This is the first post in a series where I will provide a number of base-level Management Agents for Microsoft Identity Manager to integrate with SailPoint IdentityNow. Whilst the two products have areas of competing/equivalent functionality there are other aspects where integration of the two compliment each other. Whilst that is not the purpose of this post, through the series of upcoming posts it will be relatively easy to extrapolate how the two products can happy co-exist and orchestrate each other for certain functions.
This Management Agent is for Microsoft Identity Manager to have visibility of IdentityNow Roles (see customisation at the end for me functionality).
For more information on IdentityNow Roles see this post where I detailed Creating Roles as well as updating/managing them via API. The MA also consumes whether the Role is requestable that I covered in this post.
The Schema Script below covers the core attributes associated with IdentityNow Roles.
As IdentityNow v3 API Authentication requires a number of artifacts, we need to make sure we secure them all appropriately.
For the Admin Username and Password we will do that by exporting them to an XML file using Export-CLIXML and then in the Import Script, import them using Import-CLIXML. Those cmdlets respect the context by which the credentials were exported and will only be able to access them when imported under that same context. As our Management Agent will be run by the MIM Sync Server Service Account we need to create the credentials file using that login. To do that;
$adminUSR = [string]"Partner_Admin".ToLower() $adminPWDClear = 'myStr0ngP@$$w0rd' $adminPWD = ConvertTo-SecureString $adminPWDClear -AsPlainText -Force $Credentials = New-Object System.Management.Automation.PSCredential $adminUSR,$adminPWD $Credentials | export-clixml c:\temp\RoleAdminCred.xml
The IdentityNow v3 API Credentials are stored on the Management Agent Connectivity Configuration page. The Username and Password Authentication options take the v3 API Client ID and API Client Secret respectively.
Make the following updates for your implementation:
Depending on what you want to do with it, will depend on how you want Identity Manger to consume the data. You will likely want to;
Using this base management we can get connectivity and visibility of IdentityNow Roles in Microsoft Identity Manager.
A few weeks back the Microsoft AI Tour was in Sydney Australia. There was a…
If you're anything like me you always have PowerShell open, and often both PowerShell and…
Decentralised Identity is a technology I'm passionate about and have written many posts and tools…
Over two years ago I authored a PowerShell Module that enabled the automation of 1Password.…
Buried in my PowerShell Snippets Vol 4 post from 2021 is the PowerShell script and…
Short post on how to recovery from "The Windows Subsystem for Linux instance has terminated"…
This website uses cookies.
View Comments