Last week I posted a SailPoint IdentityNow Roles Management Agent for Microsoft Identity Manager. Today I’m posting a sister for it, an IdentityNow Governance Groups Management Agent.
I’ve posted about Governance Groups before. See Managing SailPoint IdentityNow Governance Groups via the API with PowerShell. That post details creating and managing Governance Groups via the API.
This Management Agent is essentially the enumeration of Governance Groups in IdentityNow via API wrapped up in a PowerShell Management Agent. You can extend the management agent for managing Governance Groups to fit your needs.
Prerequisites
- On your MIM Sync Server you will need the PowerShell Community Extensions (PSCX) for the Get-Hash cmdlet
- Authentication to IdentityNow for Governance Groups can leverage the v2 Authentication method. I cover enabling that in this post here. You can also use the v3 Authentication method I detail here. If you do that you will need to appropriately secure the extra credentials as I show in the Roles Management Agent.
- The Management Agent leverages the Granfeldt PowerShell Management Agent. Start here to get up to speed with that. As detailed above this is an Import only MA so I’m not providing an Export Script and the Password is redundant. The script files need to be present but will be empty
Schema Script
The Schema Script below covers the core attributes associated with IdentityNow Governance Groups.
Import Script
The Import Script unlike the Roles Management Agent can use v2 Authentication. As such we don’t need to perform additional effort to provide the necessary credentials.
Your v2 IdentityNow credentials need to be provided on the Management Agent Connectivity Configuration page. The Username and Password Authentication options take the v2 API Client ID and API Client Secret respectively.
NOTE: The Import Script is also configured to page the import of Governance Groups. The Page Size is configured in your Run Profile.
Make the following update for your implementation;
- Line 24 for your IdentityNow Orgname
Customisation
Depending on what you want to do with it, will depend on how you want Identity Manger to consume the data. You will likely want to;
- Create a new ObjectType in the Metaverse along with the attributes associated with IdentityNow Governance Groups
- Flow the information in and perform any logic
- Create an Export Script that will;
- create Governance Groups in IdentityNow
- update Governance Groups in IdentityNow
Summary
Using this base management we can get connectivity and visibility of IdentityNow Governance Groups in Microsoft Identity Manager.