Release 1.1.4 SailPoint IdentityNow PowerShell Module

UPDATE 13 July 2021: v1.1.5 is now available with a
few enhancements and bug fixes. 

I’ve just published v1.1.4 of the SailPoint IdentityNow PowerShell Module to both GitHub and the PowerShell Gallery. Release 1.1.4 of the SailPoint IdentityNow PowerShell Module is the result of considerable effort by myself and Sean McGovern. Release 1.1.4’s numerous updates comprise changes to cmdlets to account for changes to IdentityNow API authentication, four new cmdlets, cmdlet updates for API changes, bug-fixes and documentation updates.

Version 1.1.3 to Version 1.1.4 Release Notes

  • SailPoint IdentityNow PowerShell Module Authentication Configuration
    • Updates for deprecation of ‘password’ based API client credentials
    • Updates to setup the IdentityNow PowerShell Module with a new configuration following the deprecation of the ‘password’ client credentials method.
    • Personal Access Token is the preferred default method for API authentication moving forward. SailPoint Compass Reference
    • Configuring access and credentials for IdentityNow MUST utilize Personal Access Tokens. While logged into the IdentityNow Portal select your Identity Name in the top right corner of the menu bar, select Preferences => Personal Access Tokens => New Token => Create.
      • Set your Personal Access Token for use with the module.
$orgName = "customername-sb"
Set-IdentityNowOrg -orgName $orgName

$adminPWD = 'idnAdminUserPassword'
$adminUSR = 'yourIDNAdminID'
$adminCreds = [pscredential]::new($adminUSR, ($adminPWD | ConvertTo-SecureString -AsPlainText -Force)) 

$patClientID = 'yourClientID'
$patClientSecret = 'yourClientSecret'
$patCreds = [pscredential]::new("$($patClientID)", ($patClientSecret | ConvertTo-SecureString -AsPlainText -Force))

Set-IdentityNowCredential -AdminCredential $adminCreds -PersonalAccessToken $patCreds
Save-IdentityNowConfiguration

New cmdlets in v1.1.4

  • Export-IdentityNowConfig
    • Exports IdentityNow Access Profiles, API Clients, Applications, Cert Campaigns, Email Templates, Governance Groups, Identity Attributes, Identity Profiles, OAuth API Clients, Roles, Rules, Sources, Transforms, VA Clusters, to files to make comparisons or check into source control
  • Invoke-IdentityNowAccountCorrelation
    • Compare identities to a source’s uncorrelated accounts to see if there are un-joined accounts which would benefit from an unoptimized aggregation or manual correlation csv upload
  • New-IdentityNowSourceEntitlements
    • Create/Update IdentityNow Entitlements on a Flat File Source
  • Search-IdentityNow
    • A single v3 Search cmdlet that in future versions will supersede the individual Search cmdlets.
    • Search IdentityNow Access Profiles, Account Activities, Accounts, Aggregations, Entitlements, Events, Identities, Roles.

v1.1.4 Updated cmdlets

  • Get-IdentityNowIdentityAttributePreview
    • Fix ambiguous error messages.
    • Feedback for invalid Identity Profile or User now more descriptive and concise.
  • Search-IdentityNowEntitlements
    • Fix for message “The request was syntactically correct but its content is semantically invalid.”
  • New-IdentityNowSourceConfigReport & New-IdentityNowIdentityProfilesReport
    • Reports with custom image would fail on PowerShell 6 and above due to Get-Content syntax for getting data as Byte / Byte stream.
      • Fixed and now both cmdlets work with custom images on Windows PowerShell 5.x and PowerShell 6+.
  • Get-IdentityNowIdentityAttribute, Update-IdentityNowIdentityAttribute & Invoke-IdentityNowRequest
    • Invoke-IdentityNowRequest fixed for deprecation of grantType Password.
    • Get-IdentityNowIdentityAttribute and Update-IdentityNowIdentityAttribute fixed for auth and updating for attribute to be searchable and used in correlation.
  • Update-IdentityNowProfileOrder
    • Fixes to examples and updates to include examples in the readme for Update-IdentityNowProfileOrder
  • Invoke-IdentityNowSourceReset
    • Source Reset is a v1 API.
    • Updated to support use a v3JWT Auth Header
  • Update-IdentityNowProfileMapping
    • Fix to allow an array of attributes

Full List of Cmdlets

Below is a full list of Release 1.1.4 SailPoint IdentityNow PowerShell Module cmdlets.

Complete-IdentityNowTask
Convert-UnixTime
Export-IdentityNowConfig
Get-HashString
Get-IdentityNowAccessProfile
Get-IdentityNowAccountActivities
Get-IdentityNowAccountActivity
Get-IdentityNowActiveJobs
Get-IdentityNowAPIClient
Get-IdentityNowApplication
Get-IdentityNowAuth
Get-IdentityNowCertCampaign
Get-IdentityNowCertCampaignReport
Get-IdentityNowEmailTemplate
Get-IdentityNowGovernanceGroup
Get-IdentityNowIdentityAttribute
Get-IdentityNowIdentityAttributePreview
Get-IdentityNowOAuthAPIClient
Get-IdentityNowOrg
Get-IdentityNowOrgConfig
Get-IdentityNowOrgStatus
Get-IdentityNowPersonalAccessToken
Get-IdentityNowProfile
Get-IdentityNowProfileOrder
Get-IdentityNowQueue
Get-IdentityNowRole
Get-IdentityNowRule
Get-IdentityNowSource
Get-IdentityNowSourceAccounts
Get-IdentityNowSourceSchema
Get-IdentityNowTask
Get-IdentityNowTimeZone
Get-IdentityNowTransform
Get-IdentityNowVACluster
Invoke-IdentityNowAggregateSource
Invoke-IdentityNowRequest
Invoke-IdentityNowSourceReset
Join-IdentityNowAccount
New-IdentityNowAccessProfile
New-IdentityNowAPIClient
New-IdentityNowCertCampaign
New-IdentityNowGovernanceGroup
New-IdentityNowIdentityProfilesReport
New-IdentityNowOAuthAPIClient
New-IdentityNowPersonalAccessToken
New-IdentityNowProfile
New-IdentityNowRole
New-IdentityNowSource
New-IdentityNowSourceAccountSchemaAttribute
New-IdentityNowSourceConfigReport
New-IdentityNowSourceEntitlements
New-IdentityNowTransform
New-IdentityNowUserSourceAccount
Remove-IdentityNowAccessProfile
Remove-IdentityNowAPIClient
Remove-IdentityNowGovernanceGroup
Remove-IdentityNowOAuthAPIClient
Remove-IdentityNowPersonalAccessToken
Remove-IdentityNowProfile
Remove-IdentityNowRole
Remove-IdentityNowSource
Remove-IdentityNowTransform
Remove-IdentityNowUserSourceAccount
Save-IdentityNowConfiguration
Search-IdentityNow
Search-IdentityNowEntitlements
Search-IdentityNowEvents
Search-IdentityNowIdentities
Search-IdentityNowUserProfile
Search-IdentityNowUsers
Set-IdentityNowCredential
Set-IdentityNowOrg
Set-IdentityNowTimeZone
Set-IdentityNowTransformLookup
Start-IdentityNowCertCampaign
Start-IdentityNowProfileUserRefresh
Test-IdentityNowCredentials
Test-IdentityNowSourceConnection
Test-IdentityNowTransforms
Update-IdentityNowAccessProfile
Update-IdentityNowApplication
Update-IdentityNowEmailTemplate
Update-IdentityNowGovernanceGroup
Update-IdentityNowIdentityAttribute
Update-IdentityNowOrgConfig
Update-IdentityNowProfileMapping
Update-IdentityNowProfileOrder
Update-IdentityNowRole
Update-IdentityNowSource
Update-IdentityNowTransform
Update-IdentityNowUserSourceAccount

Want to contribute?

Found an issue and want us to fix it? Log it here and we’ll take a look at it.
Want to fix an issue yourself or add functionality? Clone the project and submit a pull request.
Any and all contributions are more than welcome and appreciated.