Updated Documentation for new cmdlets is here. Updated 27 Oct 2022 for v1.1.6. New cmdlets, updated cmdlets for API changes, documentation updates and bugfixes. Full details here. Updated 22 June 2021 for v1.1.4. Four new cmdlets and updates to numerous other cmdlets for API and authentication changes. Full details here. Updated 11 August 2020 for v1.1.2. New cmdlets, updates to deprecate v2 auth, documentation and example updates. Full details here. Updated 17 June 2020 for v1.1.0 with all cmdlets updated, new cmdlets, documentation and an example PowerShell Jupyter Notebook. Full details here. Updated 25 March 2020 for v1.0.7 with additional cmdlets, cmdlet updates, a bugfix and PowerShell v7 validation. Full details here. Updated 9 Jan 2020 for v1.0.6 with additional cmdlets PowerShell Core compatibility and the removal of a dependency on the PSCX Module. Full details here. Updated 26 Nov 2019 for v1.0.5 with additional cmdlets to; Store multiple Org Credentials and switch between them (courtesy of Sean McGovern) Get IdentityNow Activities (via Search) Get IdentityNow Identities (via Search) Update IdentityNow Source Generate IdentityNow Source Configuration HTML Report Generate IdentityNow Identity Profile Configuration HTML Report Create and Delete IdentityNow Sources (courtesy of Sean McGovern) Test Identity Source Connection (courtesy of Sean McGovern) New IdentityNow Source Account Schema Attribute (courtesy of Sean McGovern) Get and Update IdentityNow Attributes Get the IdentityNow Attribute List Reset an IdentityNow Source Updated 5 Nov 2019 for v1.0.4 with additional cmdlets to; Search Audit Events (v2 API) Search Events (BETA Search API) Get-IdentityNowSourceAccounts now has -attributes switch to retrieve account attributes Updated 22 Oct 2019 for v1.0.3 with additional cmdlets to; Create / Get / Remove v2 API Clients (Legacy) Create / Get / Remove v3 oAuth API Clients Updated 17 Oct 2019 for v1.0.2 with additional cmdlets to; Create / Get / Update / Remove IdentityNow Transforms Get IdentityNow Rules Get / Update Email Templates Get IdentityNow Profiles Get / Update IdentityNow Profiles Order
I’ve just published v1 of my SailPoint IdentityNow PowerShell Module. Don’t want to wait or read anymore? You can install it from the PowerShell Gallery
install-module -name SailPointIdentityNow -RequiredVersion 1.1.4
Here is a quick overview of each of the cmdlets from the SailPoint IdentityNow PowerShell Module. As alluded to above they allow you to retrieve, update, create and remove IdentityNow elements.
The following cmdlets (Set-IdentityNowOrg, Set-IdentityNowCredential, Save-IdentityNowConfiguration) securely store the credentials required to operate the cmdlets in your PowerShell Profile. They will autoload each time you import the IdentityNow PowerShell module. If you are only integrating with one environment you only need to do this once per host you are using the module on.
NOTE: This module requires a v3 API ClientID and Secret that can now be generated via the IdentityNow Admin Portal and a v2 API ClientID and Secret generated via API. See this post for details on how to generate them.
Update the following example with your credentials and API keys. The credentials shown below aren’t real, but random chars in the indicative format.
$orgName = "customername-sb" Set-IdentityNowOrg -orgName $orgName # IdentityNow Admin User $adminUSR = "identityNow_admin_User" $adminPWD = 'idnAdminUserPassword' $adminCreds = [pscredential]::new($adminUSR, ($adminPWD | ConvertTo-SecureString -AsPlainText -Force)) # Customer IdentityNow Org v3 API Creds generated in IdentityNow Portal $clientIDv3 = "badbeef6-5f24-4448-ac0b-abcdefG" $clientSecretv3 = "770a71abcdef5301848d00000d8760fe0d9f632383775b315aa1234567890" $v3Creds = [pscredential]::new($clientIDv3, ($clientSecretv3 | ConvertTo-SecureString -AsPlainText -Force)) # Customer IdentityNow v2 API Client ID & Secret generated via API $clientID = 'zo7ABCDaTHjA0Rwv' # Your API Client Secret $clientSecret = '3Zm9Qod4sWhihABCdefgCX9DIfmwAZiP' $v2Creds = [pscredential]::new($clientID, ($clientSecret | ConvertTo-SecureString -AsPlainText -Force)) Set-IdentityNowCredential -AdminCredential $adminCreds -v2APIKey $v2Creds -v3APIKey $v3Creds Save-IdentityNowConfiguration
Display the configured IdentityNow Organisation as set by “Set-IdentityNowOrg”
API endpoints for currently configured organisation – Example
Get-IdentityNowOrg Name Value ---- ----- Organisation Name customer-sb Organisation URI https://customer-sb.identitynow.com v1 Base API URI https://customer-sb.identitynow.com/api v2 Base API URI https://customer-sb.api.identitynow.com/v2 v3 / Private Base API URI https://customer-sb.api.identitynow.com/cc/api
Update an IdentityNow Organisation Setting – Example
[Reference post]
$orgConfig = Get-IdentityNowOrgConfig $approvalConfig = $orgConfig.approvalConfig # global reminders and escalation policies for access request approvals $daysBetweenReminders = 3 $daysTillEscalation = 5 $maxReminders = 10 # SailPoint user name of the identity $fallbackApprover = "darren.robinson" # Set Config options to update $approvalConfig.daysBetweenReminders = $daysBetweenReminders $approvalConfig.daysTillEscalation = $daysTillEscalation $approvalConfig.maxReminders = $maxReminders $approvalConfig.fallbackApprover = $fallbackApprover $approvalConfigBody = @{"approvalConfig" = $approvalConfig } Update-IdentityNowOrgConfig -update ($approvalConfigBody | convertto-json)
Search for IdentityNow Users – Examples
[Reference post]
Search-IdentityNowUsers -query darrenjrobinson Search-IdentityNowUsers -query "@accounts(accountId:darren.robinson)" Search-IdentityNowUsers -query "@source(id:2c91808469110d6a016954d4dad138a3)" Search-IdentityNowUsers -query "@access(source.name:*Active Directory*) AND attributes.company:Kloud"
Search for a user’s IdentityNow Profile from the IdentityNow Identity List – Example
[Reference post – See Profile Owner Section]
Search-IdentityNowUserProfile -query "darrenjrobinson"
Search for Entitlements associated with IdentityNow Sources – Example
[Reference post]
Search-IdentityNowEntitlements -query "File_Share_Sydney"
Get all IdentityNow Access Profiles – Example
[Reference post]
Get-IdentityNowAccessProfile
Get a specific IdentityNow Access Profile – Example
Get-IdentityNowAccessProfile -profileID 2c91808369a606f00169c756f0a00017
Create an IdentityNow Access Profile – Example 1
New-IdentityNowAccessProfile -profile "{"entitlements": ["2c91808668dcf3970168dd722e7a020d","2c91808468dcf4610168dd78d2e8531e"],"description": "FS-SYDNEY-AUS-ENGINEERING","requestCommentsRequired": true,"sourceId": "39082","approvalSchemes": "manager","ownerId": "1397606","name": "Sydney Engineering","deniedCommentsRequired": true}"
Create an IdentityNow Access Profile – Example 2
# Get Owner for Access Profile $owner = Search-IdentityNowUserProfile -query "darren.robinson" # Get Source for Access Profile $sources = Get-IdentityNowSource $adSource = $sources | Select-Object | Where-Object {$_.name -like '*Active Directory*'} # Entitlements $entitlement = Search-IdentityNowEntitlements -query "FS-SYDNEY-AUS-ENGINEERING" $e = $entitlement | Select-Object | Where-Object {$_.source.name -eq 'Active Directory'} # Access Profile Details $accessProfile = @{} $accessProfile.add("name", "Sydney Engineering") $accessProfile.add("description", "FS-SYDNEY-AUS-ENGINEERING") $accessProfile.add("sourceId", $adSource.id) $accessProfile.add("ownerId", $owner.id) # Access Profile Entitlements $entitlements = @() ForEach($i in $e) {$entitlements += $i.id} $entitlementsToAdd = @{"entitlements" = $entitlements} $accessProfile.add("entitlements", $entitlementsToAdd.entitlements) # Access Profile Type $accessProfile.add("approvalSchemes", "manager") $accessProfile.add("requestCommentsRequired", $true) $accessProfile.add("deniedCommentsRequired", $true) New-IdentityNowAccessProfile -profile ($accessProfile | convertto-json)
Update an IdentityNow Access Profile – Example 1
Update-IdentityNowAccessProfile -profileID 2c91808466a64e330112a96902ff1f69 -update "{"deniedCommentsRequired": true,"requestCommentsRequired": true}"
Update an IdentityNow Access Profile – Example 2
$ap = Get-IdentityNowAccessProfile $accessProfile = $ap | Select-Object | Where-Object {$_.description -like '*Darren*'} $updateAccessProfile = @{} $updateAccessProfile.Add("requestCommentsRequired", $true) $updateAccessProfile.Add("deniedCommentsRequired", $true) Update-IdentityNowAccessProfile -profileID $accessProfile.id -update ($updateAccessProfile | convertto-JSON)
Remove an IdentityNow Access Profile – Example 1
Remove-IdentityNowAccessProfile -profileID 2c91808369a606f00169c756f0a00017
Remove an IdentityNow Access Profile – Example 2
$ExistingAPs = Get-IdentityNowAccessProfile $myAP = $ExistingAPs | Select-Object | Where-Object {$_.name -like "*My Access Profile*"} Remove-IdentityNowAccessProfile -profileID $myAP.id
Get all (active and completed) IdentityNow Certification Campaigns – Example
[Reference post]
Get-IdentityNowCertCampaign -completed $false
Get a specific IdentityNow Certification Campaign – Example
Get-IdentityNowCertCampaign -campaignID 2c9180856708ae38016709f4812345c3
Create an IdentityNow Certification Campaign – Example
[Reference post]
$query = "@apps.name:'Special Application'" $campaignFilter = Search-IdentityNowUsers -query $query $entitlements = $null $e = $campaignFilter.access | where-object { $_.type -eq "ENTITLEMENT" } | Select-Object id $entitlements = $e | Select-Object -Property id -Unique $roles = $null $r = $campaignFilter.access | where-object { $_.type -eq "ROLES" } | Select-Object id $roles = $r | Select-Object -Property id -Unique $accessProfiles = $null $a = $campaignFilter.access | where-object { $_.type -eq "ACCESS_PROFILE" } | Select-Object id $accessProfiles = $a | Select-Object -Property id -Unique $inclusionList = @() $InclusionTemplate = [pscustomobject][ordered]@{ id = $null type = $null } # ROLES foreach ($role in $roles) { $incRole = $InclusionTemplate.PsObject.Copy() $incRole.id = $role.id $incRole.type = "ROLE" $inclusionList += $incRole } # ENTITLEMENTS foreach ($entitlement in $entitlements) { $incEntitlement = $InclusionTemplate.PsObject.Copy() $incEntitlement.id = $entitlement.id $incEntitlement.type = "ENTITLEMENT" $inclusionList += $incEntitlement } # ACCESS PROFILES foreach ($accessProfile in $accessProfiles) { $incAccessProfile = $InclusionTemplate.PsObject.Copy() $incAccessProfile.id = $accessProfile.id $incAccessProfile.type = "ACCESS_PROFILE" $inclusionList += $incAccessProfile } $e = $inclusionList | select-object -Property type | Where-Object { $_.type -eq "ENTITLEMENT" } $a = $inclusionList | select-object -Property type | Where-Object { $_.type -eq "ACCESS_PROFILE" } $r = $inclusionList | select-object -Property type | Where-Object { $_.type -eq "ROLE" } write-host -ForegroundColor Blue "Campaign scope covers $($r.type.count) Role(s), $($e.type.count) Entitlement(s) and $($a.type.count) Access Profile(s)." # Create Campaign $campaignOptions = @{ } $campaignOptions.Add("type", "Identity") $campaignOptions.Add("timeZone", "GMT+1000") $campaignOptions.Add("name", "Oct 2019 Special App Campaign") $campaignOptions.Add("allowAutoRevoke", $false) $campaignOptions.Add("deadline", "2019-11-1") $campaignOptions.Add("description", "Special App Oct 2019") $campaignOptions.Add("disableEmail", $true) $campaignOptions.Add("identityIdList", @()) $campaignOptions.Add("identityQueryString", $query ) $campaignOptions.Add("accessInclusionList", $inclusionList) $campaignBody = $campaignOptions | ConvertTo-Json New-IdentityNowCertCampaign -start $true -campaign $campaignBody
Get all certification campaign reports from the last year and output them to a local folder – Example
[Reference post]
Get-IdentityNowCertCampaignReport -period "365" -outputPath "C:\Reports"
Get certification campaign reports for a specific campaign and return as PSObject – Example
Get-IdentityNowCertCampaign -campaignID '2c918085694a507f01694b9fcce6002f'
Get IdentityNow Governance Groups – Example
[Reference post]
Get-IdentityNowGovernanceGroup
Get a specific IdentityNow Governance Group – Example
Get-IdentityNowGovernanceGroup -groupID 4fc249bd-46ff-405a-93b9-21372f97c352
Update an IdentityNow Governance Group to remove one member and add two members – Example
# Get Group $govGroups = Get-IdentityNowGovernanceGroup $myGroup = $govGroups | Select-Object | Where-Object { $_.description -like "*My IDN Governance Group*" } # Add $user1 = Search-IdentityNowUsers -query "@accounts(accountId:darren.robinson)" $user2 = Search-IdentityNowUsers -query "@accounts(accountId:rick.sanchez)" $user3 = Search-IdentityNowUsers -query "@accounts(accountId:morty.smith)" $add = @() $remove = @() $add += $user3.id $add += $user2.id $remove += $user1.id $update = (@{ add = $add remove = $remove }) Update-IdentityNowGovernanceGroup -groupID $myGroup.id -update ($update | convertto-json)
Create an IdentityNow Governance Group and assign an owner – Example
$GovGroupOwner = Search-IdentityNowUsers -query "@accounts(accountId:darren.robinson)" $body = @{"name" = "New IDN Module Gov Group"; "displayName" = "New Module Gov Group"; "description" = "New Module Gov Group"; "owner" = @{"displayName" = $GovGroupOwner.displayName; "emailAddress" = $GovGroupOwner.email; "id" = $GovGroupOwner.id; "name" = $GovGroupOwner.name } } New-IdentityNowGovernanceGroup -group ($body | convertto-json)
Delete an IdentityNow Governance Group – Example
Remove-IdentityNowGovernanceGroup -groupID 4fc249bd-46ff-405a-93b9-21372f97c352
Get IdentityNow Roles – Example
[Reference post]
Get-IdentityNowRole
Get a specific IdentityNow Role – Example
Get-IdentityNowRole -roleID 2c918084691653af01695182a78b05ec
Update an IdentityNow Role – Example
[Reference post]
$body = @{ "id" = "2c9180886cd58059016d1a4757d709a4" "name" = "Role - Special Admins"; "displayName" = "Special Admins"; "description" = "Special Admins Role"; "disabled" = $false; "owner" = "darrenjrobinson" } Update-IdentityNowRole -update ($body | convertto-json)
Create an IdentityNow Role – Example
$body = @{ "name" = "Role - Special Administrators"; "displayName" = "Special Administrators"; "description" = "Special Administrators Role"; "disabled" = $true; "owner" = "darrenjrobinson" } New-IdentityNowRole -role ($body | convertto-json)
Delete an IdentityNow Role – Example
Remove-IdentityNowRole -roleID 2c9180886cd58059016d1a5a23f609a8
Get all IdentityNow Sources – Example
[Reference post]
Get-IdentityNowSource
Get a specific IdentityNow Source – Example
Get-IdentityNowSource -sourceID 12345
Get accounts from an IdentityNow Source – Example
[Reference post]
Get-IdentityNowSourceAccounts -sourceID 40113
Create an account on an indirect IdentityNow Source – Example
[Reference post]
$account = @{"id" = 'darrenjrobinson'; "name" = 'darrenjrobinson'; "givenName" = 'Darren'; "familyName" = 'Robinson'; "displayName" = 'Darren Robinson'; "email" = 'darren.robinson@customer.com.au' } New-IdentityNowUserSourceAccount -source 36702 -account ($account | convertto-json)
Update an account on an indirect IdentityNow Source – Example
[Reference post]
$update = @{ "country" = "Australia" "department" = "Identity Architects" "organization" = "Kloud" } Update-IdentityNowUserSourceAccount -account 2c91808469110d6a016954d4dad138a3 -update ($update | ConvertTo-Json)
Delete an IdentityNow account from an indirect IdentityNow Source – Example (assumes user only has a single account on an indirect source)
[Reference post]
$user = Search-IdentityNowUsers -query "@accounts(accountId:darrenjrobinson)" $userIndirectAccounts = $user.accounts | select-object | where-object { ($_.source.type.contains("DelimitedFile")) } $account = $userIndirectAccounts.id Remove-IdentityNowUserSourceAccount -account $account
Get IdentityNow Tasks – Example
[Reference post]
Get-IdentityNowTask
Get a specific IdentityNow Task – Example
Get-IdentityNowTask -taskID 2c918084691120d0016926a6a94251d6
Mark and IdentityNow Task as complete – Example
Complete-IdentityNowTask -taskID 2c918084691120d0016926a6a94251d6
Get IdentityNow Virtual Appliance Clusters – Example
[Reference post]
Get-IdentityNowVACluster
Get IdentityNow Virtual Appliances from a cluster – Example
$clusters = Get-IdentityNowVACluster foreach($va in $clusters){ "Cluster: $($va.description) VA ID: $($va.clients.id) VA Description: $($va.client.description)" }
Get IdentityNow Customer Created and Managed Applications – Example
[Reference post]
Get-IdentityNowApplication
Get IdentityNow Customer default configured SailPoint Applications – Example
Get-IdentityNowApplication -org $true
Get a specific IdentityNow Applications – Example
Get-IdentityNowApplication -appID 32128
Update an IdentityNow Application – Example
$appBody = @{ "launchpadEnabled" = $false "provisionRequestEnabled" = $false "appCenterEnabled" = $false } Update-IdentityNowApplication -appID 24188 -update ($appBody | ConvertTo-Json)
Aggregate an IdentityNow Source – Example
[Reference post]
Invoke-IdentityNowAggregateSource -sourceID 12345
Aggregate an IdentityNow Source without optimization – Example
[Reference post]
Invoke-IdentityNowAggregateSource -sourceID 12345 -disableOptimization $true
Get IdentityNow Transforms – Example
Get-IdentityNowTransform
Get an IdentityNow Transform – Example
Get-IdentityNowTransform -ID ToUpper
Update an IdentityNow Transform – Example
$attributes = @{value = '$firstName.$lastname@$company.com.au'} $transform = @{type = "static"; attributes = $attributes} Update-IdentityNowTransform -transform ($transform | convertto-json) -ID "Firstname.LastName"
Create an IdentityNow Transform – Example
$attributes = @{value = '$firstName.$lastname'} $transform = @{type = "static"; id = "FirstName.LastName"; attributes = $attributes} New-IdentityNowTransform -transform ($transform | convertto-json)
Delete an IdentityNow Transform – Example
Remove-IdentityNowTransform -ID "Firstname.LastName"
Get IdentityNow Rules – Example
Get-IdentityNowRule
Get an IdentityNow Rule – Example
Get-IdentityNowRule -ID 2c9170826219ab41014275b47fc40b0a
Get Email Templates – Example
Get-IdentityNowEmailTemplate
Get an Email Template – Example
Get-IdentityNowEmailTemplate -ID 2c91601362431b32016275b4241b08f0
Update Email Template – Example
$templateChanges = @{} $templateChanges.add("id","2c91601362431b32016275b4241b08f0") $templateChanges.add("subject",'Access Request requires completion of Work Item ID : $workItemName') Update-IdentityNowEmailTemplate -template ($templateChanges | ConvertTo-Json)
Get IdentityNow Identity Profiles – Example
Get-IdentityNowProfile
Get an IdentityNow Profile – Example
Get-IdentityNowProfile -ID 1033
Get IdentityNow Profiles Order – Example
Get-IdentityNowProfileOrder ProfileName Priority ID ----------- -------- -- IdentityNow Admins 10 1066 Cloud Identities 30 1285 Guest Identities 40 1286 Special Identities 60 1372 Non Employee Identities 70 1380 Employee Identities 80 1387
Update IdentityNow Profile Order – Example
Update-IdentityNowProfileOrder -id 1285 -priority 20
Get all v2 API Clients (listed as Legacy in the IdentityNow portal under API Management ) – Example
Get-IdentityNowAPIClient
Get a single v2 API Client – Example
Get-IdentityNowAPIClient -ID 123
Create a v2 API Client – Example
New-IdentityNowAPIClient
Remove a v2 API Client – Example
Remove-IdentityNowAPIClient -ID 123
Get oAuth API (v3) Clients – Example
Get-IdentityNowOAuthAPIClient
Get an oAuth API (v3) Client – Example
Get-IdentityNowOAuthAPIClient -ID '8432e57d-5f8f-dead-beef-a7bf123456a1'
Create an oAuth API Client (v3) – Example
New-IdentityNowOAuthAPIClient -description 'oAuth Client' -grantTypes 'AUTHORIZATION_CODE,CLIENT_CREDENTIALS,REFRESH_TOKEN,PASSWORD' -redirectUris 'https://localhost,https://myapp.com.au'
Remove an oAuth API Client (v3) – Example
Remove-IdentityNowOAuthAPIClient -ID '9e23deaf-48aa-dead-beef-ab6821a12ab2'
Search IdentityNow Audit Events using the v2 API Search options (except Filter) as per the v2/Audit documentation For Filter (JSON) Audit Event queries use the Search-IdentityNowEvents cmdlet
Search-IdentityNowAuditEvents – Examples
Search-IdentityNowAuditEvents Search-IdentityNowAuditEvents -action USER_STEP_UP_AUTH Search-IdentityNowAuditEvents -since '2019-09-30T12:30:50.450Z' Search-IdentityNowAuditEvents -since '2019-09-30T12:30:50.450Z' -searchLimit 10 Search-IdentityNowAuditEvents -since '2019-09-30T12:30:50.450Z' -searchLimit 2501 Search-IdentityNowAuditEvents -days 1 Search-IdentityNowAuditEvents -days 1 -searchLimit 5000 Search-IdentityNowAuditEvents -days 1 -action 'AUTHENTICATION-103' Search-IdentityNowAuditEvents -type AUTH Search-IdentityNowAuditEvents -type AUTH -days 1 Search-IdentityNowAuditEvents -type AUTH -days 1 -searchLimit 5000 Search-IdentityNowAuditEvents -type AUTH -days 1 -action 'AUTHENTICATION-103' Search-IdentityNowAuditEvents -user 'customer_admin' Search-IdentityNowAuditEvents -user 'customer_admin' -searchLimit 10 Search-IdentityNowAuditEvents -user 'customer_admin' -since '2019-10-30T12:30:50.450Z' Search-IdentityNowAuditEvents -user 'customer_admin' -days 1 Search-IdentityNowAuditEvents -user 'customer_admin' -days 1 -searchLimit 2510 Search-IdentityNowAuditEvents -user 'customer_admin' -action 'AUTHENTICATION-103' Search-IdentityNowAuditEvents -user 'customer_admin' -type 'AUTH' Search-IdentityNowAuditEvents -user 'customer_admin' -days 1 -action 'AUTHENTICATION-103' Search-IdentityNowAuditEvents -user 'customer_admin' -days 1 -type 'AUTH' Search-IdentityNowAuditEvents -user 'customer_admin' -days 1 -type 'AUTH' -action 'AUTHENTICATION-103' Search-IdentityNowAuditEvents -user 'customer_admin' -days 1 -type 'AUTH' -action 'AUTHENTICATION-103' -searchLimit 50 Search-IdentityNowAuditEvents -user 'customer_admin' -since '2019-10-30T12:30:50.450Z' -action 'AUTHENTICATION-103' Search-IdentityNowAuditEvents -user 'customer_admin' -since '2019-10-30T12:30:50.450Z' -type 'AUTH' -action 'AUTHENTICATION-103' Search-IdentityNowAuditEvents -application 'Workday (Dev)' Search-IdentityNowAuditEvents -application 'Workday (Dev)' -days 2 Search-IdentityNowAuditEvents -application 'Workday (Dev)' -action 'SOURCE_ACCOUNT_AGGREGATION' Search-IdentityNowAuditEvents -application 'Workday (Dev)' -action 'SOURCE_ACCOUNT_AGGREGATION' -days 2 Search-IdentityNowAuditEvents -application 'Workday (Dev)' -type 'PROVISIONING' Search-IdentityNowAuditEvents -application 'Workday (Dev)' -since '2019-10-30T12:30:50.450Z' Search-IdentityNowAuditEvents -application 'Workday (Dev)' -since '2019-10-30T12:30:50.450Z' -action 'SOURCE_ACCOUNT_AGGREGATION' Search-IdentityNowAuditEvents -application 'Workday (Dev)' -since '2019-10-30T12:30:50.450Z' -action 'SOURCE_ACCOUNT_AGGREGATION' -type 'PROVISIONING'
Search IdentityNow Events using the new IdentityNow Search (Elasticsearch) Results defaults to 2500. If you want more or less use the -searchLimit option
Search Events – Example
$query = @{query = 'technicalName:USER_AUTHENTICATION_STEP_UP_SETUP_*'; type = 'USER_MANAGEMENT'} $queryFilter = @{query = $query} Search-IdentityNowEvents -filter ($queryFilter | convertto-json)
Search Events (Search Limit) – Example
$query = @{query = 'technicalName:USER_AUTHENTICATION_*'; type = 'USER_MANAGEMENT'} $queryFilter = @{query = $query} Search-IdentityNowEvents -filter ($queryFilter | convertto-json) -searchLimit 5500
The cmdlet that lets you do your thing, with a little help. This cmdlet has options for v2 and v3 authentication and will provide the web request headers (with and without content-type = application/json set). You supply the URI for the request, the method (POST, GET, DELETE, PATCH) and the request will be sent, and the results sent back.
Request Methods are;
Header options are;
$orgName = "customer-sb" $sourceID = "12345" Invoke-IdentityNowRequest -Method Get -Uri "https://$($orgName).api.identitynow.com/cc/api/source/getAccountSchema/$($sourceID)" -headers HeadersV3
$orgName = "customer-sb" Invoke-IdentityNowRequest -Method Get -Uri "https://$($orgName).identitynow.com/api/profile/list" -headers Headersv2_JSON
$orgName = "customer-sb" Invoke-IdentityNowRequest -Method Get -Uri "https://$($orgName).api.identitynow.com/cc/api/identityAttribute/list" -headers HeadersV3
Enjoy.
A few weeks back the Microsoft AI Tour was in Sydney Australia. There was a…
If you're anything like me you always have PowerShell open, and often both PowerShell and…
Decentralised Identity is a technology I'm passionate about and have written many posts and tools…
Over two years ago I authored a PowerShell Module that enabled the automation of 1Password.…
Buried in my PowerShell Snippets Vol 4 post from 2021 is the PowerShell script and…
Short post on how to recovery from "The Windows Subsystem for Linux instance has terminated"…
This website uses cookies.
View Comments