> ## Documentation Index > Fetch the complete documentation index at: https://conductorone-docs-mcp-bridge-private-server.mintlify.site/llms.txt > Use this file to discover all available pages before exploring further. # Create > Creates a new request catalog. ## OpenAPI ````yaml https://spec.speakeasy.com/conductor-one/conductorone/my-source-with-code-samples post /api/v1/catalogs openapi: 3.1.0 info: description: The C1 API is a HTTP API for managing C1 resources. title: C1 API version: 0.1.0-alpha servers: - description: The C1 API server for the current tenant. url: https://{tenantDomain}.conductor.one variables: tenantDomain: default: example description: The domain of the tenant to use for this request. security: - bearerAuth: [] oauth: [] paths: /api/v1/catalogs: post: tags: - Request Catalog summary: Create description: Creates a new request catalog. operationId: c1.api.requestcatalog.v1.RequestCatalogManagementService.Create requestBody: content: application/json: schema: $ref: >- #/components/schemas/c1.api.requestcatalog.v1.RequestCatalogManagementServiceCreateRequest responses: '200': content: application/json: schema: $ref: >- #/components/schemas/c1.api.requestcatalog.v1.RequestCatalogManagementServiceGetResponse description: >- The request catalog management service get response returns a request catalog view with the expanded items in the expanded array indicated by the expand mask in the request. x-codeSamples: - lang: go label: Create source: "package main\n\nimport(\n\t\"context\"\n\t\"github.com/conductorone/conductorone-sdk-go/pkg/models/shared\"\n\tconductoronesdkgo \"github.com/conductorone/conductorone-sdk-go\"\n\t\"log\"\n)\n\nfunc main() {\n ctx := context.Background()\n\n s := conductoronesdkgo.New(\n conductoronesdkgo.WithSecurity(shared.Security{\n BearerAuth: \"\",\n Oauth: \"\",\n }),\n )\n\n res, err := s.RequestCatalogManagement.Create(ctx, nil)\n if err != nil {\n log.Fatal(err)\n }\n if res.RequestCatalogManagementServiceGetResponse != nil {\n // handle response\n }\n}" - lang: typescript label: Typescript (SDK) source: >- import { ConductoroneSDKTypescript } from "conductorone-sdk-typescript"; const conductoroneSDKTypescript = new ConductoroneSDKTypescript({ security: { bearerAuth: "", oauth: "", }, }); async function run() { const result = await conductoroneSDKTypescript.requestCatalogManagement.create(); console.log(result); } run(); components: schemas: c1.api.requestcatalog.v1.RequestCatalogManagementServiceCreateRequest: description: Create a request catalog. properties: annotations: additionalProperties: type: string description: |- Bounded key/value metadata bag for IaC marking and customer tags. See .rfcs/object-annotations.md §2. Limits: ≤16 entries; keys 1–128 chars matching ^[A-Za-z][A-Za-z0-9._/-]{0,127}$; values 0–256 chars matching URL-safe ASCII; total serialized ≤4096 bytes. Keys starting with `c1/` are reserved for server-managed use and rejected on write. Well-known keys: `managed_by`, `iac_workspace`, `iac_resource_address`, `iac_tool_version`. type: object x-speakeasy-terraform-plan-modifier: imports: - >- github.com/conductorone/terraform-provider-conductorone/internal/annotations schemaDefinition: annotations.PlanModifier() description: description: The description of the new request catalog. type: - string - 'null' displayName: description: The display name of the new request catalog. type: - string - 'null' enrollmentBehavior: description: >- Defines how to handle the request policies of the entitlements in the catalog during enrollment. enum: - REQUEST_CATALOG_ENROLLMENT_BEHAVIOR_UNSPECIFIED - >- REQUEST_CATALOG_ENROLLMENT_BEHAVIOR_BYPASS_ENTITLEMENT_REQUEST_POLICY - >- REQUEST_CATALOG_ENROLLMENT_BEHAVIOR_ENFORCE_ENTITLEMENT_REQUEST_POLICY type: - string - 'null' x-speakeasy-unknown-values: allow expandMask: oneOf: - $ref: >- #/components/schemas/c1.api.requestcatalog.v1.RequestCatalogExpandMask - type: 'null' published: description: Whether or not the new catalog should be created as published. type: - boolean - 'null' requestBundle: description: >- Whether all the entitlements in the catalog can be requests at once. Your tenant must have the bundles feature to use this. type: - boolean - 'null' unenrollmentBehavior: description: >- Defines how to handle the revocation of the entitlements in the catalog during unenrollment. enum: - REQUEST_CATALOG_UNENROLLMENT_BEHAVIOR_UNSPECIFIED - REQUEST_CATALOG_UNENROLLMENT_BEHAVIOR_LEAVE_ACCESS_AS_IS - REQUEST_CATALOG_UNENROLLMENT_BEHAVIOR_REVOKE_ALL - REQUEST_CATALOG_UNENROLLMENT_BEHAVIOR_REVOKE_UNJUSTIFIED type: - string - 'null' x-speakeasy-unknown-values: allow unenrollmentEntitlementBehavior: description: >- Defines how to handle the revoke policies of the entitlements in the catalog during unenrollment. enum: - REQUEST_CATALOG_UNENROLLMENT_ENTITLEMENT_BEHAVIOR_UNSPECIFIED - REQUEST_CATALOG_UNENROLLMENT_ENTITLEMENT_BEHAVIOR_BYPASS - REQUEST_CATALOG_UNENROLLMENT_ENTITLEMENT_BEHAVIOR_ENFORCE type: - string - 'null' x-speakeasy-unknown-values: allow visibleToEveryone: description: Whether or not the new catalog is visible to everyone by default. type: - boolean - 'null' required: - displayName title: Request Catalog Management Service Create Request type: object x-speakeasy-entity: Access_Profile x-speakeasy-name-override: RequestCatalogManagementServiceCreateRequest c1.api.requestcatalog.v1.RequestCatalogManagementServiceGetResponse: description: >- The request catalog management service get response returns a request catalog view with the expanded items in the expanded array indicated by the expand mask in the request. properties: expanded: description: List of serialized related objects. items: additionalProperties: true description: >- Contains an arbitrary serialized message along with a @type that describes the type of the serialized message. properties: '@type': description: The type of the serialized message. type: string type: object type: - array - 'null' requestCatalogView: oneOf: - $ref: '#/components/schemas/c1.api.requestcatalog.v1.RequestCatalogView' - type: 'null' title: Request Catalog Management Service Get Response type: object x-speakeasy-name-override: RequestCatalogManagementServiceGetResponse c1.api.requestcatalog.v1.RequestCatalogExpandMask: description: >- The RequestCatalogExpandMask includes the paths in the catalog view to expand in the return value of this call. properties: paths: description: >- An array of paths to be expanded in the response. May be any combination of "*", "created_by_user_id", "app_ids", and "access_entitlements". items: type: string type: - array - 'null' title: Request Catalog Expand Mask type: object x-speakeasy-name-override: RequestCatalogExpandMask c1.api.requestcatalog.v1.RequestCatalogView: description: >- The request catalog view contains the serialized request catalog and paths to objects referenced by the request catalog. properties: accessEntitlementsPath: description: >- JSONPATH expression indicating the location of the access entitlement objects, that the request catalog allows users to request, in the array. type: - string - 'null' createdByUserPath: description: >- JSONPATH expression indicating the location of the User object, that created the request catalog, in the array. type: - string - 'null' memberCount: description: Total number of the members of the catalog format: int64 type: - string - 'null' requestCatalog: oneOf: - $ref: '#/components/schemas/c1.api.requestcatalog.v1.RequestCatalog' - type: 'null' title: Request Catalog View type: object x-speakeasy-name-override: RequestCatalogView c1.api.requestcatalog.v1.RequestCatalog: description: >- The RequestCatalog is used for managing which entitlements are requestable, and who can request them. properties: accessEntitlements: description: >- An array of app entitlements that, if the user has, can view the contents of this catalog. items: $ref: '#/components/schemas/c1.api.app.v1.AppEntitlement' type: - array - 'null' annotations: additionalProperties: type: string description: |- Bounded key/value metadata bag for IaC marking and customer tags. See .rfcs/object-annotations.md §2. Limits: ≤16 entries; keys 1–128 chars matching ^[A-Za-z][A-Za-z0-9._/-]{0,127}$; values 0–256 chars URL-safe ASCII; total serialized ≤ 4096 bytes. Keys matching ^c1/ are reserved. Well-known keys: `managed_by`, `iac_workspace`, `iac_resource_address`, `iac_tool_version`. type: object x-speakeasy-terraform-plan-modifier: imports: - >- github.com/conductorone/terraform-provider-conductorone/internal/annotations schemaDefinition: annotations.PlanModifier() createdAt: format: date-time readOnly: true type: - string - 'null' createdByUserId: description: The id of the user this request catalog was created by. type: - string - 'null' deletedAt: format: date-time readOnly: true type: - string - 'null' description: description: The description of the request catalog. type: - string - 'null' displayName: description: The display name of the request catalog. type: - string - 'null' enrollmentBehavior: description: >- Defines how to handle the request policies of the entitlements in the catalog during enrollment. enum: - REQUEST_CATALOG_ENROLLMENT_BEHAVIOR_UNSPECIFIED - >- REQUEST_CATALOG_ENROLLMENT_BEHAVIOR_BYPASS_ENTITLEMENT_REQUEST_POLICY - >- REQUEST_CATALOG_ENROLLMENT_BEHAVIOR_ENFORCE_ENTITLEMENT_REQUEST_POLICY type: - string - 'null' x-speakeasy-unknown-values: allow id: description: The id of the request catalog. type: - string - 'null' published: description: Whether or not this catalog is published. type: - boolean - 'null' requestBundle: description: >- Whether all the entitlements in the catalog can be requests at once. Your tenant must have the bundles feature to use this. type: - boolean - 'null' unenrollmentBehavior: description: >- Defines how to handle the revocation of the entitlements in the catalog during unenrollment. enum: - REQUEST_CATALOG_UNENROLLMENT_BEHAVIOR_UNSPECIFIED - REQUEST_CATALOG_UNENROLLMENT_BEHAVIOR_LEAVE_ACCESS_AS_IS - REQUEST_CATALOG_UNENROLLMENT_BEHAVIOR_REVOKE_ALL - REQUEST_CATALOG_UNENROLLMENT_BEHAVIOR_REVOKE_UNJUSTIFIED type: - string - 'null' x-speakeasy-unknown-values: allow unenrollmentEntitlementBehavior: description: >- Defines how to handle the revoke policies of the entitlements in the catalog during unenrollment. enum: - REQUEST_CATALOG_UNENROLLMENT_ENTITLEMENT_BEHAVIOR_UNSPECIFIED - REQUEST_CATALOG_UNENROLLMENT_ENTITLEMENT_BEHAVIOR_BYPASS - REQUEST_CATALOG_UNENROLLMENT_ENTITLEMENT_BEHAVIOR_ENFORCE type: - string - 'null' x-speakeasy-unknown-values: allow updatedAt: format: date-time readOnly: true type: - string - 'null' visibleToEveryone: description: If this is true, the access entitlement requirement is ignored. type: - boolean - 'null' title: Request Catalog type: object x-speakeasy-entity: Access_Profile x-speakeasy-name-override: RequestCatalog c1.api.app.v1.AppEntitlement: description: > The app entitlement represents one permission in a downstream App (SAAS) that can be granted. For example, GitHub Read vs GitHub Write. This message contains a oneof named max_grant_duration. Only a single field of the following list may be set at a time: - durationUnset - durationGrant properties: alias: description: >- The alias of the app entitlement used by Cone. Also exact-match queryable. type: - string - 'null' annotations: additionalProperties: type: string description: |- Bounded key/value metadata bag for IaC marking and customer tags. See .rfcs/object-annotations.md §2. Limits: ≤16 entries; keys 1–128 chars matching ^[A-Za-z][A-Za-z0-9._/-]{0,127}$; values 0–256 chars URL-safe ASCII; total serialized ≤ 4096 bytes. Keys matching ^c1/ are reserved. Well-known keys: `managed_by`, `iac_workspace`, `iac_resource_address`, `iac_tool_version`. type: object x-speakeasy-terraform-plan-modifier: imports: - >- github.com/conductorone/terraform-provider-conductorone/internal/annotations schemaDefinition: annotations.PlanModifier() appId: description: The ID of the app that is associated with the app entitlement. type: - string - 'null' appResourceId: description: >- The ID of the app resource that is associated with the app entitlement type: - string - 'null' appResourceTypeId: description: >- The ID of the app resource type that is associated with the app entitlement type: - string - 'null' certifyPolicyId: description: >- The ID of the policy that will be used for certify tickets related to the app entitlement. type: - string - 'null' complianceFrameworkValueIds: description: >- The IDs of different compliance frameworks associated with this app entitlement ex (SOX, HIPAA, PCI, etc.) items: type: string type: - array - 'null' createdAt: format: date-time readOnly: true type: - string - 'null' defaultValuesApplied: description: >- Flag to indicate if app-level access request defaults have been applied to the entitlement type: - boolean - 'null' deletedAt: format: date-time readOnly: true type: - string - 'null' deprovisionerPolicy: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.ProvisionPolicy' - type: 'null' description: description: The description of the app entitlement. type: - string - 'null' displayName: description: The display name of the app entitlement. type: - string - 'null' durationGrant: format: duration type: - string - 'null' durationUnset: type: - object - 'null' emergencyGrantEnabled: description: >- This enables tasks to be created in an emergency and use a selected emergency access policy. type: - boolean - 'null' emergencyGrantPolicyId: description: >- The ID of the policy that will be used for emergency access grant tasks. type: - string - 'null' externalId: description: >- The upstream product's native external ID for this entitlement (e.g. an Okta group ID). Populated from the connector's external ID during sync. readOnly: true type: - string - 'null' grantCount: description: The amount of grants open for this entitlement format: int64 readOnly: true type: - string - 'null' grantPolicyId: description: >- The ID of the policy that will be used for grant tickets related to the app entitlement. type: - string - 'null' id: description: The unique ID for the App Entitlement. readOnly: true type: - string - 'null' isAutomationEnabled: description: >- Flag to indicate whether automation (for adding users to entitlement based on rules) has been enabled. readOnly: true type: - boolean - 'null' isManuallyManaged: description: Flag to indicate if the app entitlement is manually managed. type: - boolean - 'null' matchBatonId: description: >- An identifier used to match this entitlement to a connector-synced entitlement during sync. type: - string - 'null' overrideAccessRequestsDefaults: description: >- Flag to indicate if the app-level access request settings have been overridden for the entitlement type: - boolean - 'null' provisionerPolicy: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.ProvisionPolicy' - type: 'null' purpose: description: >- The purpose of this entitlement (e.g., assignment, permission, ownership). enum: - APP_ENTITLEMENT_PURPOSE_VALUE_UNSPECIFIED - APP_ENTITLEMENT_PURPOSE_VALUE_ASSIGNMENT - APP_ENTITLEMENT_PURPOSE_VALUE_PERMISSION - APP_ENTITLEMENT_PURPOSE_VALUE_OWNERSHIP type: - string - 'null' x-speakeasy-unknown-values: allow requestSchemaId: description: The ID of the request schema associated with this app entitlement. type: - string - 'null' revokePolicyId: description: >- The ID of the policy that will be used for revoke tickets related to the app entitlement type: - string - 'null' riskLevelValueId: description: The ID of the risk level assigned to this entitlement. type: - string - 'null' slug: description: >- The slug is displayed as an oval next to the name in the frontend of C1, it tells you what permission the entitlement grants. See https://www.conductorone.com/docs/product/admin/entitlements/ type: - string - 'null' sourceConnectorIds: additionalProperties: type: string description: Map to tell us which connector the entitlement came from. type: object systemBuiltin: description: This field indicates if this is a system builtin entitlement. readOnly: true type: - boolean - 'null' updatedAt: format: date-time readOnly: true type: - string - 'null' userEditedMask: type: - string - 'null' title: App Entitlement type: object x-speakeasy-entity: Custom App Entitlement x-speakeasy-name-override: AppEntitlement c1.api.policy.v1.ProvisionPolicy: description: > ProvisionPolicy is a oneOf that indicates how a provision step should be processed. This message contains a oneof named typ. Only a single field of the following list may be set at a time: - connector - manual - delegated - webhook - multiStep - externalTicket - unconfigured - action properties: action: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.ActionProvision' - type: 'null' connector: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.ConnectorProvision' - type: 'null' delegated: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.DelegatedProvision' - type: 'null' externalTicket: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.ExternalTicketProvision' - type: 'null' manual: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.ManualProvision' - type: 'null' multiStep: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.MultiStep' - type: 'null' unconfigured: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.UnconfiguredProvision' - type: 'null' webhook: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.WebhookProvision' - type: 'null' title: Provision Policy type: object x-speakeasy-name-override: ProvisionPolicy c1.api.policy.v1.ActionProvision: description: >- This provision step indicates that account lifecycle action should be called to provision this entitlement. properties: actionName: description: The actionName field. type: - string - 'null' appId: description: The appId field. type: - string - 'null' connectorId: description: The connectorId field. type: - string - 'null' displayName: description: The displayName field. type: - string - 'null' title: Action Provision type: object x-speakeasy-name-override: ActionProvision c1.api.policy.v1.ConnectorProvision: description: > Indicates that a connector should perform the provisioning. This object has no fields. This message contains a oneof named provision_type. Only a single field of the following list may be set at a time: - defaultBehavior - account - deleteAccount properties: account: oneOf: - $ref: >- #/components/schemas/c1.api.policy.v1.ConnectorProvision.AccountProvision - type: 'null' defaultBehavior: oneOf: - $ref: >- #/components/schemas/c1.api.policy.v1.ConnectorProvision.DefaultBehavior - type: 'null' deleteAccount: oneOf: - $ref: >- #/components/schemas/c1.api.policy.v1.ConnectorProvision.DeleteAccount - type: 'null' title: Connector Provision type: object x-speakeasy-name-override: ConnectorProvision c1.api.policy.v1.DelegatedProvision: description: >- This provision step indicates that we should delegate provisioning to the configuration of another app entitlement. This app entitlement does not have to be one from the same app, but MUST be configured as a proxy binding leading into this entitlement. properties: appId: description: The AppID of the entitlement to delegate provisioning to. type: - string - 'null' entitlementId: description: The ID of the entitlement we are delegating provisioning to. type: - string - 'null' implicit: description: >- If true, a binding will be automatically created from the entitlement of the parent app. type: - boolean - 'null' title: Delegated Provision type: object x-speakeasy-name-override: DelegatedProvision c1.api.policy.v1.ExternalTicketProvision: description: >- This provision step indicates that we should check an external ticket to provision this entitlement properties: appId: description: The appId field. type: - string - 'null' connectorId: description: The connectorId field. type: - string - 'null' externalTicketProvisionerConfigId: description: The externalTicketProvisionerConfigId field. type: - string - 'null' instructions: description: >- This field indicates a text body of instructions for the provisioner to indicate. type: - string - 'null' title: External Ticket Provision type: object x-speakeasy-name-override: ExternalTicketProvision c1.api.policy.v1.ManualProvision: description: >- Manual provisioning indicates that a human must intervene for the provisioning of this step. properties: assignee: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.ProvisionerAssignment' - type: 'null' instructions: description: >- This field indicates a text body of instructions for the provisioner to indicate. type: - string - 'null' userIds: description: |- An array of users that are required to provision during this step. Deprecated: Use assignee field instead for dynamic provisioner assignment. items: type: string type: - array - 'null' title: Manual Provision type: object x-speakeasy-name-override: ManualProvision c1.api.policy.v1.MultiStep: description: >- MultiStep indicates that this provision step has multiple steps to process. properties: provisionSteps: description: The array of provision steps to process. items: $ref: '#/components/schemas/c1.api.policy.v1.ProvisionPolicy' type: - array - 'null' title: Multi Step type: object x-speakeasy-name-override: MultiStep c1.api.policy.v1.UnconfiguredProvision: description: The UnconfiguredProvision message. title: Unconfigured Provision type: object x-speakeasy-name-override: UnconfiguredProvision c1.api.policy.v1.WebhookProvision: description: >- This provision step indicates that a webhook should be called to provision this entitlement. properties: webhookId: description: The ID of the webhook to call for provisioning. type: - string - 'null' title: Webhook Provision type: object x-speakeasy-name-override: WebhookProvision c1.api.policy.v1.ConnectorProvision.AccountProvision: description: > The AccountProvision message. This message contains a oneof named storage_type. Only a single field of the following list may be set at a time: - saveToVault - doNotSave properties: config: additionalProperties: true type: - object - 'null' connectorId: description: The connectorId field. type: - string - 'null' doNotSave: oneOf: - $ref: >- #/components/schemas/c1.api.policy.v1.ConnectorProvision.DoNotSave - type: 'null' saveToVault: oneOf: - $ref: >- #/components/schemas/c1.api.policy.v1.ConnectorProvision.SaveToVault - type: 'null' schemaId: description: The schemaId field. type: - string - 'null' title: Account Provision type: object x-speakeasy-name-override: AccountProvision c1.api.policy.v1.ConnectorProvision.DefaultBehavior: description: The DefaultBehavior message. properties: connectorId: description: >- this checks if the entitlement is enabled by provisioning in a specific connector this can happen automatically and doesn't need any extra info type: - string - 'null' title: Default Behavior type: object x-speakeasy-name-override: DefaultBehavior c1.api.policy.v1.ConnectorProvision.DeleteAccount: description: The DeleteAccount message. properties: connectorId: description: The connectorId field. type: - string - 'null' title: Delete Account type: object x-speakeasy-name-override: DeleteAccount c1.api.policy.v1.ProvisionerAssignment: description: > ProvisionerAssignment defines how a provisioner is dynamically assigned. This message contains a oneof named typ. Only a single field of the following list may be set at a time: - users - appOwners - group - manager - expression - entitlementOwners properties: appOwners: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.AppOwnerProvisioner' - type: 'null' entitlementOwners: oneOf: - $ref: >- #/components/schemas/c1.api.policy.v1.EntitlementOwnerProvisioner - type: 'null' expression: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.ExpressionProvisioner' - type: 'null' group: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.GroupProvisioner' - type: 'null' manager: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.ManagerProvisioner' - type: 'null' users: oneOf: - $ref: '#/components/schemas/c1.api.policy.v1.UserProvisioner' - type: 'null' title: Provisioner Assignment type: object x-speakeasy-name-override: ProvisionerAssignment c1.api.policy.v1.ConnectorProvision.DoNotSave: description: The DoNotSave message. title: Do Not Save type: object x-speakeasy-name-override: DoNotSave c1.api.policy.v1.ConnectorProvision.SaveToVault: description: The SaveToVault message. properties: vaultIds: description: The vaultIds field. items: type: string type: - array - 'null' title: Save To Vault type: object x-speakeasy-name-override: SaveToVault c1.api.policy.v1.AppOwnerProvisioner: description: AppOwnerProvisioner resolves to app owners. properties: allowReassignment: description: Whether the provisioner can reassign the task. type: - boolean - 'null' fallbackUserIds: description: Fallback user IDs if no app owners are found. items: type: string type: - array - 'null' title: App Owner Provisioner type: object x-speakeasy-name-override: AppOwnerProvisioner c1.api.policy.v1.EntitlementOwnerProvisioner: description: EntitlementOwnerProvisioner resolves to entitlement owners. properties: allowReassignment: description: Whether the provisioner can reassign the task. type: - boolean - 'null' fallbackUserIds: description: Fallback user IDs if no entitlement owners are found. items: type: string type: - array - 'null' title: Entitlement Owner Provisioner type: object x-speakeasy-name-override: EntitlementOwnerProvisioner c1.api.policy.v1.ExpressionProvisioner: description: >- ExpressionProvisioner evaluates CEL expressions to determine provisioners. properties: allowReassignment: description: Whether the provisioner can reassign the task. type: - boolean - 'null' expressions: description: The CEL expressions to evaluate. items: type: string type: - array - 'null' fallbackUserIds: description: Fallback user IDs if expression evaluation yields no users. items: type: string type: - array - 'null' title: Expression Provisioner type: object x-speakeasy-name-override: ExpressionProvisioner c1.api.policy.v1.GroupProvisioner: description: GroupProvisioner resolves to members of a specific group. properties: allowReassignment: description: Whether the provisioner can reassign the task. type: - boolean - 'null' appGroupId: description: The app group ID (entitlement ID). type: - string - 'null' appId: description: The app ID containing the group. type: - string - 'null' fallbackUserIds: description: Fallback user IDs if no group members are found. items: type: string type: - array - 'null' title: Group Provisioner type: object x-speakeasy-name-override: GroupProvisioner c1.api.policy.v1.ManagerProvisioner: description: ManagerProvisioner resolves to the user's manager. properties: allowReassignment: description: Whether the provisioner can reassign the task. type: - boolean - 'null' fallbackUserIds: description: Fallback user IDs if no manager is found. items: type: string type: - array - 'null' title: Manager Provisioner type: object x-speakeasy-name-override: ManagerProvisioner c1.api.policy.v1.UserProvisioner: description: UserProvisioner assigns specific users as provisioners. properties: allowReassignment: description: Whether the provisioner can reassign the task. type: - boolean - 'null' userIds: description: The user IDs to assign as provisioners. items: type: string type: - array - 'null' title: User Provisioner type: object x-speakeasy-name-override: UserProvisioner securitySchemes: bearerAuth: scheme: bearer type: http oauth: description: >- This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the [c1TokenSource.Token()](https://github.com/ConductorOne/conductorone-sdk-go/blob/3375fe7c0126d17e7ec4e711693dee7b791023aa/token_source.go#L101-L187) function. flows: clientCredentials: scopes: {} tokenUrl: /auth/v1/token type: oauth2 ````