Changing SailPoint IdentityNow Identity Profiles Priorities using PowerShell

Update: Oct 2019. IdentityNow Profiles Priorities can be easily managed using the SailPoint IdentityNow PowerShell Module.

In SailPoint IdentityNow a single user is highly likely to be represented on multiple Sources, that in turn are likely to be authoritative for differing SailPoint IdentityNow Identity Profiles. Often the first or last Identity Profile you create isn’t the one you wish to have the highest or lowest profile and you therefore need to change an Identity Profiles precedence so that the correct Identity Profile is associated with your identities.

The priority of IdentityNow Identity Profiles cannot be changed through the Portal, but it is possible to perform the change via the API as detailed in this Compass document.

Rather than following the Postman path described in that document, knowing I’m going to need to do this irregularly but relatively quickly I’ve written a little PowerShell script to make the changes.

By default an Identity Profile when created is added to the bottom of the list and their priority increased by 10 from the last Identity Profiles’ priority. The script will by default make the Identity Profile you choose 5 higher that the Identity Profile you’re moving it above.

The following screenshot shows 5 Identity Profiles in their priority order. Let’s say we wanted to move the System Accounts Identity Profile from the bottom priority to between Cloud Identities and Badged Identities.

Using the script (at the bottom of this post) we can authenticate to IdentityNow and retrieve the IdentityNow Profiles with their Priorities. It will ask which IdentityNow Profile you wish to increase the priority of. By default it defaults to the one at the lowest priority.

You are then prompted for where you would like to move it. Type the name of the Identity Profile you want to move it above.

Confirm your selections by typing ‘y’. Anything else will cancel the operation.

The update will be made in IdentityNow and the output will indicate the updated priority given to the Identity Profile that was moved.

Checking in the IdentityNow Portal we can see that they Identity Profile was moved from the bottom to between Cloud Identities and Badged Identities.

The Script

Below is the script that performs the changes to Identity Profiles priorities. Update the following script for;

• Line 2 for your Client ID
• Line 4 for your Client Secret
• Line 8 for your Org name
• Line 10 for your Admin Account name
• Line 11 for your Admin Account password

See the gist on github.

Summary

Using this script is a quick way to change the priority of Identity Profiles in SailPoint IdentityNow.