WorkdayAPI PowerShell Module

Obtaining Workday HR Supervisory Hierarchy, Provisioning Flags and Photos with PowerShell

18th of October, 2018 / / No Comments

A few weeks back I posted this regarding using PowerShell and the Granfeldt PowerShell Management Agent to interface Microsoft Identity Manager with Workday HR. The core of this functionality is the WorkdayAPI PowerShell Module which I forked from Nathan and added additional functionality.

New WorkdayAPI PowerShell Module Cmdlets

This post details additional functionality I’ve added to the WorkdayAPI PowerShell Module. Updates include the following additional cmdlets;

Get-WorkdayWorkerProvData

Implementations of Workday obviously vary from organisation to organisation.… [Keep reading] “Obtaining Workday HR Supervisory Hierarchy, Provisioning Flags and Photos with PowerShell”

Managing SailPoint IdentityNow Roles via API and PowerShell

11th of October, 2018 / / No Comments 
Update: Oct 2019. IdentityNow Roles can be easily managed using the SailPoint IdentityNow PowerShell Module.

Managing SailPoint IdentityNow Role Groups typically involves leveraging the SailPoint IdentityNow Portal for the creation and on-going management. That’s because the API for Roles is not published or documented.

What happens then if you have many to create, update/manage? How does the IdentityNow Portal use the non-published undocumented API’s to create and manage them? I’ve worked it out and am documenting it here in the interim until the API’s get versioned and published.… [Keep reading] “Managing SailPoint IdentityNow Roles via API and PowerShell”

Managing SailPoint IdentityNow Governance Groups via the API with PowerShell

9th of October, 2018 / / No Comments 
Update: Oct 2019. Governance Groups can be easily managed using the SailPoint IdentityNow PowerShell Module.

In this post I detail the management of SailPoint IdentityNow Governance Groups using the IdentityNow v2 API as the functions associated with Governance Groups is not currently detailed in the v2 API Documentation here (9 Oct 2018).

In order to interact with the v2 API you will need to use Basic Authentication which I detail in this post here.… [Keep reading] “Managing SailPoint IdentityNow Governance Groups via the API with PowerShell”

Set up Accounts and secure passwords to run automation workloads in Azure Functions

5th of October, 2018 / / No Comments

In some of my previous blogs here, we have seen how we could use Azure Functions to to automate processes and SharePoint workloads.

Most of these jobs run using elevated or stored privileged accounts as the Azure Function is in a different context than the user context. There are various ways we could setup these accounts. Some of these approaches are below:

  1. Azure AD Service Accounts
    • Suitable for all operations
    • Need access to resource
    • Reusable across multiple workloads
  2. Azure AD Apps
    • Suitable for Graph Access
    • Need exact permissions set up
    • Might need Tenant Admin authentication
  3. SharePoint App Accounts
    • Suitable for SharePoint workloads.
[Keep reading] “Set up Accounts and secure passwords to run automation workloads in Azure Functions”

Leveraging v1, v2 and non-Published SailPoint IdentityNow API’s with PowerShell

5th of October, 2018 / / No Comments 
Update: Oct 2019. Leveraging the SailPoint IdentityNow API's is now easier using the SailPoint IdentityNow PowerShell Module.
UPDATE: 18 Dec 2018 Please see this new post on 
accessing v3 / non-published SailPoint 
IdentityNow API's using PowerShell.
The details in this post will still work for v1 
& v2 API's.

This post supersedes (see above) my previous posts on leveraging the IdentityNow API’s in relation to API Authentication/Authorization;

Using this Compass document as my guide (which takes a bit of finding) I’ve automated the process of being able to use PowerShell to leverage the non versioned/published API’s.… [Keep reading] “Leveraging v1, v2 and non-Published SailPoint IdentityNow API’s with PowerShell”

Provisioning complex Modern Sites with Azure Functions and Flow – Part 3 – Post Provisioning Site Configuration

3rd of October, 2018 / / No Comments

In the previous two blogs part 1 and part 2, we looked at steps to create a Modern team site and apply a custom provisioning template to it. In this blog, we will have a look at the steps for the post provisioning process to implement site specific requirements. Some of them could be:

1. Apply default values to list fields
2. Create a bunch of default folders
3. Manage Security groups (SP level) and permission level.… [Keep reading] “Provisioning complex Modern Sites with Azure Functions and Flow – Part 3 – Post Provisioning Site Configuration”

Querying for updates/changes in Workday HR using PowerShell

2nd of October, 2018 / / No Comments

Nathan Hartley has an awesome PowerShell Module for Workday that you can find here. I detailed how I’m using that module in this post here Building a Microsoft Identity Manager PowerShell Management Agent for Workday HR.

A large portion of that post detailed the nuances of working with the Worday API especially for implementations at scale. Those are constraints I have. Specifically I was looking for a couple more functions;

  • Changes since the last time I queried the API
  • Changes including those who are now Inactive workers*
  • in the summary PowerShell Object return Hire Date, Start Date, Active Status and Supplier

Not wanting to re-invent the wheel I forked Nathan’s Project and added those enhancements.… [Keep reading] “Querying for updates/changes in Workday HR using PowerShell”

AAD-Connect PTA with SSO & Kerberos Decryption Key Roll Over

25th of September, 2018 / / 2 Comments

When setting up PTA with SSO the Kerberos decryption keys must be rolled over every 30 days. Unfortunately Microsoft have not yet devised a streamline process to automate, but hoping to deliver within the next 6 months.  Till this is made available the following solution has been developed to automatically perform this function.

The problem is best illustrated in the following test environment which has three internal domains configured for seamless single sign-on.

AD-Connect Screen

As illustrated below the decryption keys should be rolled over every 30 days to ensure the platform remains secure and operational.… [Keep reading] “AAD-Connect PTA with SSO & Kerberos Decryption Key Roll Over”

Building a Microsoft Identity Manager PowerShell Management Agent for Workday HR

25th of September, 2018 / / No Comments 
Update 29 August 2019 See this post for multi-threading Granfeldt PowerShell Management Agent Imports (with Workday as an example).

Before I even get started with this post, let me state that the integration I describe here is not a standalone solution. Integrating with Workday for any organisation of significant size will require multiple integration points each providing coverage for the scenarios for your implementation. I list a few in this post, but Alexander Filipin has already done an awesome job here.… [Keep reading] “Building a Microsoft Identity Manager PowerShell Management Agent for Workday HR”

Automate the Generation of a Granfeldt PowerShell Management Agent Schema Definition File

24th of September, 2018 / / No Comments

Generating Schema.ps1 for the Granfeldt FIM/MIM PowerShell Management Agent

Getting started writing your first Forefront/Microsoft Identity Manager Granfeldt PowerShell Management Agent can be a bit daunting. Before you can do pretty much anything you need to define the schema for the PSMA. Likewise if you have written many, the generation of the schema file often seems to take longer than it should and can be a little tedious when all you want to do is write the logic for the Import and Export scripts.… [Keep reading] “Automate the Generation of a Granfeldt PowerShell Management Agent Schema Definition File”