1. Overview

Domain Purpose:
The IAM domain enables integration between HR Core Beaufort and external Identity & Access Management systems. It provides essential HR data such as personal and contract information to automate security-critical processes like onboarding, offboarding and access provisioning of users in other systems like Active Directory or IDP.

Typical Use Cases:

  • Automating account creation for new employees in IT systems
  • Revoking application or building access when a person changes roles
  • Syncing employee role changes to access control systems
  • Syncing the AD identity with Youforce

Base URL:
https://api.youforce.com/IAM


2. Domain model

IAM Domain model


3. Available endpoints

This is the list of available endpoints for this domain.
Take into account that the endpoints will show the information that has been already processed by BO4. This means that changes in the recent future might be shown in the response of the APIs and not the current value.

Entity Description Access capabilities
Assignments Allocation of specific tasks or duties to an employee within an employment. For example, an employee is assigned to a different department as a temporary replacement or to help another department without changing his own employment. HR Core: Inzet READ
Contact Details It refers to the information used to reach or communicate with a person, such as phone numbers and email addresses. Note that, for reading purposes, this information is available in the Persons endpoint. WRITE
Cost Allocations Regarding the distribution of financial resources or expenses across different departments or projects, it is the information related to the cost center of an employee. An employee can have multiple cost allocations. HR Core: Loonverdeling READ
Employments The formal relationship between an employer and an employee regarding their position within the company. A person can have multiple employments at the same time. HR Core: Dienstverband READ
Employment Timelines The chronological sequence of processed events in BO4 pertaining to an individual’s employment within an organization, including start and end dates. It is based on the history table of Beaufort. The endpoint contains the same fields as the endpoint employments. HR Core: Dienstverband Historie READ
Employment Planned Changes Pending changes to be processed in employment type, organization unit, job profile and amount of hours that will come in the future detailing the start and end dates of the change. Once they are processed, the records will disappear from this endpoint. HR Core: Indirecte Mutaties READ
Job Profiles Different profiles or functions existing for each role within the company. HR Core: Functie READ
Organization Units Distinct business units, departments, divisions, etc within a larger organization that represent functional or geographical areas and how these are related to each other. HR Core: Organisatie eenheden READ
Persons An individual employee or worker within the organization, including some personal details. If the person has never had an employment, it will not be shown in the response. Additionally, if the person has an employment which is out of the historicaldays, then the person won’t be retrieved neither. HR Core: Persoon READ
Role Assignments Role Assignments: Allocation of specific roles or responsibilities to a person within the organization. The role assignment describes “who” is responsible for “what“ and “when“ within the organization unit. HR Core: Rol toewijzing READ
Users Individuals with unique identifiers who have access to an organization’s systems, resources or data and their entitlements. Youforce User account. READWRITE


4. Security and Scopes

All available endpoints are secured using OAuth 2.0 and protected by scopes.

Scope Description Affected endpoints
Youforce-IAM:Get_Basic Grants access to basic employee & organisation data GET /v1.0/assignments
GET /v1.0/costAllocations
GET /v1.0/employments
GET /v1.0/employments/plannedChanges
GET /v1.0/employments/timelines
GET /v1.0/jobProfiles
GET /v1.0/organizationUnits
GET /v1.0/persons
GET /v1.0/roleAssignments
GET /v1.0/users
Youforce-IAM:GetPrivateContactDetails Grants access to private information like address, phone number and email address of the employees GET /v1.0/persons
Extra fields shown: emailAddresses, phoneNumbers, addresses
Youforce-IAM:Write_Basic Enables to write back basic information like e-mail address and phone number to BO4 POST /v1.0/contactDetails/{personCode}
POST /v1.0/contactDetails/bulk
Youforce-IAM:Update_Identity Enables to write back changes in the Identity of the Youforce User PATCH /v1.0/users(employeeId={employeeId})/identity


5. Pagination & Filtering parameters

Learn how to efficiently manage large amounts of information by using pagination and filtering parameters to improve performance and user experience.

Pagination Parameters:

These parameters control the pagination of API results:

  • take: Use this parameter to retrieve a certein amount of registers per call, being the minimun value 1 and the maximum value 1000.
  • skip: Use this parameter to skip a certein amount of records. Use it for offset-based pagination.
  • nextLink: For large paginated responses, if there are more registers than shown in the output, we will provide a continuation token that you can use in the next call to get the next page.

Date Filtering Parameters:

These parameters filter records based on creation or modification dates:

  • from: Use this parameter to filter records based on creation or last modification dates and retrieve records which modification date is greater or equal to the value in the filter.
  • to: Use this parameter to filter records based on creation or last modification dates and retrieve records which modification date is less or equal to the value in the filter

Filters on validity of a record

  • validOn: Use this parameter to filter temporal entities that are valid on a specific date (e.g., contract validity based on its start and end dates). This filter is meant to be used in combination with From and To parameters. For example, with From and To you will get the Employments that are modified in a specific range, and with validOn you will limit the response to the records that are active on a specific date.
    Available endpoints: timelines, assignment and role assignment endpoints.

Other Parameters:

  • isActive: Use this parameter to distinguish between active or deleted records. It doesn’t correspond to the block field in BO4.
    Available for all endpoints.
  • personId, personCode: Use one of these parameters to filter indistinctly by the code of an specific individual.
    Available endpoints: Assignment, CostAllocation, Person, RoleAssignment and PlannedChanged.
  • company: Use this parameter to filter by company field.
    Available endpoints: Employment.
  • organizationUnit: Use this parameter to filter by department or team structure.
    Available endpoints: Employment.
  • shortName: Use this parameter to filter by the short name of an organization unit or job profile depending on the endpoint.
    Available endpoints: JobProfile, RoleAssignment and OrganizationUnit.
  • statusFrom: Use this parameter to filter records based on the status date field and retrieve records which status date is greater or equal to the value in the filter.
    Available endpoints: PlannedChanges.
  • statusTo: Use this parameter to filter records based on the status date field and retrieve records which status date is less or equal to the value in the filter.
    Available endpoints: PlannedChanges.
  • status: Use this parameter to filter records based on the status field. The possible values are: pending, processed, blocked and rejected.
    Available endpoints: PlannedChanges endpoint.


6. Deprecated Endpoints

List of Deprecated Routes:

  • GET /v1.0/EmploymentTimelines:
    This behavior has been incorporated as part of the Employments endpoint –> GET /v1.0/Employments/Timelines
  • GET /v1.0/EmploymentTimelines/{id}:
    This behavior has been incorporated as part of the Employments endpoint –> GET /v1.0/Employments/Timelines/{id}


7. Swagger page

For more detailed information about the endpoints available in this API, please visit the Youforce IAM API Swagger page