Update: Oct 2019. IdentityNow Tasks can be easily managed using the SailPoint IdentityNow PowerShell Module.
In SailPoint IdentityNow when using the Request Center, tasks are created for activities that are not able to be automatically (directly) fulfilled. Essentially completion of the request requires someone to do something, then return to the IdentityNow Portal and flag the Task as complete. What if we want to see what Tasks are open and flag them as complete through external automation?
Well, this SailPoint IdentityNow Compass article gives the only background to using the API to get visibility of Tasks. But what we needed to do was;
This post will cover the first and last bullet points. The performing the operation will be dependent on what you have integrated with and what is being requested for an Entitlement.
I’m using a v3 Token to access the IdentityNow API’s. I detailed that in this post here. If you don’t have API keys for the v3 endpoint you can use this method to get the oAuth JWT Token. You will also need to make sure that you don’t have any Content-Type set in your headers. If you do then you will get an error message like this;
To enumerate all tasks we need to call the API /task/listAll. Using PowerShell and the access token from one of the methods listed in the prerequisites we can make the following call.
$orgName = "myOrgName" $tasksURI = "https://$($orgName).identitynow.com/api/task/listAll" $tasksList = Invoke-RestMethod -method Get -uri $tasksURI -Headers @{Authorization = "$($v3Token.token_type) $($v3Token.access_token)"} $tasksList.items
A task then looks like this;
To retrieve an individual task we need to know the ID of the task. If we know what we are looking for we can use PowerShell to locate the specific task, get the ID then get that individual task.
The following command shows looking through the Task items and finding tasks that are ManualAction, are not completed and contain Luke in the description.
$manualActions = $tasksList.items | select-object | Where-Object {$_.type -eq "ManualAction" -and $_.complete -eq $false -and $_.description -like "*Luke*"} $taskID = $manualActions.id
With our Task identified we can then retrieve it using the API /task/get/{taskID}
$utime = [int][double]::Parse((Get-Date -UFormat %s)) $getIdvTaskbyIDURI = "https://$($orgName).api.identitynow.com/cc/api/task/get/$($taskID)?_dc=$($uTime)" $indvTask = Invoke-RestMethod -method Get -uri $getIdvTaskbyIDURI -Headers @{Authorization = "$($v3Token.token_type) $($v3Token.access_token)"} $indvTask
Looking at it, it is the one we wanted.
With the task ID we can then update the Task and mark it as completed. To complete the task we make a POST request to task/complete/{taskID}
$completeTaskURI = "https://$($orgName).api.identitynow.com/cc/api/task/complete/$($taskID)" $completeTask = Invoke-RestMethod -method Post -uri $completeTaskURI -Headers @{Authorization = "$($v3Token.token_type) $($v3Token.access_token)"} $completeTask
The API will return the object on Success.
Looking in the IdentityNow Portal we can see that the Task is showing as Completed.
Using the IdentityNow Task API’s we can get a list of Tasks, search and find the task we are looking for and retrieve all the details it before finally updating the status of the Task to complete.
A few weeks back the Microsoft AI Tour was in Sydney Australia. There was a…
If you're anything like me you always have PowerShell open, and often both PowerShell and…
Decentralised Identity is a technology I'm passionate about and have written many posts and tools…
Over two years ago I authored a PowerShell Module that enabled the automation of 1Password.…
Buried in my PowerShell Snippets Vol 4 post from 2021 is the PowerShell script and…
Short post on how to recovery from "The Windows Subsystem for Linux instance has terminated"…
This website uses cookies.
View Comments