Searching and Returning all Objects/Users from a SailPoint IdentityNow Source

Update: Oct 2019. Searching Sources can be easily be
performed using the SailPoint IdentityNow PowerShell Module.

There are times when need to get an extract of all objects on an IdentityNow Source. Just a particular Source, not the object from the Identity Cube with attributes contributed from multiple sources.

I’ll cover how I do that in this post, which in turn also handles paging the results from IdentityNow as the SearchLimit is 2500 objects.

The basis of the logic is;

Define the Source to retrieve objects from
Define the number of results you wish to return per page (maximum is 2500)
Page results until you return the base object for all objects on the Source
Retrieve the Full Object details for each object

The Script

The following script has been written to run in VS Code and provide a Progress bar using the psInlineProgress PowerShell Module available from the PowerShell Gallery and here. If you are also running this via VSCode, after obtaining psInlineProgress update the psInlineProgress.psd1 file to change Line 36 as shown below. You should be able to find it in C:\Program Files\WindowsPowerShell\Modules\psInlineProgress\1.1

#PowerShellHostName = 'ConsoleHost'
PowerShellHostName = 'Visual Studio Code Host'

Update;

Line 3 for your IdentityNow API ClientID
Line 5 for your IdentityNow API ClientSecret
Line 9 for you IdentityNow Tenant name
Line 13 for the ID of the IdentityNow Source you want to retrieve entities from
Line 17 for the number of entries to return per page (2500 is the maximum)

See the gist on github.

Example

The output below shows using the script to return 2591 objects from an IdentityNow Source.

Summary

Using the v2/accounts IdentityNow API we can retrieve the base objects associated with an IdentityNow Source and then call it again with each objectID to retrieve the full object record. This can be useful if you want to then programatically extract and process the information rather than downloading a CSV via the IdentityNow Portal. Say for example ingestion into another system or Identity Management tool. But that’s a post for another time.

Lifecycle Management of Identities in SailPoint IdentityNow via API and PowerShell

September 14, 2018

In "How-to"

Searching and Returning SailPoint IdentityNow Entitlements using the API and PowerShell

Update: Oct 2019. Entitlements can be easily searched using the SailPoint IdentityNow PowerShell Module. Entitlements on IdentityNow Sources can be leveraged for many purposes within IdentityNow. Recently I've been looking to automate some Access Profiles that will in-turn have entitlements associated with them. This post details how to query for…

March 4, 2019

In "Identity and Access Management"

DevOps for SailPoint IdentityNow with PowerShell

August 19, 2021

In "How-to"

Darren Robinson

Bespoke learnings from a Microsoft Identity and Access Management Architect using lots of Microsoft Identity Manager, Azure Active Directory, PowerShell, SailPoint IdentityNow and Lithnet products and services.