by externalId
*/
declare function userByExternalIdUsingPost({ userGetParms }: {
	userGetParms: UserGetParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserRead;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update multiple users
*/
declare function updateUsersUsingPut({ updateUsersParms }: {
	updateUsersParms: UpdateUsersParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UpdateUserResult[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create multiple users
*/
declare function createUsersUsingPost({ createUsersParms }: {
	createUsersParms: CreateUsersParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: CreateUserResultRead[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete multiple users
*/
declare function deleteUsersUsingDelete({ deleteUsersParms }: {
	deleteUsersParms: DeleteUsersParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: DeleteUserResult[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a user by userid or user alias
*/
declare function userByUseridUsingPost({ userGetParms }: {
	userGetParms: UserGetParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserRead;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a user by UUID
*/
declare function userUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UserRead;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Update a user
*/
declare function updateUserUsingPut({ id, userParms }: {
	id: string;
	userParms: UserParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a user
*/
declare function deleteUserUsingDelete({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get the result of an asynchronous tenant creation operation
*/
declare function getCreateTenantAsyncResultUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: CreateTenantResultRead;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get the status of an asynchronous tenant creation operation
*/
declare function getCreateTenantAsyncStatusUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: CreateTenantAsyncStatus;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists a page of users asynchronously
*/
declare function usersPagedAsyncUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AsyncOperationStatus;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get the result of an asynchronous list users operation
*/
declare function usersPagedAsyncResultUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UsersPageRead;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get the status of an asynchronous list users operation
*/
declare function usersPagedAsyncStatusUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: AsyncOperationStatus;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists a page of entitlement usage information
*/
declare function getEntitlementUsageInfoUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UsageInfoPage;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get a tenant
*/
declare function getTenantUsingGet({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Tenant;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete a tenant
*/
declare function removeTenantUsingDelete({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lock a tenant
*/
declare function lockTenantUsingPut({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Unlock a tenant
*/
declare function unlockTenantUsingPut({ id }: {
	id: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get entitlements for tenant
*/
declare function getTenantEntitlementsUsingGet({ tenantid }: {
	tenantid: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Entitlement[];
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Set an entitlement
*/
declare function setTenantEntitlementUsingPut({ tenantid, entitlementParms }: {
	tenantid: string;
	entitlementParms: EntitlementParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Get an entitlement
*/
declare function getTenantEntitlementUsingGet({ tenantid, $type }: {
	tenantid: string;
	$type: "USERS" | "TRANSACTIONS";
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: Entitlement;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Delete an entitlement
*/
declare function deleteTenantEntitlementUsingDelete({ tenantid, $type }: {
	tenantid: string;
	$type: string;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists a page of tenants
*/
declare function getTenantsPageUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: TenantsPage;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Lists a page of users
*/
declare function usersPagedUsingPost({ searchParms }: {
	searchParms: SearchParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: UsersPageRead;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
/**
* Create a tenant asynchronously
*/
declare function createTenantAsyncUsingPost({ createTenantParms }: {
	createTenantParms: CreateTenantParms;
}, opts?: Oazapfts.RequestOpts): Promise<Oazapfts.WithHeaders<{
	status: 200;
	data: CreateTenantAsyncStatus;
} | {
	status: 400;
	data: ErrorInfo;
} | {
	status: 401;
	data: ErrorInfo;
} | {
	status: 403;
	data: ErrorInfo;
} | {
	status: 404;
	data: ErrorInfo;
} | {
	status: 409;
	data: ErrorInfo;
}>>;
export { validateUserPasswordUsingPost, usersPagedUsingPost, usersPagedAsyncUsingPost, usersPagedAsyncStatusUsingGet, usersPagedAsyncResultUsingGet, userUsingGet, userByUseridUsingPost, userByExternalIdUsingPost, updateWebhookUsingPut, updateUsersUsingPut, updateUserUsingPut, updateUserStateUsingPut, updateUserRbaSettingsUsingPut, updateSmartCredentialUsingPut, updateSamlIdentityProviderUsingPut, updateResourceRuleUsingPut, updatePasswordResetSettingsUsingPut, updateOtpAuthenticatorSettingsUsingPut, updateOrganizationUsingPut, updateOidcIdentityProviderUsingPut, updateKnowledgeBasedAuthenticatorUsingPut, updateGroupUsingPut, updateGoogleAuthenticatorSettingsUsingPut, updateGeneralSettingsUsingPut, updateFidoTokenUsingPut, updateFidoSettingsUsingPut, updateFaceUsingPut, updateEntrustStAuthenticatorSettingsUsingPut, updateAuthenticationFlowUsingPut, updateAuthApiApplicationUsingPut, updateAdminApiSharedSecretUsingPut, updateAdminApiApplicationUsingPut, updateAccountInfoUsingPut, unsyncUserUsingPost, unlockUserUsingPut, unlockTokenUsingPut, unlockTenantUsingPut, unholdCertificateUsingPut, unblockSmartCredentialUsingPut, unassignedTokenPageUsingPost, unassignedTokenPageAsyncUsingPost, unassignedTokenPageAsyncStatusUsingGet, unassignedTokenPageAsyncResultUsingGet, unassignedGridsPageUsingPost, unassignedGridsPageAsyncUsingPost, unassignedGridsPageAsyncStatusUsingGet, unassignedGridsPageAsyncResultUsingGet, unassignTokenUsingPut, unassignSmartCredentialUsingPut, unassignGridUsingPut, testWebhookUsingPost, syncUserUsingPost, startSignSmartCredentialUsingPut, startCreateFidoTokenUsingGet, startActivateTokenUsingPost, siemAuditEventPageUsingPost, setUserPasswordUsingPut, setUserExpectedLocationsUsingPut, setTenantEntitlementUsingPut, setSpIdentityProviderUsingPut, setFaceAccountSettingsUsingPut, servers, sendUserNamedPasswordExpiryNotificationUsingPut, sendPasswordExpiryNotificationUsingPut, sendFaceActivationEmailUsingPut, revokeCertificateUsingPut, resetTokenUsingPut, removeTenantUsingDelete, removeResourceRuleUsingDelete, removeOrganizationUsingDelete, removeAuthenticationFlowUsingDelete, removeAuthApiApplicationUsingDelete, removeAdminApiApplicationUsingDelete, removeAcrUsingDelete, readWebhookUsingGet, organizationsPagedUsingPost, modifyUserSiteRoleAssociationUsingPut, modifyUserOAuthRoleAssociationsUsingPut, modifyUserAuthorizationGroupAssociationsUsingPut, modifyUserAttributeUsingPut, modifyUserAOrganizationAssociationsUsingPut, modifyUnassignedGridUsingPut, modifyTokenUsingPut, modifyAssignedTokenUsingPut, lockTenantUsingPut, listUserLocationsUsingGet, listUserExpectedLocationsUsingGet, listUserAttributesUsingGet, listSiteRolesUsingGet, listScDefnsUsingGet, listSamlIdentityProvidersUsingGet, listOidcIdentityProvidersUsingGet, listOAuthRolesUsingGet, listMachineAuthenticatorsUsingGet, listIdentityProvidersUsingGet, listDomainBasedIdentityProvidersUsingGet, listDirectoriesUsingGet, listAuthApiApplicationsUsingGet, listApplicationTemplatesUsingGet, listApplicationInfoUsingGet, listAllowedScDefnsUsingGet, listAdminApiApplicationsUsingGet, ipLocationFromIpAddressUsingPost, holdCertificateUsingPut, groupsUsingGet, groupsPagedUsingPost, groupUsingGet, groupByExternalIdUsingPost, getWebhooksUsingGet, getUserSiteRoleAssociationUsingGet, getUserRolesUsingGet, getUserRbaSettingsUsingGet, getUserPasswordUsingGet, getUserPasswordSettingsUsingGet, getUserNamedPasswordsUsingGet, getUserNamedPasswordSettingsUsingGet, getUserKbaUsingGet, getUserFaceSettingsUsingGet, getUserAttributeUsingGet, getTransactionRulesUsingGet, getTokenUsingGet, getTokenBySerialNumberUsingGet, getTenantsPageUsingPost, getTenantUsingGet, getTenantEntitlementsUsingGet, getTenantEntitlementUsingGet, getTempAccessCodeUsingGet, getSubscriberAccountActiveEntitlementsUsingGet, getSpIdentityProviderUsingGet, getSmartCredentialUsingGet, getSmartCredentialBySerialNumberUsingGet, getSiteRoleUsingGet, getSingleGridExportUsingGet, getSearchBasesUsingGet, getSearchBaseUsingGet, getScDefnUsingGet, getScDefnByNameUsingPost, getSamlIdentityProviderUsingGet, getSamlConfigurationUsingGet, getResourceRulesUsingGet, getResourceRulesForResourceUsingGet, getResourceRuleUsingGet, getPasswordResetSettingsUsingGet, getOtpAuthenticatorSettingsUsingGet, getOrganizationUsingGet, getOidcIdentityProviderUsingGet, getMagicLinkUsingGet, getKbaQuestionsUsingGet, getGroupFiltersUsingGet, getGroupFilterUsingGet, getGridUsingGet, getGridPropertiesUsingGet, getGridBySerialNumberUsingGet, getGoogleAuthenticatorSettingsUsingGet, getGeneralSettingsUsingGet, getFidoTokensPagedUsingPost, getFidoTokenUsingGet, getFidoSettingsUsingGet, getFacesUsingGet, getFaceAccountSettingsUsingGet, getEntrustStAuthenticatorSettingsUsingGet, getEntitlementUsageInfoUsingPost, getDirectoryUsingGet, getDirectorySyncsUsingGet, getDirectorySyncUsingGet, getDirectorySyncStatusInfoUsingGet, getDirectoryAttrMappingsUsingGet, getDirectoryAttrMappingUsingGet, getCreateTenantAsyncStatusUsingGet, getCreateTenantAsyncResultUsingGet, getAuthenticationFlowsUsingGet, getAuthenticationFlowUsingGet, getAuthApiApplicationUsingGet, getAdminApiApplicationUsingGet, getAcrsUsingGet, getAcrUsingGet, getAccoutInfoUsingGet, fetchSamlConfigurationUsingPost, fetchOidcConfigurationUsingPost, fetchAppleAssociationFileUsingPost, fetchAndroidAssociationFileUsingPost, exportCertificateUsingGet, deliverAssignedGridByEmailUsingPost, deleteWebhookUsingDelete, deleteUsersUsingDelete, deleteUserUsingDelete, deleteUserSiteRoleAssociationUsingDelete, deleteUserPasswordUsingDelete, deleteUserOrganizationAssociationUsingDelete, deleteUserNamedPasswordUsingDelete, deleteUserLocationsUsingDelete, deleteUserKbaUsingDelete, deleteUserKbaQuestionUsingDelete, deleteUserKbaChallengesUsingDelete, deleteUserAttributeUsingDelete, deleteTokenUsingDelete, deleteTenantEntitlementUsingDelete, deleteTempAccessCodeUsingDelete, deleteSmartCredentialUsingDelete, deleteSamlIdentityProviderUsingDelete, deleteOidcIdentityProviderUsingDelete, deleteMagicLinkUsingDelete, deleteMachineAuthenticatorUsingDelete, deleteGroupUsingDelete, deleteGridUsingDelete, deleteFidoTokenUsingDelete, deleteFaceUsingDelete, defaults, createWebhookUsingPost, createUsersUsingPost, createUserUsingPost, createUserOrganizationAssociationUsingPost, createUserAttributeUsingPost, createUnassignedGridsUsingPost, createTokenUsingPost, createTenantAsyncUsingPost, createTempAccessCodeUsingPost, createSmartCredentialUsingPost, createSamlIdentityProviderUsingPost, createResourceRuleUsingPost, createOtpUsingPost, createOrganizationUsingPost, createOidcIdentityProviderUsingPost, createMagicLinkUsingPut, createMachineAuthenticatorUsingPost, createGroupUsingPost, createGridUsingPost, createFaceUsingPost, createFaceAuthenticatorUsingPost, createAuthenticationFlowUsingPost, createAuthApiApplicationUsingPost, createAdminApiApplicationUsingPost, createAcrUsingPost, contactVerificationChallengeUsingPost, contactVerificationAuthenticateUsingPost, completeSignSmartCredentialUsingPut, completeCreateFidoTokenUsingPost, completeActivateTokenUsingPut, changeTokenStateUsingPut, changeSmartCredentialStateUsingPut, changeGridStateUsingPut, authenticateAdminApiUsingPost, auditEventPageUsingPost, assignedTokenPageUsingPost, assignedTokenPageAsyncUsingPost, assignedTokenPageAsyncStatusUsingGet, assignedTokenPageAsyncResultUsingGet, assignedGridsPageUsingPost, assignedGridsPageAsyncUsingPost, assignedGridsPageAsyncStatusUsingGet, assignedGridsPageAsyncResultUsingGet, assignTokenBySerialNumberUsingPut, assignTokenByIdUsingPut, assignGridBySerialNumberUsingPut, assignGridByIdUsingPut, addKnowledgeBasedAuthenticatorUsingPost, activateSmartCredentialUsingPut, WebhookTestParms, WebhookParms, WebhookEvent, Webhook, UsersPageRead, UsersPage, UserRead, UserRbaSettings, UserQuestion, UserPasswordValidationResponse, UserPasswordValidationParms, UserPasswordStrength, UserPasswordSettings, UserPasswordParms, UserPasswordDetails, UserPassword, UserParmsRead, UserParms, UserOrganizationParms, UserMachineAuthenticator, UserLocation, UserGetParms, UserFaceSettings, UserExtraAttributeRead, UserExtraAttribute, UserExpectedLocations, UserEntitlement, UserChangeStateParms, UserAuthenticatorLockoutStatus, UserAttributeValue, UserAttributeParms, UserAttribute, UserAlternateEmails, UserAlias, User, UsageInfoPage, UsageInfo, UpdateUsersParmsRead, UpdateUsersParms, UpdateUserResult, UpdateUserParmsRead, UpdateUserParms, UnsyncUserParms, UnlockResult, UnlockParms, TravelVelocityContext, TransactionRuleRisk, TransactionRuleDescription, TransactionDetail, TransactionContext, TokensPage, TokenParms, TokenCreateParms, Token, TenantsPage, TenantParms, Tenant, TempAccessCode, SyncUserParms, SyncUser, SpIdentityProviderParms, SpIdentityProvider, SmsVoiceParms, SmsVoice, SmartCredentialUnblockResponse, SmartCredentialUnblockParms, SmartCredentialStartSignResponse, SmartCredentialStartSignParms, SmartCredentialParms, SmartCredentialCompleteSignResponse, SmartCredentialCompleteSignParms, SmartCredentialChangeStateParms, SmartCredential, ServiceBundle, SearchParms, SearchByAttribute, SearchBase, ScVariableValue, ScDefnVariable, ScDefnGetParms, ScDefn, SamlInfoClaim, SamlIdentityProviderUserVerMatchMapping, SamlIdentityProviderUserAuthMatchMapping, SamlIdentityProviderParms, SamlIdentityProviderAttributeMapping, SamlIdentityProvider, SamlConfigurationResponse, SamlConfigurationParms, RoleUser, Role, ResourceRuleRead, ResourceRuleParms, ResourceRuleNameId, ResourceRule, ResetParms, ProtectedOfflineSettings, PrinterParms, PrinterEntitlement, Permission, PayToPrint, PasswordResetSettings, Paging, OtpVerificationChallengeValue, OtpVerificationChallengeResponse, OtpVerificationAuthenticateValue, OtpVerificationAuthenticateResponse, OtpPreferenceDetails, OtpDeliveryMethod, OtpCreateParms, OtpAuthenticatorSettings, Otp, OrganizationParms, OrganizationPage, Organization, OrderByAttribute, OidcIdentityProviderUserVerMatchMapping, OidcIdentityProviderUserAuthMatchMapping, OidcIdentityProviderParms, OidcIdentityProviderAttributeMapping, OidcIdentityProvider, OidcConfigurationResponse, OidcConfigurationParms, OAuthRole, ModifiedEntityAttribute, MobileFlashPass, MagicLinkResponse, MagicLinkCreateParms, MagicLink, MachineContext, MachineAuthenticatorRegistrationResult, MachineAuthenticatorRegistration, MachineAuthenticator, LoginFlow, LocationHistoryContext, LocationContext, KnowledgeBasedAuthenticator, KbaContext, IssuanceParms, Issuance, IpLocation, IpContext, IdentityProviderExternalGroupMapping, IdentityProvider, GroupsPage, GroupParms, GroupId, GroupFilter, Group, GridsPage, GridProperties, GridParms, GridExport, GridCreateParms, GridChangeStateParms, GridAssignParms, Grid, GoogleAuthenticatorSettings, GeneralSettings, FleetManagementParms, FleetManagement, FlashPassParms, FidoTokensPage, FidoTokenParms, FidoTokenDetails, FidoToken, FidoRegisterResponse, FidoRegisterChallenge, FidoIosOriginSettings, FidoAuthenticatorSettingsParms, FidoAuthenticatorSettings, FidoAssociationFileRequest, FidoAppleAppSiteAssociationWebcredentials, FidoAppleAppSiteAssociation, FidoAndroidOriginSettings, FidoAndroidAssetLinksTargets, FidoAndroidAssetLinks, FidoAllowedRpid, FaceUpdateParms, FaceEncryptedToken, FaceCreateResponse, FaceCreateParms, FaceAuthenticator, FaceAccountSettings, ExportCertificate, ExpectedLocation, ErrorInfo, Error, EntrustStAuthenticatorSettings, EntityAttribute, EntitlementParms, Entitlement, EmailParms, DirectorySyncStatusInfo, DirectorySync, DirectoryConnection, DirectoryAttributeMapping, Directory, DigitalIdConfigVariable, DigitalIdConfigSubjectAltName, DigitalIdConfigCertTemplate, DigitalIdConfig, DigitalIdCert, DigitalId, DeviceCertificateContext, DeleteUsersParms, DeleteUserResult, DeleteUserParms, DeleteAuthenticationFlowResult, DateTimeContext, CreateUsersParmsRead, CreateUsersParms, CreateUserResultRead, CreateUserResult, CreateTenantResultRead, CreateTenantResult, CreateTenantParmsRead, CreateTenantParms, CreateTenantAsyncStatus, CorsOrigin, ChangeStateParms, AuthenticationFlowParms, AuthenticationFlow, AuthApiApplicationParms, AuthApiApplication, AuditEventPage, AuditDetails, AsyncOperationStatus, AssignedTokenParms, AssignParms, ApplicationTemplate, ApplicationResourceRule, ApplicationInfo, AdminApiAuthenticationResult, AdminApiAuthentication, AdminApiApplicationParms, AdminApiApplication, AdditionalFeature, ActivateSmartCredentialResult, ActivateSmartCredentialParms, ActivateResult, ActivateParms, ActivateCompleteParms, AcrParms, Acr, AccountInfoParms, AccountInfo, AccountEntitlement, AccountAuditEvent };
