Instantly share code, notes, and snippets.

@darrenjrobinson darrenjrobinson/Import.ps1 Secret
Created Jan 23, 2019

Embed
What would you like to do?
Microsoft Identity Manager PowerShell Management Agent for SailPoint IdentityNow Roles
param (
$Username,
$Password,
$Credentials,
$OperationType,
[bool] $usepagedimport,
$pagesize
)
$DebugFilePath = "C:\PROGRA~1\MICROS~2\2010\SYNCHR~1\EXTENS~2\SailPo~2\Debug\IDNRolesImport.txt"
if (!(Test-Path $DebugFilePath)) {
$DebugFile = New-Item -Path $DebugFilePath -ItemType File
}
else {
$DebugFile = Get-Item -Path $DebugFilePath
}
"Starting Import as : " + $OperationType + " - " + (Get-Date) | Out-File $DebugFile -Append
"Paged Import : " + $usepagedimport | Out-File $DebugFile -Append
"PageSize : " + $pagesize | Out-File $DebugFile -Append
# IdentityNow Orgname
$Global:orgname = "myIDNOrg"
# IdentityNow Admin User
$adminPWDFile = 'C:\Program Files\Microsoft Forefront Identity Manager\2010\Synchronization Service\Extensions\SailPointRoles\RoleAdminCred.xml'
$RoleAdmin = Import-Clixml -Path $adminPWDFile
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($RoleAdmin.password)
$Global:adminPWDClear = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
$Global:adminUSR = $RoleAdmin.UserName
# Generate the password hash
# Requires Get-Hash from PowerShell Community Extensions (PSCX) Module
# https://www.powershellgallery.com/packages/Pscx/3.2.2
$Global:passwordHash = Get-Hash -Algorithm SHA256 -StringEncoding utf8 -InputObject ($($Global:adminPWDClear) + (Get-Hash -Algorithm SHA256 -StringEncoding utf8 -InputObject ($adminUSR)).HashString.ToLower())
$Global:adminPWD = $passwordHash.ToString().ToLower()
# SailPoint Supplied ClientID and Secret for your Org
$Global:clientIDv3 = $Username
$Global:clientSecretv3 = $Password
# Basic Auth
$Bytesv3 = [System.Text.Encoding]::utf8.GetBytes("$($clientIDv3):$($clientSecretv3)")
$Global:encodedAuthv3 = [Convert]::ToBase64String($Bytesv3)
$Global:Headersv3 = @{Authorization = "Basic $($encodedAuthv3)"}
# Get v3 oAuth Token
# oAuth URI
try {
$Global:oAuthURI = "https://$($Global:orgName).api.identitynow.com/oauth/token"
$Global:v3Token = Invoke-RestMethod -Method Post -Uri "$($Global:oAuthURI)?grant_type=password&username=$($Global:adminUSR)&password=$($Global:adminPWD)" -Headers $Global:Headersv3
} catch {
$_ | Out-File $DebugFile -Append
}
if (!$global:SPRoleObjects) {
# *********************** IMPORT **********************************
# Get Roles
# ****************************************************************
$getRolesURI = "https://$($orgName).api.identitynow.com/cc/api/role/list"
$Roles = Invoke-RestMethod -Method GET -Uri $getRolesURI -Headers @{Authorization = "Bearer $($Global:v3Token.access_token)"}
"Retreiving Roles from SailPoint IdentityNow" | Out-File $DebugFile -Append
"$($Roles.Count) roles found" | Out-File $DebugFile -Append
# Counter to know where we are up to processing the Import
# Starting at minus 1 as our first object is 0 and I'm incrementing at the start of the loop.
[int]$global:objectsImported = -1
# An Array for the retuned objects to go into
$global:SPRoleObjects = @()
# Add in our first objects
$global:SPRoleObjects += $Roles.items
# Set last object ID
$global:lastsourceObjectID = "randomstring"
}
# ********************* Process Rolesinto the MA *******************
[int]$objectpagecount = 0
foreach ($global:IDNRoles in $global:SPRoleObjects) {
$global:Role = $global:SPRoleObjects[$global:objectsImported + 1]
if (!$global:Role -or ($global:objectsImported + 1 -eq $global:SPRoleObjects.count)) {
# nothing left to process
$global:MoreToImport = $false
break
}
if ($global:Role.id) {
$obj = @{}
$obj.Add("id", $global:Role.id)
$obj.Add("objectClass", "Role")
$obj.Add("description", $global:Role.description)
$obj.Add("displayName", $global:Role.displayName)
$obj.Add("name", $global:Role.name)
$obj.Add("identityCount", $global:Role.identityCount)
$obj.Add("disabled", $global:Role.disabled)
$obj.Add("requestable", $global:Role.requestable)
$obj.Add("owner", $global:Role.owner)
# "Role: " + $global:Role.description | Out-File $DebugFile -Append
# Pass the Role Object to the MA
$obj
$objectpagecount++
$global:objectsImported++
"Paged Import User count: " + $objectpagecount | Out-File $DebugFile -Append
"Objects Imported count: " + $global:objectsImported | Out-File $DebugFile -Append
"Objects Remaining count: " + ($global:SPRoleObjects.count - $global:objectsImported - 1) | Out-File $DebugFile -Append
if ($objectpagecount -eq $pagesize) {
$global:MoreToImport = $true
"More to Import: " + $objectpagecount | Out-File $DebugFile -Append
break
}
}
}
# ***********************************************************
#endregion
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment