Instantly share code, notes, and snippets.

Embed
What would you like to do?
Bulk Update SailPoint IdentityNow Entities Manager Attribute via API and PowerShell. Associated Blog Post https://blog.darrenjrobinson.com/lifecycle-management-of-identities-in-sailpoint-identitynow-via-api-and-powershell/
# Your API Client ID
$clientID = 'yourClientID'
# Your API Client Secret
$clientSecret = 'yourClientSecret'
$Bytes = [System.Text.Encoding]::utf8.GetBytes("$($clientID):$($clientSecret)")
$encodedAuth = [Convert]::ToBase64String($Bytes)
# Your IdentityNow Tenant Name
$orgName = 'yourTenantOrgName'
$searchLimit = '1000'
# Source Name in IdentityNow that contains the Accounts that will be updated
$sourceName = "External Entities"
# Queries for all users in NSW to update with a Manager
$query = 'attributes.state:NSW'
# Search URI
$URI = "https://$($orgName).api.identitynow.com/v2/search/identities?"
# Update Accounts Base URI
$updateBaseURI = "https://$($orgName).api.identitynow.com/v2/accounts/"
# Search Accounts to update Mgr for
$searchResults = Invoke-RestMethod -Method Get -Uri "$($URI)limit=$($searchLimit)&query=$($query)" -Headers @{Authorization = "Basic $($encodedAuth)" }
write-host "$($searchResults.Count) found"
# Mgr to find
$manager = "Rick Sanchez"
$queryManager = "attributes.displayName:" + '"' + "$($manager)" + '"'
# Search for Manager
$mgrSearchResults = Invoke-RestMethod -Method Get -Uri "$($URI)limit=$($searchLimit)&query=$($queryManager)" -Headers @{Authorization = "Basic $($encodedAuth)" }
write-host "$($mgrSearchResults.Count) found"
if ($mgrSearchResults.Count -eq 1) {
foreach ($identity in $mgrSearchResults) {
Write-host "Manager $($identity.displayName)"
$mgrID = $null
foreach ($account in $mgrSearchResults.accounts) {
If ($account.source.name.Equals($sourceName)) {
$mgrId = $account.accountId
}
}
}
}
# Update Users with Manager
foreach ($identity in $SearchResults) {
Write-host "Updating Manager for: $($identity.displayName)"
$id = $null
foreach ($account in $identity.accounts) {
If ($account.source.name.Equals($sourceName)) {
$id = $account.id
}
}
if ($id -and $mgrid) {
$updateURI = "$updateBaseURI$($id)?org=$($orgName)"
$body = @{
"manager" = $mgrId
}
$body = $body | ConvertTo-Json
try {
Invoke-RestMethod -Uri $updateURI -Method Patch -Body $body -Headers @{Authorization = "Basic $($encodedAuth)"; 'Content-Type' = 'application/json' }
}
catch {
write-host -forgroundcolor yellow "Well, that didn't work. Check your script"
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment