Last active
November 15, 2018 20:35
-
-
Save darrenjrobinson/3ea6d8bbb07dfbb736acbc66c75afd9a to your computer and use it in GitHub Desktop.
Create and Activate a SailPoint IdentityNow Manager Certification Campaign. Supporting Blog Post can be found here https://blog.darrenjrobinson.com/creating-sailpoint-identitynow-certification-campaigns-using-powershell/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Create Campaign URI | |
| $createCampaignURI = "https://$($orgName).api.identitynow.com/cc/api/campaign/create" | |
| # Get Campaign Base URI | |
| $GetCampaignBaseURI = "https://$($orgName).api.identitynow.com/cc/api/campaign/get" | |
| # Activate Campaign URI | |
| $activateCampaignURI = "https://$($orgName).api.identitynow.com/cc/api/campaign/activate" | |
| # Search Limit. 2500 | |
| $searchLimit = '2500' | |
| # Search Identities URI | |
| $searchURI = "https://$($orgName).api.identitynow.com/v2/search/identities?" | |
| # Query for Source that Campaign is for | |
| $query = '@accounts(Active Directory)' | |
| # Search Accounts | |
| $Accounts = Invoke-RestMethod -Method Get -Uri "$($searchURI)limit=$($searchLimit)&query=$($query)" -Headers @{Authorization = "Basic $($encodedAuth)" } | |
| write-host -ForegroundColor Yellow "Search returned $($accounts.Count) account(s)" | |
| # Get Campaign Reviewer in addition to the campaign creator | |
| $usrQuery = '@accounts Rick.Sanchez' | |
| $reviewerUser = Invoke-RestMethod -Method Get -Uri "$($searchURI)limit=$($searchLimit)&query=$($usrQuery)" -Headers @{Authorization = "Basic $($encodedAuth)" } | |
| $roles = @() | |
| $entitlements = @() | |
| $accessProfiles = @() | |
| foreach ($identity in $Accounts) { | |
| write-host "" | |
| Write-host "Details for $($identity.name)" | |
| write-host " $($identity.source.name) : $($identity.displayName)" | |
| foreach ($source in $identity.access) { | |
| if ($source.type.Equals("ROLE")) { | |
| $roles += $source.id | |
| write-host -ForegroundColor Yellow " Source: $($source.displayName) Access Type: $($source.type)" | |
| } | |
| if ($source.type.Equals("ENTITLEMENT")) { | |
| $entitlements += $source.id | |
| write-host -ForegroundColor Yellow " Source: $($source.displayName) Access Type: $($source.type)" | |
| } | |
| if ($source.type.Equals("ACCESS_PROFILE")) { | |
| $accessProfiles += $source.id | |
| write-host -ForegroundColor Yellow " Source: $($source.displayName) Access Type: $($source.type)" | |
| } | |
| } | |
| } | |
| $roles = $roles | Select-Object -Unique | |
| $entitlements = $entitlements | Select-Object -Unique | |
| $accessProfiles = $accessProfiles | Select-Object -Unique | |
| # Campaign Inclusions from Identity Results | |
| # Access Profiles, Roles and Entitlments | |
| $inclusionList = @() | |
| # ROLES | |
| foreach ($role in $roles) { | |
| $InclusionTemplate = [pscustomobject][ordered]@{ | |
| id = $role | |
| type = "ROLE" | |
| } | |
| $inclusionList += $InclusionTemplate | |
| } | |
| # ENTITLEMENTS | |
| foreach ($entitlement in $entitlements) { | |
| $InclusionTemplate = [pscustomobject][ordered]@{ | |
| id = $entitlement | |
| type = "ENTITLEMENT" | |
| } | |
| $inclusionList += $InclusionTemplate | |
| } | |
| # ACCESS PROFILES | |
| foreach ($accessProfile in $accessProfiles) { | |
| $InclusionTemplate = [pscustomobject][ordered]@{ | |
| id = $accessProfile | |
| type = "ACCESS_PROFILE" | |
| } | |
| $inclusionList += $InclusionTemplate | |
| } | |
| $e = $inclusionList | select-object -Property type | Where-Object {$_.type -eq "ENTITLEMENT"} | |
| $a = $inclusionList | select-object -Property type | Where-Object {$_.type -eq "ACCESS_PROFILE"} | |
| $r = $inclusionList | select-object -Property type | Where-Object {$_.type -eq "ROLE"} | |
| write-host -ForegroundColor Blue "Campaign scope covers $($r.type.count) Role(s), $($e.type.count) Entitlement(s) and $($a.type.count) Access Profile(s)." | |
| # Create Campaign | |
| $campaignOptions = @{} | |
| $campaignOptions.Add("type", "Identity") | |
| $campaignOptions.Add("timeZone", "GMT+1100") | |
| $campaignOptions.Add("name", "Nov 2018 Campaign") | |
| $campaignOptions.Add("allowAutoRevoke", $false) | |
| $campaignOptions.Add("deadline", "2018-11-30") | |
| $campaignOptions.Add("description", "November Active Directory 2018") | |
| $campaignOptions.Add("disableEmail", $false) | |
| $campaignOptions.Add("identityIdList", @()) | |
| $campaignOptions.Add("identityQueryString", $query) | |
| $campaignOptions.Add("staticReviewerId", $reviewerUser.id ) | |
| $campaignOptions.Add("accessInclusionList", $inclusionList) | |
| $campaignBody = $campaignOptions | ConvertTo-Json | |
| If ($campaignBody) { | |
| # Create Campaign | |
| $createResult = Invoke-RestMethod -Method Post -uri $createCampaignURI -Body $campaignBody -WebSession $IDN | |
| start-sleep -Seconds 10 | |
| if ($createResult) { | |
| $GetCampaignURI = "$($GetCampaignBaseURI)/$($createResult.id)" | |
| $IDN.Headers.Remove("Content-Type") | |
| # Get Campaign | |
| $campaignStatus = Invoke-RestMethod -Method Get -Uri $GetCampaignURI -WebSession $IDN | |
| if ($campaignStatus.status.Equals("Staged")) { | |
| try { | |
| # Activate Campaign | |
| $activateBody = "campaignId=$($createResult.id)&timeZone=GMT%2B11%3A00" | |
| Invoke-RestMethod -Method Post -Uri $activateCampaignURI -Body $activateBody -WebSession $IDN | |
| write-host -ForegroundColor Blue "Campaign $($createResult.description) successfully created and started." | |
| } | |
| catch { | |
| write-host -ForegroundColor Red "Campaign $($createResult.description) was not successfully started." | |
| } | |
| } | |
| } | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment