Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save darrenjrobinson/dfbf7470212fb295fc13c6608d91c0f1 to your computer and use it in GitHub Desktop.
Save darrenjrobinson/dfbf7470212fb295fc13c6608d91c0f1 to your computer and use it in GitHub Desktop.
Jupyter PowerShell Notebook for SailPoint IdentityNow PowerShell Module Examples. Associated blogpost https://blog.darrenjrobinson.com/release-1-1-0-sailpoint-identitynow-powershell-module-example-jupyter-notebook/
Display the source blob
Display the rendered blob
Raw
{
"cells": [
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Disclaimer\n",
"*I am not a SailPoint employee. I wrote this for our needs and am sharing it with the community.\n",
"Please use with caution. These cmdlets come with full functionality. Use this power responsibly <b>AND AT YOUR OWN RISK.</b>* \n",
"\n",
"## Introduction\n",
"\n",
"This PowerShell Jupyter Notebook provides examples of syntax for the SailPoint IdentityNow PowerShell Module. \n",
"\n",
"If you are new to PowerShell Jupyter Notebooks, see [this guide](https://blog.darrenjrobinson.com/getting-started-with-local-powershell-jupyter-notebook/) to get a local PowerShell Notebook environment configured. \n",
"\n",
"<b>Download this notebook</b> to your local Jupyter environment and test IdentityNow PowerShell Module commands against your SailPoint IdentityNow environmnent(s). \n",
"\n",
"This notebook has been formatted into sections based on IdentityNow functionality. Within each section you will find examples of the syntax for the associated cmdlets. Select a cell with a command, update any of the parameters if required and select <b>Run</b> from the menu bar above.\n",
"\n",
"*Note* if this is the first time your are running the SailPoint IdentityNow PowerShell Module you will need to work through <b>Section 1 - Install and Import Module</b> and <b>Section 2 - Configure SailPoint IdentityNow Credentials</b> up to <b>Save Credentials Configuration</b> before any of the examples in this notebook will work. \n",
"\n",
"\n",
"# Contents\n",
"1 [Install and Import Module](#install)\n",
"\n",
"\n",
"2 [Configure SailPoint IdentityNow Credentials](#creds)\n",
" - Set IdentityNow Organisation Name\n",
" - Set IdentityNow Admin Account Username and Password\n",
" - Set IdentityNow v3 API Credentials\n",
" - Generate v2 Credentials and update configuration with v2 Credentials\n",
" - Validate v2 and v3 Credentials\n",
" - Create a Personal Access Token\n",
" - Save Credentials Configuration\n",
" - Get IdentityNow Personal Access Tokens\n",
" - Create IdentityNow Personal Access Token\n",
" - Remove IdentityNow Personal Access Token\n",
" - Get / Remove API Management Clients (Legacy v2)\n",
" - Remove API Management Clients (Legacy v2)\n",
" - Get oAuth API Clients (v3)\n",
" - Remove oAuth API Clients (v3) \n",
" \n",
" \n",
"3 [Organisation Settings](#orgSettings)\n",
" - Organisation Configuration\n",
" - Update an IdentityNow Organisation (Global Reminders & Escalation Policy\n",
" - IdentityNow Queue\n",
" - IdentityNow Active Jobs\n",
" - Org Status\n",
" - TimeZone \n",
" \n",
" \n",
"4 [Sources](#sources)\n",
" - Get Sources\n",
" - Get Account Profiles associated with a Source\n",
" - Get the Schema of an IdentityNow Source\n",
" - Update a Source description\n",
" - Test an IdentityNow Source (Health Check)\n",
" - Create an IdentityNow Source\n",
" - Create IdentityNow Source Account Schema Attributes\n",
" - Join IdentityNow Account\n",
" - Reset an IdentityNow Source \n",
" \n",
" \n",
"5 [Source Accounts - Delimited and Flat File Sources](#flatfileaccounts)\n",
" - Create IdentityNow Source Account\n",
" - Update IdenitytNow Source Account\n",
" - Remove IdentityNow Source Account \n",
" \n",
" \n",
"6 [Search](#search)\n",
" - Search IdentityNow Users\n",
" - Search IdentityNow Users Profiles\n",
" - Search IdentityNow Entitlements\n",
" - Search IdentityNow Identities\n",
" - Search Events (Beta) - Elasticsearch\n",
" \n",
" \n",
"7 [Access Profiles](#accessprofiles)\n",
" - Get IdentityNow Access Profiles\n",
" - Create IdentityNow Access Profile\n",
" - Update IdentityNow Access Profile\n",
" - Remove IdentityNow Access Profile\n",
" \n",
" \n",
"8 [Governance Groups](#governancegroups)\n",
" - Get IdentityNow Governance Groups\n",
" - Create IdentityNow Governance Group\n",
" - Update IdentityNow Governance Group\n",
" - Remove IdentityNow Governance Group\n",
" \n",
" \n",
"9 [Roles](#roles)\n",
" - Get IdentityNow Roles\n",
" - Create IdentityNow Roles\n",
" - Update IdentityNow Roles\n",
" - Remove IdentityNow Roles\n",
" \n",
" \n",
"10 [Transforms](#transforms)\n",
" - Get IdentityNow Transforms\n",
" - Create IdentityNow Transforms\n",
" - Update IdentityNow Transforms\n",
" - Test-IdentityNowTransforms\n",
" - Remove IdentityNow Transforms\n",
" \n",
" \n",
"11 [Rules](#rules)\n",
" - Get IdentityNow Rules\n",
" \n",
" \n",
"12 [Identity Profiles](#identityprofiles)\n",
" - Get IdentityNow Identity Profiles\n",
" - Create IdentityNow Identity Profiles\n",
" - Refresh an IdentityNow Identity Profile\n",
" - Get IdentityNow Profiles Order\n",
" - Update IdentityNow Profiles Order\n",
" - Remove IdentityNow Identity Profiles\n",
" \n",
" \n",
"13 [Identity Attributes](#identityattributes)\n",
" - Get Identity Attributes\n",
" - Update Identity Attributes\n",
" \n",
" \n",
"14 [Account Activities](#accountactivities)\n",
" - Get Account Activity\n",
" \n",
" \n",
"15 [Tasks](#tasks)\n",
" - Get IdentityNow Tasks\n",
" - Complete IdentityNow Tasks\n",
" \n",
" \n",
"16 [Certifications](#certifications)\n",
" - Get IdentityNow Certification Campaigns\n",
" - Create IdentityNow Certification Campaigns\n",
" - Start IdentityNow Certification Campaigns\n",
" - [Certification Reports](#reports)\n",
" \n",
" \n",
"17 [Email Templates](#mailtemplates)\n",
" - Get IdentityNow Templates\n",
" - Update IdentityNow Templates\n",
" \n",
" \n",
"18 [Virtual Appliances and Clusters](#clusters)\n",
" - Get Virtual Applicance Cluster\n",
" \n",
" \n",
"19 [Applications](#applications)\n",
" - Get IdentityNow Applications\n",
" - Update IdentityNow Applications\n",
" \n",
" \n",
"20 [Invoke IdentityNow Request](#invokerequest)\n",
" - API based IdentityNow Requests for functions that don't have a cmdlet\n",
" \n",
" \n",
"21 [Reports](#reports)\n",
" - Generate IdentityNow Sources Configuration Report\n",
" - Generate IdentityNow Identity Profiles Configuration Report\n",
" - Get IdentityNow Certification Campaign Reports"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Install and Import SailPoint IdentityNow Module <a name=\"install\"></a>\n",
"\n",
"Install the latest version of the [SailPoint IdentityNow PowerShell Module](https://www.powershellgallery.com/packages/SailPointIdentityNow) from the PowerShell Gallery. Once you have the PowerShell Module installed you can comment out the first line below. \n",
"\n",
"*#install-module SailPointIdentityNow -force*\n",
"\n",
"Import the SailPoint IdentityNow Module to the local Jupyter environment. "
]
},
{
"cell_type": "code",
"execution_count": 1,
"metadata": {},
"outputs": [
{
"data": {
"text/html": [
"<script type=\"text/javascript\">#!javascript\r\n",
"if ((typeof(requirejs) !== typeof(Function)) || (typeof(requirejs.config) !== typeof(Function))) { \r\n",
" let script = document.createElement(\"script\"); \r\n",
" script.setAttribute(\"src\", \"https://cdnjs.cloudflare.com/ajax/libs/require.js/2.3.6/require.min.js\"); \r\n",
" script.onload = function(){\r\n",
" loadDotnetInteractiveApi();\r\n",
" };\r\n",
" document.getElementsByTagName(\"head\")[0].appendChild(script); \r\n",
"}\r\n",
"else {\r\n",
" loadDotnetInteractiveApi();\r\n",
"}\r\n",
"\r\n",
"function loadDotnetInteractiveApi(){\r\n",
" let apiRequire = requirejs.config({context:\"dotnet-interactive.25616.52844\",paths:{dotnetInteractive:\"http://localhost:52844/resources/dotnet-interactive\"}});\r\n",
" apiRequire(['dotnetInteractive'], \r\n",
" function(api) { \r\n",
" api.createDotnetInteractiveClient(\"http://localhost:52844/\", window);\r\n",
" },\r\n",
" function(error){\r\n",
" console.log(error);\r\n",
" });\r\n",
"}</script>"
]
},
"metadata": {},
"output_type": "display_data"
}
],
"source": [
"install-module SailPointIdentityNow -force\n",
"import-module SailPointIdentityNow"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Inspect Module Version and cmdlets"
]
},
{
"cell_type": "code",
"execution_count": 2,
"metadata": {
"scrolled": true
},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"\n",
"ModuleType Version PreRelease Name ExportedCommands\n",
"---------- ------- ---------- ---- ----------------\n",
"Script 1.1.1 SailPointIdentityNow {Complete-IdentityNowTask, Co…\n",
"\n"
]
}
],
"source": [
"get-module SailPointIdentityNow "
]
},
{
"cell_type": "code",
"execution_count": 3,
"metadata": {},
"outputs": [
{
"name": "stdout",
"output_type": "stream",
"text": [
"\n",
"Name\n",
"----\n",
"Complete-IdentityNowTask\n",
"Convert-UnixTime\n",
"Get-HashString\n",
"Get-IdentityNowAccessProfile\n",
"Get-IdentityNowAccountActivities\n",
"Get-IdentityNowAccountActivity\n",
"Get-IdentityNowActiveJobs\n",
"Get-IdentityNowAPIClient\n",
"Get-IdentityNowApplication\n",
"Get-IdentityNowAuth\n",
"Get-IdentityNowCertCampaign\n",
"Get-IdentityNowCertCampaignReport\n",
"Get-IdentityNowEmailTemplate\n",
"Get-IdentityNowGovernanceGroup\n",
"Get-IdentityNowIdentityAttribute\n",
"Get-IdentityNowOAuthAPIClient\n",
"Get-IdentityNowOrg\n",
"Get-IdentityNowOrgConfig\n",
"Get-IdentityNowOrgStatus\n",
"Get-IdentityNowPersonalAccessToken\n",
"Get-IdentityNowProfile\n",
"Get-IdentityNowProfileOrder\n",
"Get-IdentityNowQueue\n",
"Get-IdentityNowRole\n",
"Get-IdentityNowRule\n",
"Get-IdentityNowSource\n",
"Get-IdentityNowSourceAccounts\n",
"Get-IdentityNowSourceSchema\n",
"Get-IdentityNowTask\n",
"Get-IdentityNowTimeZone\n",
"Get-IdentityNowTransform\n",
"Get-IdentityNowVACluster\n",
"Invoke-IdentityNowAggregateSource\n",
"Invoke-IdentityNowRequest\n",
"Invoke-IdentityNowSourceReset\n",
"Join-IdentityNowAccount\n",
"New-IdentityNowAccessProfile\n",
"New-IdentityNowAPIClient\n",
"New-IdentityNowCertCampaign\n",
"New-IdentityNowGovernanceGroup\n",
"New-IdentityNowIdentityProfilesReport\n",
"New-IdentityNowOAuthAPIClient\n",
"New-IdentityNowPersonalAccessToken\n",
"New-IdentityNowProfile\n",
"New-IdentityNowRole\n",
"New-IdentityNowSource\n",
"New-IdentityNowSourceAccountSchemaAttribute\n",
"New-IdentityNowSourceConfigReport\n",
"New-IdentityNowTransform\n",
"New-IdentityNowUserSourceAccount\n",
"Remove-IdentityNowAccessProfile\n",
"Remove-IdentityNowAPIClient\n",
"Remove-IdentityNowGovernanceGroup\n",
"Remove-IdentityNowOAuthAPIClient\n",
"Remove-IdentityNowPersonalAccessToken\n",
"Remove-IdentityNowProfile\n",
"Remove-IdentityNowRole\n",
"Remove-IdentityNowSource\n",
"Remove-IdentityNowTransform\n",
"Remove-IdentityNowUserSourceAccount\n",
"Save-IdentityNowConfiguration\n",
"Search-IdentityNowEntitlements\n",
"Search-IdentityNowEvents\n",
"Search-IdentityNowIdentities\n",
"Search-IdentityNowUserProfile\n",
"Search-IdentityNowUsers\n",
"Set-IdentityNowCredential\n",
"Set-IdentityNowOrg\n",
"Set-IdentityNowTimeZone\n",
"Start-IdentityNowCertCampaign\n",
"Start-IdentityNowProfileUserRefresh\n",
"Test-IdentityNowCredentials\n",
"Test-IdentityNowSourceConnection\n",
"Test-IdentityNowTransforms\n",
"Update-IdentityNowAccessProfile\n",
"Update-IdentityNowApplication\n",
"Update-IdentityNowEmailTemplate\n",
"Update-IdentityNowGovernanceGroup\n",
"Update-IdentityNowIdentityAttribute\n",
"Update-IdentityNowOrgConfig\n",
"Update-IdentityNowProfileMapping\n",
"Update-IdentityNowProfileOrder\n",
"Update-IdentityNowRole\n",
"Update-IdentityNowSource\n",
"Update-IdentityNowTransform\n",
"Update-IdentityNowUserSourceAccount\n",
"\n"
]
}
],
"source": [
"Get-Command -Module SailPointIdentityNow | Sort-Object Name | Format-Table Name -Autosize"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Configure SailPoint IdentityNow Credentials <a name=\"creds\"></a>\n",
"\n",
"*Note* When a set of credentials for an Org are saved using the -default switch (see Save Credentials Configuration below) they become the set of credentials that are imported when the module is loaded.\n",
"Therefore setting the following configuration items only needs to be done once (per workstation/user profile);\n",
"- Set-IdentityNowOrg\n",
"- Set-IdentityNowCredential (with the Admin, v3, v2 and Personal Access Token credentials)\n",
"- Save-IdentityNowConfiguration\n",
"\n",
"## Set IdentityNow Organisation Name\n",
"\n",
"Specify the IdentityNow Org you will be interacting with using the SailPoint IdentityNow PowerShell Module.\n",
"\n",
"Replace <b>myOrg</b> with the Organisation Name for your IdentityNow environment."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$orgName = \"myOrg\"\n",
"Set-IdentityNowOrg -orgName $orgName\n",
"Get-IdentityNowOrg"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Set IdentityNow Admin Account Username and Password\n",
"\n",
"An IdentityNow account and password with Admin privilages. Admin privilages are granted using the IdentityNow Portal. \n",
"\n",
"Replace <b>darren.robinson</b> and <b>myAdminUserAccountPassword</b> with your Admin account name and password for your IdentityNow environment."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$adminUSR = \"darren.robinson\"\n",
"$adminPWD = 'myAdminUserAccountPassword'\n",
"$adminCreds = [pscredential]::new($adminUSR, ($adminPWD | ConvertTo-SecureString -AsPlainText -Force))"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Set IdentityNow v3 API Credentials \n",
"\n",
"IdentityNow Org v3 API Creds (ClientID and Secret) generated from the <b>Security Settings => API Management</b> section of the IdentityNow Admin Portal.\n",
"\n",
"Replace <b>v3 ClientID</b> and <b>v3 Client Secret</b> with your v3 API credentials for your IdentityNow environment."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$clientIDv3 = 'e7a88e17-ABCD-EFGH-ba95-123456789'\n",
"$clientSecretv3 = 'aaaabbbbccccc12345678901234567890'\n",
"$v3Creds = [pscredential]::new($clientIDv3, ($clientSecretv3 | ConvertTo-SecureString -AsPlainText -Force))"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Set the Admin and v3 Credentials so that we can generate v2 Credentials and a Personal Access Token\n",
"\n",
"Set the Admin Credentials and v3 API Credentials configured above to the Organsiation Configuration."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Set-IdentityNowCredential -AdminCredential $adminCreds -v3APIKey $v3Creds"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Generate v2 Credentials and update configuration with v2 Credentials\n",
"\n",
"v2 Credentials are for legacy API's and can only be generated via API using New-IdentityNowAPIClient.\n",
"\n",
"Generate the v2 API Credentials and set them for the Organisation Configuration."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$createV2Creds = New-IdentityNowAPIClient\n",
"$createV2Creds\n",
"$v2Creds = [pscredential]::new($createV2Creds.clientID, ($createV2Creds.secret | ConvertTo-SecureString -AsPlainText -Force))\n",
"Set-IdentityNowCredential -AdminCredential $adminCreds -v3APIKey $v3Creds -v2APIKey $v2Creds"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Validate v2 and v3 Credentials\n",
"\n",
"Verify the Admin Credentials and v3 Credentials specified above are valid. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Test-IdentityNowCredentials"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Create a Personal Access Token\n",
"\n",
"A Personal Access Token is a JWT Token linked to the currently authenticated user.\n",
"\n",
"New-IdentityNowPersonalAccessToken will generate a new Personal Access Token. \n",
"\n",
"Generate the Personal Access Token Credentials and set them for the Organisation Configuration."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$personalAccessToken = New-IdentityNowPersonalAccessToken -name \"IdentityNow PSMod Access Token\" \n",
"$setPersonalAccessToken = [pscredential]::new(\"IDNPSMod\", ($personalAccessToken.secret | ConvertTo-SecureString -AsPlainText -Force))\n",
"Set-IdentityNowCredential -PersonalAccessToken $setPersonalAccessToken"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Save Credentials Configuration\n",
"\n",
"Securely store the credentials for use with the IdentityNow PowerShell Module.\n",
"The -default switch will configure the Org set above and all the associated credentials as the default Org and Config. These are then loaded by default when the module is imported. \n",
"\n",
"Repeat the steps above for additional Organisations;\n",
"- Set-IdentityNowOrg\n",
"- Set-IdentityNowCredential (with the Admin, v3, v2 and Personal Access Token credentials)\n",
"- Save-IdentityNowConfiguration"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Save-IdentityNowConfiguration -default"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Retrieve the credential configuration from the secure configuration file. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$IdentityNowConfigurationFile = Join-Path $env:LOCALAPPDATA IdentityNowConfiguration.clixml\n",
"if (Test-Path $IdentityNowConfigurationFile) {\n",
" $IdentityNowConfiguration = Import-Clixml $IdentityNowConfigurationFile\n",
"} else {\n",
" $IdentityNowConfiguration = $null\n",
"}\n",
"\n",
"$IdentityNowConfiguration.$orgName"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Get Personal Access Tokens\n",
"\n",
"List Personal Access Tokens that have been generated. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowPersonalAccessToken"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Limit the number of Personal Access Tokens that are returned"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowPersonalAccessToken -limit 3"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Create a Personal Access Token\n",
"\n",
"Create a Personal Access Token"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"New-IdentityNowPersonalAccessToken -name \"IdentityNow Personal Access Token\""
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Remove a Personal Access Token\n",
"\n",
"Remove a Personal Access Token"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$personalAT = Get-IdentityNowPersonalAccessToken\n",
"\n",
"$tokenToRemove = $personalAT | select-object | where-object {$_.name -eq \"IdentityNow Personal Access Token\"}\n",
"Remove-IdentityNowPersonalAccessToken -id $tokenToRemove.id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Get API Management Clients (Legacy v2)\n",
"\n",
"See example above for creating v2 API credentials. \n",
"\n",
"*Note* moving forward v2 credentials are only required for legacy API's that don't have a v3 API equivalent. Virtual Appliances currently also use v2 credentials. \n",
"\n",
"Get v2 API Credentials"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$v2APIClients = Get-IdentityNowAPIClient\n",
"$v2APIClients"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get a specific v2 API Client </br>\n",
"*Note* Gets the first v2 API Client returned in the collection above. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowAPIClient -ID $v2APIClients[0].id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Remove API Management Clients (Legacy v2)\n",
"\n",
"Delete an IdentityNow v2 API Client."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Remove-IdentityNowAPIClient -ID 1234"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Get oAuth API Clients (v3)\n",
" \n",
"Get IdentityNow oAuth API Client(s)."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$v3APIClients = Get-IdentityNowOAuthAPIClient \n",
"$v3APIClients"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get an IdentityNow oAuth API Client.\n",
"\n",
"*Note* Gets the first v3 API Client returned in the collection above. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowOAuthAPIClient -ID $v3APIClients[0].id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Remove oAuth API Clients (v3)\n",
"\n",
"Delete an IdentityNow oAuth (v3) API Client."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Remove-IdentityNowOAuthAPIClient -ID 'aaaaaaaaa-a4c5-4d7b-9c13-123456789'"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Organisation Configuration Settings <a name=\"orgSettings\"></a>\n",
"## Organisation Config\n",
"\n",
"Get the IdentityNow Organisation Configuration that includes enabled features, status, security configuration and global settings."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowOrgConfig"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Update an IdentityNow Organisation\n",
"\n",
"Update the Global Reminders Configuration on the Organisation Configuration. \n",
"Set;\n",
"- days between access request notification reminders\n",
"- days before access request escalation \n",
"- max number of access request notification reminders\n",
"- access request fall back approver"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$orgConfig = Get-IdentityNowOrgConfig\n",
"\n",
"$approvalConfig = $orgConfig.approvalConfig\n",
"\n",
"# global reminders and escalation policies for access request approvals\n",
"$daysBetweenReminders = 3\n",
"$daysTillEscalation = 5\n",
"$maxReminders = 10\n",
"# SailPoint user name of the identity \n",
"$fallbackApprover = \"darren.robinson\"\n",
"\n",
"# Set Config options to update\n",
"$approvalConfig.daysBetweenReminders = $daysBetweenReminders\n",
"$approvalConfig.daysTillEscalation = $daysTillEscalation\n",
"$approvalConfig.maxReminders = $maxReminders\n",
"$approvalConfig.fallbackApprover = $fallbackApprover\n",
"$approvalConfigBody = @{\"approvalConfig\" = $approvalConfig }\n",
"\n",
"Update-IdentityNowOrgConfig -update ($approvalConfigBody | convertto-json)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## IdentityNow Queued Events\n",
"\n",
"Get a list of events queued for IdentityNow."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowQueue"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## IdentityNow Active Jobs\n",
"\n",
"Get a list of active jobs in IdentityNow."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowActiveJobs"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Organisation Status\n",
"\n",
"Get the status and alerts for an IdentityNow Organisation including;\n",
"- number of users\n",
"- number of sources\n",
"- number of applications\n",
"- number of VA Clusters"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowOrgStatus"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## TimeZone\n",
"### Get Current TimeZone Configuration\n",
"\n",
"Retrieve the currently configured Organisation timezone. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowTimeZone"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### List TimeZone Options\n",
"\n",
"Retrieve a list of valid IdentityNow Org time zones."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowTimeZone -list"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Set TimeZone\n",
"\n",
"Set the time zone for an IdentityNow Organisation. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Set-IdentityNowTimeZone -tz 'Australia/Sydney'"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Sources <a name=\"sources\"></a>\n",
"## Get Sources \n",
"\n",
"Get a list of the configured Sources in an IdentityNow Organisation. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$sources = Get-IdentityNowSource\n",
"$sources"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Get a specific IdentityNow Source\n",
"From the collection of Sources returned above, get the details for the second source in the collection. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowSource -sourceID $sources[1].id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Get the Schema of an IdentityNow Source\n",
"\n",
"Get the attributes associated with an IdentityNow Source"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowSourceSchema -sourceID $sources[1].id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Get Account Profiles associated with a Source\n",
"The first source is typically the IdentityNow Admins Source which will have an Account Profile associated with it. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowSource -sourceID $sources[0].id -accountProfiles"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Update a Source Description\n",
"\n",
"Take the existing description and prepend 'Updated:' to it. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Update-IdentityNowSource -sourceID $sources[0].id -update \"description=Updated: $($sources[0].description)\""
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Test an IdentityNow Source (Health Check)\n",
"Test the health of an IdentityNow Source.\n",
"\n",
"This only works for Directly Connected Sources."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Direct Sources\n",
"$directSources = $sources | select-object | where-object {$_.sourceType -eq \"DIRECT_CONNECT\"}\n",
"if ($directSources.count -gt 0){\n",
" Test-IdentityNowSourceConnection -sourceid $directSources[0].id\n",
"} else {\n",
" \"No Directly Connected Sources Configured\"\n",
"}"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Create an IdentityNow Source\n",
"\n",
"Create a new IdentityNow Source.\n",
"\n",
"Source type can be 'DIRECT_CONNECT' or 'DELIMITED_FILE'\n",
"\n",
"Mandatory attributes are name, description and connectorname (e.g 'JDBC', 'Active Directory', 'Azure Active Directory', 'Web Services', 'ServiceNow')"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$newSource = New-IdentityNowSource -name 'Dev Source' -description 'Development Flat File Source' -connectorname 'Generic' -sourcetype DELIMITED_FILE\n",
"$newSource"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Delete an IdentityNow Source\n",
"\n",
"Remove the IdentityNow Source that was created above. \n",
"\n",
"*Note* `$newSource is used in following examples. If you remove this Source those examples referencing `$newSource will fail. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Remove-IdentityNowSource -sourceid $newSource.id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Discover Schema changes on a source\n",
"\n",
"Perform Schema Discovery for a Source.\n",
"\n",
"*Note* This only works for Sources that support Schema Discovery."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Direct Sources\n",
"$directSources = $sources | select-object | where-object {$_.sourceType -eq \"DIRECT_CONNECT\"}\n",
"if ($directSources.count -gt 0){\n",
" New-IdentityNowSourceAccountSchemaAttribute -sourceID $directSources[0].id -discover\n",
"} else {\n",
" \"No Directly Connected Sources Configured\"\n",
"}"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Create a new Schema attribute on a Source\n",
"To add another attribute to a source specify the Source, name for the attribute and the attribute type."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"New-IdentityNowSourceAccountSchemaAttribute -sourceID $newSource.id -name 'myNewAttr' -description 'My new attribute' -type 'STRING' "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Join IdentityNow Account\n",
"\n",
"Join an IdentityNow User Account from a Source to an IdentityNow Identity."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Join-IdentityNowAccount -source 12345 -identity rsanchez -account rsanchezc137"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Reset an IdentityNow Source\n",
"\n",
"Clear an IdentityNow Source of data loaded from a source. \n",
"\n",
"Delete the specified source data (retrieved via Aggregation) from a source, while keeping all the configuration intact."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Invoke-IdentityNowSourceReset -sourceID 12345"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Don't reset Accounts or Entitlements using the -skip option\n",
"\n",
"Don't reset Entitlements"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Invoke-IdentityNowSourceReset -sourceID 12345 -skip Entitlements"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Don't reset Accounts"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Invoke-IdentityNowSourceReset -sourceID 12345 -skip Accounts"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Source Accounts - Delimited and Flat File Sources <a name=\"flatfileaccounts\"></a>\n",
"## Create IdentityNow Source Account\n",
"\n",
"Create an Account on a Flat File / Delimited Source. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$sources = Get-IdentityNowSource\n",
"\n",
"$account = @{\"id\" = 'rick.sanchez'; \n",
" \"name\" = 'rick.sanchez'; \n",
" \"givenName\" = 'Rick'; \n",
" \"familyName\" = 'Sanchez'; \n",
" \"displayName\" = 'Rick Sanchez'; \n",
" \"email\" = 'rick.sanchez@idmspecialist.com' \n",
" }\n",
"\n",
"New-IdentityNowUserSourceAccount -source $sources[0].id -account ($account | convertto-json)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Get Accounts from a Source\n",
"\n",
"Accounts from a Source can be retrieved using Search or directly from a specific Source. \n",
"\n",
"### Search for accounts on a Source"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Search-IdentityNowUsers -query \"@access(source.name:$($sources[0].name))\""
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Get for accounts from a Source"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowSourceAccounts -sourceID $sources[0].id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Update IdentityNow Source Account\n",
"\n",
"Get Source Accounts from the first Source (returned in the examples above) as it will likely be the Admins Source and as such a Delimited / Flat File Source that will have accounts.\n",
"- Find the user we want to update and update Country, Dept and Org.\n",
"- Get the Source Accounts again with all attributes and select our updated user. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$sourceAccounts = Get-IdentityNowSourceAccounts -sourceID $sources[0].id\n",
"\n",
"$user = $sourceAccounts | select-object | where-object {$_.accountId -eq \"rick.sanchez\"}\n",
"\n",
"$update = @{\n",
" \"country\" = \"Australia\"\n",
" \"department\" = \"Identity Architects\"\n",
" \"organization\" = \"IDM Specialists\" \n",
"} \n",
"\n",
"Update-IdentityNowUserSourceAccount -account $user.id -update ($update | ConvertTo-Json)\n",
"\n",
"$sourceAccounts = Get-IdentityNowSourceAccounts -sourceID $sources[0].id -attributes\n",
"$updatedUser = $sourceAccounts | select-object | where-object {$_.accountId -eq \"rick.sanchez\"}\n",
"$updatedUser"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Remove IdentityNow Source Account\n",
"\n",
"Get accounts from a Delimited / Flat File Source \n",
"- Find the user to delete\n",
"- Delete the user account from the Delimited / Flat File Source.\n",
"\n",
"*Note* Rick is used in further examples. After testing a remove source account you may want to re-create Rick using the \"Create IdentityNow Source Account\" example above."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$sourceAccounts = Get-IdentityNowSourceAccounts -sourceID $sources[0].id\n",
"\n",
"$user = $sourceAccounts | select-object | where-object {$_.accountId -eq \"rick.sanchez\"}\n",
"\n",
"Remove-IdentityNowUserSourceAccount -account $user.id "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Search <a name=\"search\"></a>\n",
"## Search IdentityNow Users\n",
"\n",
"Search for references to identity 'darren.robinson'"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Search-IdentityNowUsers -query darren.robinson"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Search for users with accountId 'darren.robinson'"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Search-IdentityNowUsers -query \"@accounts(accountId:darren.robinson)\""
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Search for users on a Source </br>\n",
"*Note* Query all Sources and get users from the first Source"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$searchSources = Get-IdentityNowSource\n",
"$searchSources[0]\n",
"Search-IdentityNowUsers -query \"@access(source.name:$($searchSources[0].name))\""
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Search IdentityNow Users Profiles\n",
"Search for a user's IdentityNow Profile from the IdentityNow Identity List"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Search-IdentityNowUserProfile -query \"darren.robinson\""
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Search IdentityNow Entitlements\n",
"\n",
"Search for Entitlements associated with IdentityNow Sources \n",
"\n",
"*Note* Uses Source from previous search examples. There maybe no entitlements on that Source."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Search-IdentityNowEntitlements -query \"source.id:$($searchSources[0].externalId)\""
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Search IdentityNow Identities with Entitlements (Beta) - Elasticsearch\n",
"Search IdentityNow Identities using the new IdentityNow Search (Elasticsearch). Results defaults to 2500. \n",
"\n",
"If you want more or less use the -searchLimit option.\n",
"\n",
"Search for all entitlements.\n",
"\n",
"*Note* Depending on your environment this could result in a large set of results. \n",
"\n",
"Refine the query with additional search criteria. e.g {\"query\":\"@access(type:ENTITLEMENT AND name:*Application Group X*)\"}"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$queryFilter = '{\"query\":{\"query\":\"@access(type:ENTITLEMENT)\"},\"includeNested\":true}'\n",
"Search-IdentityNowIdentities -filter $queryFilter"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Limit the results returned to 10"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$queryFilter = '{\"query\":{\"query\":\"@access(type:ENTITLEMENT)\"},\"includeNested\":true}'\n",
"Search-IdentityNowIdentities -filter $queryFilter -searchLimit 10"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Search Events (Beta) - Elasticsearch\n",
"Search IdentityNow Events using the new IdentityNow Search (Elasticsearch) Results defaults to 2500. \n",
"\n",
"If you want more or less use the -searchLimit option\n",
"\n",
"[Search Event Names](https://community.sailpoint.com/t5/IdentityNow-Forum/Audit-Events-and-Search-Equivalents/m-p/148204#feedback-success)\n"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$query = @{query = 'technicalName:USER_AUTHENTICATION_STEP_UP_SETUP_*'; type = 'USER_MANAGEMENT'}\n",
"$queryFilter = @{query = $query}\n",
"Search-IdentityNowEvents -filter ($queryFilter | convertto-json)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Access Profiles <a name=\"accessprofiles\"></a>\n",
"## Get IdentityNow Access Profiles\n",
"Get all IdentityNow Access Profiles"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$accessProfiles = Get-IdentityNowAccessProfile\n",
"$accessProfiles"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get a specific IdentityNow Access Profile \n",
"\n",
"*Note* users the first access profile from the collection returned of all Access Profiles above."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowAccessProfile -profileID $accessProfiles[0].id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Create IdentityNow Access Profiles\n",
"Create an Access Profile with \n",
"- manager approval\n",
"- the owner being the user with ID darren.robinson \n",
"- the source being the source that contains the name 'AzureAD'\n",
"- the entitlement is the first entitlement returned from the Source\n",
"- the Access Profile is named after the Source and Entitlement\n",
"- request approval and denied comments required\n"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Get Owner for Access Profile\n",
"$owner = Search-IdentityNowUserProfile -query \"darren.robinson\"\n",
"\n",
"# Get Source for Access Profile\n",
"$sources = Get-IdentityNowSource \n",
"$accessProfileSource = $sources | Select-Object | Where-Object {$_.name -like '*AzureAD*'}\n",
"\n",
"# Entitlements for the Access Profile. \n",
"# We'll dyamically take the first entitlement present on the source returned above \n",
"$entitlements = Search-IdentityNowEntitlements -query \"source.id:$($accessProfileSource.externalId)\"\n",
"$e = $entitlements | Select-Object | Where-Object {$_.source.name -eq $accessProfileSource[0].name -and $_.displayName -eq $entitlements[0].displayName}\n",
"\n",
"# Access Profile Details\n",
"# Dynamically fill the name and description based on the Source Name and the Entitlment Name\n",
"$accessProfile = @{}\n",
"$accessProfile.add(\"name\", \"$($accessProfileSource[0].name) - $($entitlements[0].displayName)\")\n",
"$accessProfile.add(\"description\", $entitlements[0].displayName)\n",
"$accessProfile.add(\"sourceId\", $accessProfileSource[0].id)\n",
"$accessProfile.add(\"ownerId\", $owner.id)\n",
"\n",
"# Access Profile Entitlements\n",
"$entitlements = @()\n",
"ForEach($i in $e) {$entitlements += $i.id}\n",
"$entitlementsToAdd = @{\"entitlements\" = $entitlements}\n",
"$accessProfile.add(\"entitlements\", $entitlementsToAdd.entitlements)\n",
"\n",
"# Access Profile Type\n",
"# Manager based Approval\n",
"$accessProfile.add(\"approvalSchemes\", \"manager\")\n",
"$accessProfile.add(\"requestCommentsRequired\", $true)\n",
"$accessProfile.add(\"deniedCommentsRequired\", $true)\n",
"\n",
"$newAccessProfile = New-IdentityNowAccessProfile -profile ($accessProfile | convertto-json)\n",
"$newAccessProfile"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Update IdentityNow Access Profiles\n",
"Get an existing Access Profile (using the one created above) and update it to not require approval and denied comments. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$updateAccessProfile = Get-IdentityNowAccessProfile -profileID $newAccessProfile.id\n",
"\n",
"$updateAccessProfileConfig = @{} \n",
"$updateAccessProfileConfig.Add(\"requestCommentsRequired\", $false) \n",
"$updateAccessProfileConfig.Add(\"deniedCommentsRequired\", $false) \n",
"\n",
"Update-IdentityNowAccessProfile -profileID $updateAccessProfile.id -update ($updateAccessProfileConfig | convertto-JSON)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Remove IdentityNow Access Profiles\n",
"\n",
"Remove the Access Profile created above."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Remove-IdentityNowAccessProfile -profileID $updateAccessProfile.id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Governance Groups <a name=\"governancegroups\"></a>\n",
"## Get IdentityNow Governance Groups"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$governanceGroups = Get-IdentityNowGovernanceGroup \n",
"$governanceGroups"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Get a specific IdentityNow Governance Group"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowGovernanceGroup -groupID $governanceGroups[0].id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Create IdentityNow Governance Group\n",
"\n",
"Create a Governance Group and assign an owner."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$GovGroupOwner = Search-IdentityNowUsers -query \"@accounts(accountId:darren.robinson)\"\n",
"\n",
"$body = @{\"name\" = \"New IDN Module Gov Group\"; \n",
" \"displayName\" = \"New Module Gov Group\"; \n",
" \"description\" = \"New Module Gov Group\"; \n",
" \"owner\" = @{\"displayName\" = $GovGroupOwner.displayName; \n",
" \"emailAddress\" = $GovGroupOwner.email; \n",
" \"id\" = $GovGroupOwner.id; \n",
" \"name\" = $GovGroupOwner.name \n",
" } \n",
"}\n",
"$newGovGroup = New-IdentityNowGovernanceGroup -group ($body | convertto-json) \n",
"$newGovGroup"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Update IdentityNow Governance Group\n",
"\n",
"### Example 1\n",
"\n",
"Example 1: Add User 2 to the Governance Group "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# User 2 was created in an example further above\n",
"$user2 = Search-IdentityNowUsers -query \"@accounts(accountId:rick.sanchez)\"\n",
"\"$($user2.displayName) $($user2.id)\"\n",
"\n",
"# Governance Group to Update (using Group created above)\n",
"$GovGroup = Get-IdentityNowGovernanceGroup -group $newGovGroup.id\n",
"\n",
"# Add Rick\n",
"$add = @() \n",
"$remove = @() \n",
"$add += $user2.id \n",
"\n",
"$update = (@{\n",
" add = $add \n",
" remove = $remove\n",
"}) \n",
"\n",
"$update\n",
"Update-IdentityNowGovernanceGroup -groupID $GovGroup.id -update ($update | convertto-json)\n",
"\n",
"Get-IdentityNowGovernanceGroup -groupID $GovGroup.id"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"# Create a new user to add to the Governance Group. \n",
"$sources = Get-IdentityNowSource\n",
"\n",
"$account = @{\"id\" = 'morty.smith'; \n",
" \"name\" = 'morty.smith'; \n",
" \"givenName\" = 'Morty'; \n",
" \"familyName\" = 'Smith'; \n",
" \"displayName\" = 'Morty Smith'; \n",
" \"email\" = 'morty.smith@idmspecialist.com' \n",
" }\n",
"\n",
"New-IdentityNowUserSourceAccount -source $sources[0].id -account ($account | convertto-json)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Example 2\n",
"\n",
"Example 2: Remove User 2 and add User 3 to the Goveranace Group"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$user3 = Search-IdentityNowUsers -query \"@accounts(accountId:morty.smith)\"\n",
"\"$($user3.displayName) $($user3.id)\"\n",
"\n",
"# Add Morty and Remove Rick\n",
"$add = @() \n",
"$remove = @() \n",
"$add += $user3.id\n",
"$remove += $user2.id \n",
"\n",
"$update = (@{\n",
" add = $add \n",
" remove = $remove\n",
"}) \n",
"\n",
"$update\n",
"Update-IdentityNowGovernanceGroup -groupID $GovGroup.id -update ($update | convertto-json)\n",
"\n",
"Get-IdentityNowGovernanceGroup -groupID $GovGroup.id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Remove IdentityNow Governance Group\n",
"\n",
"Delete an IdentityNow Governance Group"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Remove-IdentityNowGovernanceGroup -groupID $GovGroup.id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Roles <a name=\"roles\"></a>\n",
"## Get IdentityNow Roles\n",
"\n",
"Get all IdentityNow Roles"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$roles = Get-IdentityNowRole \n",
"$roles"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get a specific IdentityNow Role \n",
"\n",
"The following example gets the first role from the collection retrieved above."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowRole -roleID $roles[0].id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Create an IdentityNow Role\n",
"\n",
"Create a new IdentityNow Role\n"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$body = @{\n",
" \"name\" = \"Role - Special Administrators\";\n",
" \"displayName\" = \"Special Administrators\";\n",
" \"description\" = \"Special Administrators Role\";\n",
" \"disabled\" = $true;\n",
" \"owner\" = \"darren.robinson\" \n",
"} \n",
"\n",
"$newRole = New-IdentityNowRole -role ($body | convertto-json) \n",
"$newRole"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Update an IdentityNow Role\n",
"\n",
"Update an IdentityNow Role. </br>\n",
"Update the first role created above to\n",
"- change the name\n",
"- change displayName\n",
"- change description\n",
"- make the Role requestable and enabled."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$body = @{\n",
" \"id\" = $newRole.id\n",
" \"name\" = \"Role - Special Admins\";\n",
" \"displayName\" = \"Special Admins\";\n",
" \"description\" = \"Special Admins Role\";\n",
" \"requestable\" = $true; \n",
" \"disabled\" = $false;\n",
"} \n",
"Update-IdentityNowRole -update ($body | convertto-json)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Update the IdentityNow Role above to;\n",
"- require Manager Approval\n",
"- require comments when a user requests the role\n",
"- require comments from the manager when they deny approval for the role request\n"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$body = @{\n",
" \"id\" = $newRole.id\n",
" \"deniedCommentsRequired\" = $true;\n",
" \"requestCommentsRequired\" = $true;\n",
" \"approvalSchemes\" = \"manager\";\n",
"} \n",
" \n",
"Update-IdentityNowRole -update ($body | convertto-json)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Update the Role above to require a secondary approver by a Governance Group. \n",
"\n",
"*Note* the following example uses the Governance Group created in the Governance Groups examples above"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$newGovGroup\n",
"\n",
"$body = @{\n",
" \"id\" = $newRole.id\n",
" \"approvalSchemes\" = \"manager,workgroup: $($newGovGroup.id)\";\n",
"} \n",
" \n",
"Update-IdentityNowRole -update ($body | convertto-json)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Delete an IdentityNow Role\n",
"\n",
"Delete the role created above\n"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Remove-IdentityNowRole -roleID $newRole.id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Transforms <a name=\"transforms\"></a>\n",
"## Get Transforms\n",
"\n",
"Get IdentityNow Transforms. \n",
"\n",
"*Note* If no transforms are returned, it is likely you have multiple transforms that have the same name (but in different case e.g o and O). This is valid in JSON, but does not convert to PowerShell objects. \n",
"\n",
"Use the -json switch to return transforms as raw JSON."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowTransform"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get a specific Transform"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowTransform -ID ToUpper"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Create IdentityNow Transforms\n",
"\n",
"Create an IdentityNow Transform\n",
"- Create a transform that concatenates the 'firstName' and 'lastname' attributes. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$attributes = @{value = '$firstName.$lastname'}\n",
"$transform = @{type = \"static\"; id = \"FirstName.LastName\"; attributes = $attributes}\n",
"New-IdentityNowTransform -transform ($transform | convertto-json) "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Update IdentityNow Transforms\n",
"\n",
"Update the IdentityNow Transform created above to include the 'company' attribute. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$attributes = @{value = '$firstName.$lastname@$company.com.au'}\n",
"$transform = @{type = \"static\"; attributes = $attributes}\n",
"Update-IdentityNowTransform -transform ($transform | convertto-json) -ID \"FirstName.LastName\""
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Test IdentityNow Transforms\n",
"\n",
"Test IdentityNow transforms to detect common problems"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Test-IdentityNowTransforms"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Remove IdentityNow Transforms\n",
"\n",
"Remove an IdentityNow Transform"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Remove-IdentityNowTransform -ID \"FirstName.LastName\""
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Rules <a name=\"rules\"></a>\n",
"## Get IdentityNow Rules\n"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$rules = Get-IdentityNowRule\n",
"$rules"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get a specific IdentityNow Rule \n",
"\n",
"Gets the first rule returned in the IdentityNow Rules collection from above."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowRule -ID $rules[0].id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Identity Profiles <a name=\"identityprofiles\"></a>\n",
"## Get IdentityNow Identity Profiles\n",
"\n",
"Get all IdentityNow Profiles."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$identityProfiles = Get-IdentityNowProfile\n",
"$identityProfiles"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get a specific IdentityNow Profile.\n",
"\n",
"*Note* Retrieve the first Identity Profile returned in the collection above. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowProfile -ID $identityProfiles[0].id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Create IdentityNow Identity Profiles\n",
"\n",
"Create a new IdentityNow Identity Profile. \n",
"\n",
"Requires the name for the Identity Profile and the ID of the IdentityNow Source to associated with the IdentityNow Profile. \n",
"\n",
"*Note* the following example gets all IdentityNow Sources and creates an Identity Profile for the 3rd source in the collection. \n",
"\n",
"*Note* it is not possible to use the same account source for multiple Identity Profiles."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$sources = Get-IdentityNowSource \n",
"$sources[2]\n",
"\n",
"New-IdentityNowProfile -Name Contractors -SourceID $sources[2].id\n",
"\n",
"$identityProfiles = Get-IdentityNowProfile\n",
"\n",
"$newProfile = $identityProfiles | select-object | where-object {$_.name -eq \"Contractors\"}\n",
"$newProfile"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Refresh an IdentityNow Identity Profile\n",
"\n",
"Trigger a refresh for an IdentityNow Identity Profile. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Start-IdentityNowProfileUserRefresh -ID $newProfile.id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Get IdentityNow Identity Profiles Order\n",
"\n",
"Get the priorities of IdentityNow Identity Profiles"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowProfileOrder"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Update IdentityNow Profiles Order\n",
"\n",
"Update our Contractors Identity Profile Order to be priority 15"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Update-IdentityNowProfileOrder -id $newProfile.id -priority 15"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Remove IdentityNow Identity Profiles\n",
"\n",
"Remove our Contractor IdentityNow Identity Profile \n",
"\n",
"*Note* Multiple IdentityNow Profiles can be removed by specifying a comma separated list of Identity Profile ID's\n",
"e.g Remove-IdentityNowProfile -profileIDs 1234,1235,1236"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$newProfile.id\n",
"Remove-IdentityNowProfile -profileIDs $newProfile.id "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Identity Attributes <a name=\"identityattributes\"></a>\n",
"## Get Identity Attributes\n",
"\n",
"List Identity Attributes that can be used for correlation rules from Sources. \n",
"\n",
"List all Identity Attributes that are configured."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$identityAttributes = Get-IdentityNowIdentityAttribute\n",
"$identityAttributes"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get a specific Identity Attribute.\n",
"\n",
"*Note* the following example gets the 6th attribute from the full collection returned above."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowIdentityAttribute -attribute $identityAttributes[5].name"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Update Identity Attributes\n",
"\n",
"Add an attribute into the Identity Attributes List that can be used in Correlation Rules. \n",
"\n",
"This makes the attribute searchable and avaialble for correlation rules. \n",
"\n",
"This requires the attribute has first been added to an Identity Profile (under Mapping => Add Attribute). In the example below I'm adding the 'adsid' attribute to the Identity Attributes List.\n",
"\n",
"<b>NOTE:</b> the attribute name is case sensitive. It must match what is in IdentityNow."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Update-IdentityNowIdentityAttribute -attribute adsid"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Account Activities <a name=\"accountactivities\"></a> \n",
"\n",
"Get Account Activities associated with the account requesting.\n",
"\n",
"[Account Activity Types](https://community.sailpoint.com/t5/IdentityNow-Wiki/IdentityNow-REST-API-List-Account-Activities/ta-p/72189)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$user = Search-IdentityNowUsers -query \"@accounts(accountId:darren.robinson)\" \n",
"Get-IdentityNowAccountActivities -requestedBy $user.id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get Account Activities associated with the account requested for."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$user = Search-IdentityNowUsers -query \"@accounts(accountId:darren.robinson)\" \n",
"Get-IdentityNowAccountActivities -requestedFor $user.id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get 1000 appRequest Account Activities (default is 250)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowAccountActivities -type appRequest -searchLimit 1000"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get Account Activities requested for 'Darren' by 'Rick'"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$user = Search-IdentityNowUsers -query \"@accounts(accountId:darren.robinson)\"\n",
"$mgr = Search-IdentityNowUsers -query \"@accounts(accountId:rick.sanchez)\"\n",
"Get-IdentityNowAccountActivities -requestedFor $user.id -requestedBy $mgr.id "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get all account activities associated with a user"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$user = Search-IdentityNowUsers -query \"@accounts(accountId:darren.robinson)\"\n",
"Get-IdentityNowAccountActivities -regardingIdentity $user.id "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Tasks <a name=\"tasks\"></a>\n",
"## Get IdentityNow Tasks\n",
"\n",
"Get IdentityNow Tasks"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$tasks = Get-IdentityNowTask\n",
"$tasks"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get a specific Task"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowTask -taskID $tasks[0].id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Complete IdentityNow Tasks\n",
"\n",
"Complete an incomplete Task"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$incompleteTasks = $tasks | select-object | where-object {$_.complete -ne \"True\"}\n",
"\n",
"Complete-IdentityNowTask -taskID $incompleteTasks[0].id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Certifications <a name=\"certifications\"></a>\n",
"## Get IdentityNow Certification Campaigns\n",
"\n",
"Get all completed IdentityNow Certification Campaigns"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowCertCampaign"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Get all Active IdentityNow Certification Campaigns"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$incompleteCampaigns = Get-IdentityNowCertCampaign -completed $false\n",
"$incompleteCampaigns"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Get a specific campaign"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowCertCampaign -campaignID $incompleteCampaigns[0].campaignId "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Create IdentityNow Certification Campaigns\n",
"\n",
"[Reference post](https://blog.darrenjrobinson.com/creating-sailpoint-identitynow-certification-campaigns-using-powershell/)\n",
"\n",
"Create a Manager based certification campaign for applications associated with a source.\n",
"- examine the source for users associated with it and the Entitlements, Roles and Access Profiles\n",
"- configure the campaign to go for 30 days from today"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$query = \"@apps(source.name:mySourceName)\"\n",
"$campaignFilter = Search-IdentityNowUsers -query $query \n",
"\n",
"$entitlements = $null \n",
"$e = $campaignFilter.access | where-object { $_.type -eq \"ENTITLEMENT\" } | Select-Object id \n",
"$entitlements = $e | Select-Object -Property id -Unique\n",
"\n",
"$roles = $null \n",
"$r = $campaignFilter.access | where-object { $_.type -eq \"ROLES\" } | Select-Object id \n",
"$roles = $r | Select-Object -Property id -Unique \n",
"\n",
"$accessProfiles = $null\n",
"$a = $campaignFilter.access | where-object { $_.type -eq \"ACCESS_PROFILE\" } | Select-Object id \n",
"$accessProfiles = $a | Select-Object -Property id -Unique \n",
"\n",
"$inclusionList = @()\n",
"\n",
"$InclusionTemplate = [pscustomobject][ordered]@{\n",
" id = $null \n",
" type = $null \n",
"}\n",
"\n",
"# ROLES\n",
"foreach ($role in $roles) {\n",
" $incRole = $InclusionTemplate.PsObject.Copy()\n",
" $incRole.id = $role.id \n",
" $incRole.type = \"ROLE\"\n",
" $inclusionList += $incRole\n",
"}\n",
"\n",
"# ENTITLEMENTS\n",
"foreach ($entitlement in $entitlements) {\n",
" $incEntitlement = $InclusionTemplate.PsObject.Copy()\n",
" $incEntitlement.id = $entitlement.id \n",
" $incEntitlement.type = \"ENTITLEMENT\"\n",
" $inclusionList += $incEntitlement\n",
"}\n",
"\n",
"# ACCESS PROFILES\n",
"foreach ($accessProfile in $accessProfiles) {\n",
" $incAccessProfile = $InclusionTemplate.PsObject.Copy()\n",
" $incAccessProfile.id = $accessProfile.id \n",
" $incAccessProfile.type = \"ACCESS_PROFILE\"\n",
" $inclusionList += $incAccessProfile\n",
"}\n",
"\n",
"$e = $inclusionList | select-object -Property type | Where-Object { $_.type -eq \"ENTITLEMENT\" }\n",
"$a = $inclusionList | select-object -Property type | Where-Object { $_.type -eq \"ACCESS_PROFILE\" }\n",
"$r = $inclusionList | select-object -Property type | Where-Object { $_.type -eq \"ROLE\" }\n",
"\n",
"write-host -ForegroundColor Blue \"Campaign scope covers $($r.type.count) Role(s), $($e.type.count) Entitlement(s) and $($a.type.count) Access Profile(s).\"\n",
"\n",
"# Campaign Deadline for 30 days time\n",
"$deadline = (get-date).AddDays(30)\n",
"\n",
"# Create Campaign\n",
"$campaignOptions = @{ }\n",
"$campaignOptions.Add(\"type\", \"Identity\")\n",
"$campaignOptions.Add(\"timeZone\", \"GMT+1000\")\n",
"$campaignOptions.Add(\"name\", \"$(Get-Date -UFormat '%B %Y') Special App Campaign\")\n",
"$campaignOptions.Add(\"allowAutoRevoke\", $false)\n",
"$campaignOptions.Add(\"deadline\", $deadline.GetDateTimeFormats()[8].ToString())\n",
"$campaignOptions.Add(\"description\", \"$(Get-Date -UFormat '%B %Y') Special App Campaign\")\n",
"$campaignOptions.Add(\"disableEmail\", $true)\n",
"$campaignOptions.Add(\"identityIdList\", @())\n",
"$campaignOptions.Add(\"identityQueryString\", $query )\n",
"$campaignOptions.Add(\"accessInclusionList\", $inclusionList)\n",
"$campaignBody = $campaignOptions | ConvertTo-Json\n",
"\n",
"$newCampaign = New-IdentityNowCertCampaign -start $false -campaign $campaignBody \n",
"$newCampaign "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Start IdentityNow Certification Campaigns\n",
"\n",
"Start the campaign created above. </br>\n",
"*Note* Depending on the size of the campaign (size of the inclusions) being created, you will need to wait for it to be finished created before it can be started. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Start-IdentityNowCertCampaign -campaignID $newCampaign.id -timezone GMT+1000"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Email Templates <a name=\"mailtemplates\"></a>\n",
"## Get Email Templates\n",
"\n",
"Get all IdentityNow Email Templates"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$emailTemplates = Get-IdentityNowEmailTemplate\n",
"$emailTemplates "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Get an Email Template\n",
"Get a specific Email Template \n",
"\n",
"*Note* Gets the first template from the collection of templates returned above"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"scrolled": true
},
"outputs": [],
"source": [
"Get-IdentityNowEmailTemplate -ID $emailTemplates[0].id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Update an Email Template\n",
"\n",
"Update the subject line of the 'Access Request Reminder' email template. \n"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$templateToUpdate = $emailTemplates | select-object | where-object {$_.name -eq 'Access Request Reminder'}\n",
"\n",
"$templateChanges = @{}\n",
"$templateChanges.add(\"id\",$templateToUpdate.id)\n",
"$templateChanges.add(\"subject\",'Action Required: Access Request requires completion of Work Item ID : $workItemName')\n",
"\n",
"Update-IdentityNowEmailTemplate -template ($templateChanges | ConvertTo-Json)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Virtual Appliances & Clusters <a name=\"clusters\"></a>\n",
"## Get IdentityNow VA Cluster\n",
"\n",
"Get all IdentityNow VA Clusters"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowVACluster"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get IdentityNow Virtual Appliances from a cluster"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$clusters = Get-IdentityNowVACluster\n",
"foreach($va in $clusters){\n",
" \"Cluster: $($va.description) VA ID: $($va.clients.id) VA Description: $($va.client.description)\"\n",
"}"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# IdentityNow Applications <a name=\"applications\"></a>\n",
"## Get IdentityNow Applications\n",
"\n",
"Get IdentityNow Customer Created and Managed Applications"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowApplication"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get the default out of the box default IdentityNow Applications"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$allApplications = Get-IdentityNowApplication -org $true\n",
"$allApplications"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Get a specific IdentityNow Application"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Get-IdentityNowApplication -appID $allApplications[101].id"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Update IdentityNow Applications \n",
"\n",
"Update an IdentityNow Applicaiton to hide it from the launchpad, app center and provisioning requests. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$appBody = @{ \n",
" \"launchpadEnabled\" = $false \n",
" \"provisionRequestEnabled\" = $false\n",
" \"appCenterEnabled\" = $false\n",
"} \n",
"Update-IdentityNowApplication -appID $allApplications[101].id -update ($appBody | ConvertTo-Json) "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Invoke IdentityNow Request <a name=\"invokerequest\"></a>\n",
"\n",
"API based IdentityNow Requests for functions that don't have a cmdlet.\n",
"\n",
"This cmdlet has options for v2 and v3 authentication and will provide the web request headers (with and without content-type = application/json / application/json-patch+json set). \n",
"\n",
"\n",
"<b>(URI)</b> You supply the URI for the request, the method (POST, GET, DELETE, PATCH) and the request will be sent, and the results sent back.\n",
"\n",
"\n",
"*or* \n",
"\n",
"\n",
"<b>(API Version and Path)</b> You supply the API version and the path for the API request along with the method (POST, GET, DELETE, PATCH) and the request will be sent, and the results sent back.\n",
"- *Hint* Get-IdentityNowOrg will show you the API Version to Path mappings\n",
"\n",
"```\n",
"Organisation Name customer-sb\n",
"Organisation URI https://customer-sb.identitynow.com\n",
"v1 Base API URI https://customer-sb.identitynow.com/api\n",
"v2 Base API URI https://customer-sb.api.identitynow.com/v2\n",
"v3 Base API URI https://customer-sb.api.identitynow.com/v3\n",
"Private Base API URI https://customer-sb.api.identitynow.com/cc/api\n",
"Beta https://customer-sb.api.identitynow.com/beta\n",
"```\n",
"\n",
"Request Methods are;\n",
"* Get\n",
"* Put\n",
"* Patch\n",
"* Delete\n",
"* Post\n",
"\n",
"Header options are; \n",
"* HeadersV2 - Headersv2 Digest Auth with no Content-Type set \n",
"* HeadersV3 - Headersv3 is JWT oAuth with no Content-Type set \n",
"* Headersv2_JSON - Headersv2_JSON is Digest Auth with Content-Type set for application/json\n",
"* Headersv3_JSON - Headersv3_JSON is JWT oAuth with Content-Type set for application/json\n",
"* Headersv3_JSON-Patch - Headersv3_JSON is JWT oAuth with Content-Type set for application/json-patch+json\n",
"\n",
"<b>OPTION:</b> -json switch to return request result as JSON. \n",
"\n",
"## Get the Schema of a Source\n",
"\n",
"*Note* An IdentityNow Source Schema can be returned using the <b>Get-IdentityNowSourceSchema</b> cmdlet. This example just shows how a Private API can be leveraged using Invoke-IdentityNowRequest.\n",
"\n",
"### Example 1 - URI"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$orgName = (Get-IdentityNowOrg).'Organisation Name'\n",
"$sources = Get-IdentityNowSource\n",
"$sourceID = $sources[0].id\n",
"Invoke-IdentityNowRequest -Method Get -Uri \"https://$($orgName).api.identitynow.com/cc/api/source/getAccountSchema/$($sourceID)\" -headers HeadersV3 "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Example 1 - API & Path"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$sourceID = \"12345\"\n",
"Invoke-IdentityNowRequest -API Private -path \"source/getAccountSchema/$($sourceID)\" -method Get -headers Headersv3 "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## List Identity Profiles\n",
"\n",
"*Note* IdentityNow Identity Profiles can be returned using the <b>Get-IdentityNowProfile</b> cmdlet. This example just shows how a V1 API can be leveraged using Invoke-IdentityNowRequest\n",
"\n",
"### Example 2 - URI\n",
"[Reference post](https://blog.darrenjrobinson.com/changing-sailpoint-identitynow-identity-profiles-priorities-using-powershell/)\n"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$orgName = (Get-IdentityNowOrg).'Organisation Name'\n",
"Invoke-IdentityNowRequest -Method Get -Uri \"https://$($orgName).identitynow.com/api/profile/list\" -headers Headersv2_JSON "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Example 2 - API & Path"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Invoke-IdentityNowRequest -API V1 -Method Get -path \"profile/list\" -headers Headersv2_JSON "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Get IdentityNow Identity Attributes\n",
"\n",
"*Note* IdentityNow Identity Attributes can be returned using the <b>Get-IdentityNowIdentityAttribute</b> cmdlet. This example just shows how a Private API can be leveraged using Invoke-IdentityNowRequest\n",
"\n",
"### Example 3 - URI\n",
"\n",
"[Reference post](https://blog.darrenjrobinson.com/indexing-a-sailpoint-identitynow-attribute-in-an-identity-cube-for-use-in-correlation-rules/)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"$orgName = (Get-IdentityNowOrg).'Organisation Name'\n",
"Invoke-IdentityNowRequest -Method Get -Uri \"https://$($orgName).api.identitynow.com/cc/api/identityAttribute/list\" -headers HeadersV3 "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Example 3 - API & Path"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"Invoke-IdentityNowRequest -API Private -path \"identityAttribute/list\" -method Get -headers HeadersV3"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Reports <a name=\"reports\"></a>\n",
"\n",
"## Generate IdentityNow Sources Configuration Report\n",
"\n",
"Generate an HTML Report of all configured IdentityNow Sources.\n",
"Outputs the configuration of each Source and the Source Schema to a local directory.\n",
"\n",
"Generate a Source Configuration Report to the C:\\Reports directory\n",
"By default the report uses an embedded SailPoint IdentityNow Image logo."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"New-IdentityNowSourceConfigReport -reportPath 'C:\\Reports'"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Generate a Source Configuration Report to the C:\\Reports directory and use a custom image from C:\\Images\\myCompanyLogo-240px.png\n",
"Image size must be 240px x 82px or close to it."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"New-IdentityNowSourceConfigReport -reportPath 'C:\\Reports' -reportImagePath 'C:\\Images\\myCompanyLogo-240px.png'"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Generate IdentityNow Identity Profiles Configuration Report\n",
"\n",
"Generate an HTML Report of all configured IdentityNow Identity Profiles.\n",
"Outputs the configuration of each IdentityNow Identity Profile to a local directory\n",
"\n",
"Generate an Identity Profile Configuration Report to the C:\\Reports directory\n",
"By default the report uses an embedded SailPoint IdentityNow Image logo."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"New-IdentityNowIdentityProfilesReport -reportPath 'C:\\Reports'"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Generate an Identity Profile Configuration Report to the C:\\Reports directory and use a custom image from C:\\Images\\myCompanyLogo-240px.png\n",
"Recommended image size 240px x 82px"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"New-IdentityNowIdentityProfilesReport -reportPath 'C:\\Reports' -reportImagePath 'C:\\Images\\myCompanyLogo-240px.png'"
]
}
],
"metadata": {
"kernelspec": {
"display_name": ".NET (PowerShell)",
"language": "PowerShell",
"name": ".net-powershell"
},
"language_info": {
"file_extension": ".ps1",
"mimetype": "text/x-powershell",
"name": "PowerShell",
"pygments_lexer": "powershell",
"version": "7.0"
}
},
"nbformat": 4,
"nbformat_minor": 4
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment