A Twitter Management Agent for Microsoft Identity Manager

In the last couple of weeks I’ve been evaluating a number of different approaches/concepts for some upcoming MIM development projects. Some of these I’ve blogged about already.

Having an Identity Manager Metaverse with identity data is a key dependency to being able to validate ideas and concepts. So what’s a good source of some interesting and varied identity data with string, integer, reference, and boolean attributes? Twitter? Yeah why not. There’s an API. Should be pretty quick to get some sample data right?

In this blog post I’m going to give an overview of creating a PowerShell Twitter Management Agent to consume Twitter identities and their data into Microsoft Identity Manager. I’ll cover;

• Obtaining Twitter user data from Twitter using PowerShell and the Twitter RestAPI
• Using Søren’s PowerShell Management Agent to import Twitter user data obtained via the RestAPI
• Manipulating the Twitter data into the MIM Synchronisation Engine

Twitter Data

Here’s an overview of my approach/rationale of what data I was looking for and how I got it from Twitter;

• I don’t need real-time data. Just identity data
• I need data of all different data-types
• I need data with all the randomness that identity data often contains
• I created a standalone script that took a seed Twitter identity (one of my accounts) and;
  • obtained the Twitter account info including the list of the Twitter accounts it followed
  • the Twitter accounts that follows it
• The standalone script uses the Twitter RestAPI to obtain the data and respected the service and rate-limits
• To make the Twitter API calls easy I leveraged the awesome InvokeTwitterAPI PowerShell Module from Shannon Conley & Mehmet Kaya available here https://github.com/MeshkDevs/InvokeTwitterAPIs . I notice that there is an updated version from Marc R Kellerman available here https://www.powershellgallery.com/packages/InvokeTwitterAPIs/2.1/Content/InvokeTwitterAPIs.psm1 that was released after I had done most of my work. Notably it supports having multiple OAuth keys and the ratelimit restrictions. The details below leverage this updated version.

Here is what a sample of some of the data looks like in the Metaverse.

Pre-requisites

You need to enable your Twitter Account for API access. Follow the details here 

Getting the Seed Twitter account info

By now you should have downloaded the Twitter PowerShell API Modules and installed them. If you haven’t get WMF5 installed and run the install-module command as shown below in Line 1.

Modify the script below to give the;

• Seed Twitter Account you want to bring in the Friends and Followers for as users into the MIM Metaverse
• The API keys associated with your Twitter account(s) you’re going to use to query the Twitter API
• The directory you want to dump the account info out to

….. and let it loose.

See the gist on github.

Now we have two XML files with a whole bunch of Twitter accounts and their metadata. There is an almost certainty that the seed account you’ve used is both followed by twitter accounts that you also follow. We’re going to need to remove the duplicates so that when we import the Twitter accounts into MIM we don’t have duplicates.

Basic, basic script to read in both files and spit out the unique Twitter Accounts is shown below.

See the gist on github.

Using the Granfeldt PowerShell Management Agent to import Twitter Identities

Consuming data into the MIM Sync Engine obtained via PowerShell is quick and simple utilising Søren Granfeldt’s extremely versatile PowerShell Management Agent. I’m just going to cover importing the data from the XML file we generated above.

Getting Started with the Granfeldt PowerShell Management Agent

First up, you can get it from here. Søren’s documentation is pretty good but does assume you have a working knowledge of FIM/MIM and this blog post is no different.

A few items of note are;

• You must have a Password.ps1 file. Even though we’re not doing password management on this MA, the PS MA configuration requires a file for this field. The .ps1 doesn’t need to have any logic/script inside it. It just needs to be present
• Same for an Export.ps1 file. I’m not doing any exports on the MA, but an export script must be present.
• The credentials you give the MA to run this MA are irrelevant as they aren’t used as part of the import as I’m bringing in data from files generated via separate PowerShell scripts
• The path to the scripts in the PS MA Config must not contain spaces and be in old-skool 8.3 format. I’ve chosen to store my scripts in an appropriately named subdirectory under the MIM Extensions directory. Tip: from a command shell use dir /x to get the 8.3 directory format name. Mine looks like C:\PROGRA~1\MICROS~2\2010\SYNCHR~1\EXTENS~2\Twitter

Import Twitter Users into Microsoft Identity Manager

Using the guidance above on the Granfeldt PSMA here are the two key scripts for the Twitter MA.

The Schema Script to expose the core Twitter identity attributes.

Schema Script

See the gist on github.

Import Script

The Import Script that takes the rationalised XML file created earlier from the friends and followers queries and populates the connector space.

See the gist on github.

Password Script

Required by the PSMA but not used as detailed earlier

See the gist on github.

Export Script

Required by the PSMA but not used as detailed earlier

See the gist on github.

Creating the Management Agent

Path to the Schema Script in 8.3 format as detailed earlier.

Path to the Import, Export and Password scripts also in 8.3 format.

Select the attributes you want to bring in to the connector space.

Any Join logic, and a Projection Rule.

Import Flow Rules to bring in the Tweeters.

Create your Run Profiles, perform a Stage and Full Sync and BAM; Tweeters in the Metaverse. Real Word Identity Data Ahoy. Exception testing commences now.

Follow Darren on Twitter @darrenjrobinson