Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save darrenjrobinson/3ea6d8bbb07dfbb736acbc66c75afd9a to your computer and use it in GitHub Desktop.
Save darrenjrobinson/3ea6d8bbb07dfbb736acbc66c75afd9a to your computer and use it in GitHub Desktop.
Create and Activate a SailPoint IdentityNow Manager Certification Campaign. Supporting Blog Post can be found here https://blog.darrenjrobinson.com/creating-sailpoint-identitynow-certification-campaigns-using-powershell/
# Create Campaign URI
$createCampaignURI = "https://$($orgName).api.identitynow.com/cc/api/campaign/create"
# Get Campaign Base URI
$GetCampaignBaseURI = "https://$($orgName).api.identitynow.com/cc/api/campaign/get"
# Activate Campaign URI
$activateCampaignURI = "https://$($orgName).api.identitynow.com/cc/api/campaign/activate"
# Search Limit. 2500
$searchLimit = '2500'
# Search Identities URI
$searchURI = "https://$($orgName).api.identitynow.com/v2/search/identities?"
# Query for Source that Campaign is for
$query = '@accounts(Active Directory)'
# Search Accounts
$Accounts = Invoke-RestMethod -Method Get -Uri "$($searchURI)limit=$($searchLimit)&query=$($query)" -Headers @{Authorization = "Basic $($encodedAuth)" }
write-host -ForegroundColor Yellow "Search returned $($accounts.Count) account(s)"
# Get Campaign Reviewer in addition to the campaign creator
$usrQuery = '@accounts Rick.Sanchez'
$reviewerUser = Invoke-RestMethod -Method Get -Uri "$($searchURI)limit=$($searchLimit)&query=$($usrQuery)" -Headers @{Authorization = "Basic $($encodedAuth)" }
$roles = @()
$entitlements = @()
$accessProfiles = @()
foreach ($identity in $Accounts) {
write-host ""
Write-host "Details for $($identity.name)"
write-host " $($identity.source.name) : $($identity.displayName)"
foreach ($source in $identity.access) {
if ($source.type.Equals("ROLE")) {
$roles += $source.id
write-host -ForegroundColor Yellow " Source: $($source.displayName) Access Type: $($source.type)"
}
if ($source.type.Equals("ENTITLEMENT")) {
$entitlements += $source.id
write-host -ForegroundColor Yellow " Source: $($source.displayName) Access Type: $($source.type)"
}
if ($source.type.Equals("ACCESS_PROFILE")) {
$accessProfiles += $source.id
write-host -ForegroundColor Yellow " Source: $($source.displayName) Access Type: $($source.type)"
}
}
}
$roles = $roles | Select-Object -Unique
$entitlements = $entitlements | Select-Object -Unique
$accessProfiles = $accessProfiles | Select-Object -Unique
# Campaign Inclusions from Identity Results
# Access Profiles, Roles and Entitlments
$inclusionList = @()
# ROLES
foreach ($role in $roles) {
$InclusionTemplate = [pscustomobject][ordered]@{
id = $role
type = "ROLE"
}
$inclusionList += $InclusionTemplate
}
# ENTITLEMENTS
foreach ($entitlement in $entitlements) {
$InclusionTemplate = [pscustomobject][ordered]@{
id = $entitlement
type = "ENTITLEMENT"
}
$inclusionList += $InclusionTemplate
}
# ACCESS PROFILES
foreach ($accessProfile in $accessProfiles) {
$InclusionTemplate = [pscustomobject][ordered]@{
id = $accessProfile
type = "ACCESS_PROFILE"
}
$inclusionList += $InclusionTemplate
}
$e = $inclusionList | select-object -Property type | Where-Object {$_.type -eq "ENTITLEMENT"}
$a = $inclusionList | select-object -Property type | Where-Object {$_.type -eq "ACCESS_PROFILE"}
$r = $inclusionList | select-object -Property type | Where-Object {$_.type -eq "ROLE"}
write-host -ForegroundColor Blue "Campaign scope covers $($r.type.count) Role(s), $($e.type.count) Entitlement(s) and $($a.type.count) Access Profile(s)."
# Create Campaign
$campaignOptions = @{}
$campaignOptions.Add("type", "Identity")
$campaignOptions.Add("timeZone", "GMT+1100")
$campaignOptions.Add("name", "Nov 2018 Campaign")
$campaignOptions.Add("allowAutoRevoke", $false)
$campaignOptions.Add("deadline", "2018-11-30")
$campaignOptions.Add("description", "November Active Directory 2018")
$campaignOptions.Add("disableEmail", $false)
$campaignOptions.Add("identityIdList", @())
$campaignOptions.Add("identityQueryString", $query)
$campaignOptions.Add("staticReviewerId", $reviewerUser.id )
$campaignOptions.Add("accessInclusionList", $inclusionList)
$campaignBody = $campaignOptions | ConvertTo-Json
If ($campaignBody) {
# Create Campaign
$createResult = Invoke-RestMethod -Method Post -uri $createCampaignURI -Body $campaignBody -WebSession $IDN
start-sleep -Seconds 10
if ($createResult) {
$GetCampaignURI = "$($GetCampaignBaseURI)/$($createResult.id)"
$IDN.Headers.Remove("Content-Type")
# Get Campaign
$campaignStatus = Invoke-RestMethod -Method Get -Uri $GetCampaignURI -WebSession $IDN
if ($campaignStatus.status.Equals("Staged")) {
try {
# Activate Campaign
$activateBody = "campaignId=$($createResult.id)&timeZone=GMT%2B11%3A00"
Invoke-RestMethod -Method Post -Uri $activateCampaignURI -Body $activateBody -WebSession $IDN
write-host -ForegroundColor Blue "Campaign $($createResult.description) successfully created and started."
}
catch {
write-host -ForegroundColor Red "Campaign $($createResult.description) was not successfully started."
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment