Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
SailPoint IdentityNow Security Configuration Report. Associated Blog Post https://blog.darrenjrobinson.com/sailpoint-identitynow-security-configuration-report/
import-module SailPointIdentityNow
Get-IdentityNowOrg
Set-IdentityNowOrg -orgName 'yourOrgName'
# Document IdentityNow Security Configuration
$orgName = (Get-IdentityNowOrg).'Organisation Name'
# Output Path and Image
$reportImagePath = "C:\Reports\SailPoint IdentityNow 240px.png"
$ReportOutputPath = "C:\Reports\IdentityNowConfigReports"
$utime = [int][double]::Parse((Get-Date -UFormat %s))
# IWA
$IWAConfig = Invoke-IdentityNowRequest -uri "https://$($orgName).api.identitynow.com/cc/api/org/getSSOSettings?_dc=$($utime)&config=kerberos" -method Get -headers Headersv3
# Service Provider
$ssoSP = Invoke-IdentityNowRequest -uri "https://$($orgName).api.identitynow.com/cc/api/org/getSSOSettings?_dc=$($utime)&config=saml2-hosted-sp" -method get -headers Headersv3
$ssoIDP = Invoke-IdentityNowRequest -uri "https://$($orgName).api.identitynow.com/cc/api/org/getSSOSettings?_dc=$($utime)&config=saml2-remote-idp" -method get -headers Headersv3
# oAuth API Clients
$oAuthClients = Get-IdentityNowOAuthAPIClient
# v2 Clients
$apiClients = Get-IdentityNowAPIClient
# Global Security Config Settings
$globalSecurityConfig = Invoke-IdentityNowRequest -uri "https://$($orgName).api.identitynow.com/cc/api/org/get?_dc=$($utime)" -method get -headers Headersv3_JSON
try {
$ImageData = [Convert]::ToBase64String((Get-Content $reportImagePath -Encoding Byte))
$ImageFile = Get-Item $reportImagePath
$ImageType = $ImageFile.Extension.Substring(1) #strip off the leading .
$ImageTag = "<Img src='data:image/$ImageType;base64,$($ImageData)' Alt='$($ImageFile.Name)' width='240' height='82' hspace=10>"
}
catch {
Write-Error "Report Image Path/Filename not found"
break
}
$reportDate = get-date -format "dd-MMM-yyyy HH-mm"
# Create Folder for Output in Path provided above with Report Date
$dir = "$($ReportOutputPath)\$($reportDate)"
if (!(Test-Path -Path $dir )) {
New-Item -ItemType directory -Path $dir
}
# Build up the HTML Report
$htmlFragments = @()
# Headings and Title
$top = @"
<center>
<h1>SailPoint IdentityNow Security Settings Configuration Report</h1>
<h2>Organisation - `'$($orgName.ToUpper())`'</h2>
<b><center>$ImageTag</center></b>
</center>
"@
$htmlFragments += $top
$h2Text = "IdentityNow Security Settings Configuration"
$div = $h2Text.Replace(" ", "_")
$htmlFragments += "<center><a href='javascript:toggleDiv(""$div"");' title='click to collapse or expand this section'><h2>$h2Text</h2></a><div id=""$div""><a href='javascript:toggleAll();' title=' Click to toggle all sections'>+ / -</a></center>"
if ($globalSecurityConfig) {
# Global Security Settings
Write-host -ForegroundColor Blue " Global Security Configuration"
# Output template to File
$globalSecurityConfig | Export-Clixml -Path "$($dir)\$($orgName)-Global-SecurityConfig-Details-$($reportDate).xml"
$H3Text = "Global Security Settings Details"
$div = $H3Text.Replace(" ", "_")
$htmlFragments += "<a href='javascript:toggleDiv(""$div"");' title='click to collapse or expand this section'><center><h4>$H3Text</h4></center></a><div id=""$div"" style=""display: none;"">"
$htmlFragments += "<center>"
$attrObjects = $globalSecurityConfig | Get-Member | Where-Object { $_.Definition.contains("Object[]") } | Select-Object
foreach ($attrObj in $attrObjects) {
$attrName = $attrObj.name
$globalSecurityConfig.$attrName = $globalSecurityConfig.$attrName | convertto-json
}
$htmlFragments += $globalSecurityConfig | ConvertTo-Html -As LIST
$htmlFragments += "</center>"
$htmlFragments += "</div>"
}
if ($IWAConfig) {
# IWA Config
Write-host -ForegroundColor Blue " IWA Configuration"
# Output template to File
$IWAConfig | Export-Clixml -Path "$($dir)\$($orgName)-IWA-Details-$($reportDate).xml"
$H3Text = "IWA Configuration Details"
$div = $H3Text.Replace(" ", "_")
$htmlFragments += "<a href='javascript:toggleDiv(""$div"");' title='click to collapse or expand this section'><center><h4>$H3Text</h4></center></a><div id=""$div"" style=""display: none;"">"
$htmlFragments += "<center>"
$attrObjects = $IWAConfig | Get-Member | Where-Object { $_.Definition.contains("Object[]") } | Select-Object
foreach ($attrObj in $attrObjects) {
$attrName = $attrObj.name
#$eTemplate.$attrName = $eTemplate.$attrName -join ','
$IWAConfig.$attrName = $IWAConfig.$attrName | convertto-json
}
$htmlFragments += $IWAConfig | ConvertTo-Html -As LIST
$htmlFragments += "</center>"
$htmlFragments += "</div>"
}
if ($ssoSP) {
# SSO SP Config
Write-host -ForegroundColor Blue " SSO SP Configuration"
# Output template to File
$ssoSP | Export-Clixml -Path "$($dir)\$($orgName)-SSO-SP-Details-$($reportDate).xml"
# Template Details
$H3Text = "SSO SP Configuration Details"
$div = $H3Text.Replace(" ", "_")
$htmlFragments += "<a href='javascript:toggleDiv(""$div"");' title='click to collapse or expand this section'><center><h4>$H3Text</h4></center></a><div id=""$div"" style=""display: none;"">"
$htmlFragments += "<center>"
$attrObjects = $ssoSP | Get-Member | Where-Object { $_.Definition.contains("Object[]") } | Select-Object
foreach ($attrObj in $attrObjects) {
$attrName = $attrObj.name
#$eTemplate.$attrName = $eTemplate.$attrName -join ','
$ssoSP.$attrName = $ssoSP.$attrName | convertto-json
}
$htmlFragments += $ssoSP | ConvertTo-Html -As LIST
$htmlFragments += "</center>"
$htmlFragments += "</div>"
}
if ($ssoIDP) {
# SSO IDP Config
Write-host -ForegroundColor Blue " SSO IDP Configuration"
# Output template to File
$ssoIDP | Export-Clixml -Path "$($dir)\$($orgName)-SSO-IDP-Details-$($reportDate).xml"
# Template Details
$H3Text = "SSO IDP Configuration Details"
$div = $H3Text.Replace(" ", "_")
$htmlFragments += "<a href='javascript:toggleDiv(""$div"");' title='click to collapse or expand this section'><center><h4>$H3Text</h4></center></a><div id=""$div"" style=""display: none;"">"
$htmlFragments += "<center>"
$attrObjects = $ssoIDP | Get-Member | Where-Object { $_.Definition.contains("Object[]") } | Select-Object
foreach ($attrObj in $attrObjects) {
$attrName = $attrObj.name
#$eTemplate.$attrName = $eTemplate.$attrName -join ','
$ssoIDP.$attrName = $ssoIDP.$attrName | convertto-json
}
$htmlFragments += $ssoIDP | ConvertTo-Html -As LIST
$htmlFragments += "</center>"
$htmlFragments += "</div>"
}
if ($oAuthClients) {
# oAuth Clients
Write-host -ForegroundColor Blue " oAuth Clients Configuration"
# Output template to File
$oAuthClients | Export-Clixml -Path "$($dir)\$($orgName)-oAuth-Clients-Details-$($reportDate).xml"
foreach ($oAuthClient in $oAuthClients) {
$H3Text = "oAuth $($oAuthClient.name) Details"
$div = $H3Text.Replace(" ", "_")
$htmlFragments += "<a href='javascript:toggleDiv(""$div"");' title='click to collapse or expand this section'><center><h4>$H3Text</h4></center></a><div id=""$div"" style=""display: none;"">"
$htmlFragments += "<center>"
$attrObjects = $oAuthClient | Get-Member | Where-Object { $_.Definition.contains("Object[]") } | Select-Object
foreach ($attrObj in $attrObjects) {
$attrName = $attrObj.name
#$eTemplate.$attrName = $eTemplate.$attrName -join ','
$oAuthClient.$attrName = $oAuthClient.$attrName | convertto-json
}
$htmlFragments += $oAuthClient | ConvertTo-Html -As LIST
$htmlFragments += "</center>"
$htmlFragments += "</div>"
}
}
if ($apiClients) {
# API Clients
Write-host -ForegroundColor Blue " API Clients Configuration"
# Output template to File
$apiClients | Export-Clixml -Path "$($dir)\$($orgName)-API-Clients-Details-$($reportDate).xml"
$i = 0
foreach ($apiClient in $apiClients) {
if ($apiClient.description) {
$H3Text = "API $($apiClient.description) Details"
} else {
$i++
$H3Text = "API $($i) Details"
}
$div = $H3Text.Replace(" ", "_")
$htmlFragments += "<a href='javascript:toggleDiv(""$div"");' title='click to collapse or expand this section'><center><h4>$H3Text</h4></center></a><div id=""$div"" style=""display: none;"">"
$htmlFragments += "<center>"
$attrObjects = $apiClient | Get-Member | Where-Object { $_.Definition.contains("Object[]") } | Select-Object
foreach ($attrObj in $attrObjects) {
$attrName = $attrObj.name
#$eTemplate.$attrName = $eTemplate.$attrName -join ','
$apiClient.$attrName = $apiClient.$attrName | convertto-json
}
$htmlFragments += $apiClient | ConvertTo-Html -As LIST
$htmlFragments += "</center>"
$htmlFragments += "</div>"
}
}
# Footer
$htmlFragments += "<center><p class='footer'>Report Generated $($reportDate)</p></center>"
# Header
$head = @"
<Title>SailPoint IdentityNow Security Settings Report - $($orgName.ToUpper())</Title>
<style>
body {background-color:#ffffff; font:70%/1.5em Lato,sans-serif; padding:10px }
td,th {padding-left:8px}
th {color:black; background-color:cornflowerblue;}
table {border-spacing:1px; border-collapse:collapse; background:#F7F6F6; border-radius:6px; overflow:hidden; max-width:480px; width:70%; margin:0 auto; position:relative;}
table, tr, td, th {padding: 10px; margin: 0px ;white-space:pre; word-break:break-all; width:70%;}
tr:nth-child(even) {background-color:#dae5f4;}
tr:nth-child(odd) {background:#b8d1f3;}
thead tr {height:60px;background:#367AB1;color:#F5F6FA;font-size:1.2em;font-weight:700;text-transform:uppercase}
tbody tr {height:35px;border-bottom:1px solid #367AB1; word-break:break-all; text-transform:capitalize; font-size:1em;}
h1 {font-family:Tahoma;color:#A9A9A9;}
h2 {font-family:Tahoma;color:#6D7B8D;}
h3 {font-family:Tahoma;color:#6D7B8D;}
.alert {color: red;}
.footer {color:green; margin-left:10px; font-family:Tahoma; font-size:8pt; font-style:italic;}
.transparent {background-color:#ffffff;}
</style>
<script type='text/javascript' src='https://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js'>
</script>
<script type='text/javascript'>
function toggleDiv(divId) {
`$("#"+divId).toggle();
}
function toggleAll() {
var divs = document.getElementsByTagName('div');
for (var i = 0; i < divs.length; i++) {
var div = divs[i];
`$("#"+div.id).toggle();
}
}
</script>
"@
# Output the Report
$convertParams = @{
head = $head
body = $htmlFragments
}
convertto-html @convertParams | out-file -FilePath "$($dir)\$($orgName)-SecurityConfigReport-$($reportDate).html"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.