SailPoint IdentityNow Security Configuration Report

An IdentityNow Security Configuration Report of a SailPoint IdentityNow environment is a valuable artefact to have. I’ve previously documented examples for generating reports for;

But what about the configuration of items such as;

  • Global Security Settings Details
  • IWA Configuration Details
  • SSO SP Configuration Details
  • SSO IDP Configuration Details

The script (further below) leverages the SailPoint IdentityNow PowerShell Module to generate a HTML report of the configuration items listed above. It also exports the configuration of each of the above features to the output directory in XML format using the PowerShell Export-Clixml command.… [Keep reading] “SailPoint IdentityNow Security Configuration Report”

Release 1.0.6 SailPoint IdentityNow PowerShell Module

I’ve just published v1.0.6 of the SailPoint IdentityNow PowerShell Module to both GitHub and the PowerShell Gallery. The Version 1.0.6 SailPoint IdentityNow PowerShell Module is a major update as it removes the previous dependency on the PowerShell Community Extensions (PSCX) module that was previously being used for its’ cryptography functions.

Key Updates;

  • The SailPoint IdentityNow PowerShell Module no longer has a dependency on the PowerShell Community Extensions (PSCX) module
    • Whilst this simplifies the dependencies it also means that the SailPoint IdentityNow PowerShell Module is now PowerShell Core compatible.
[Keep reading] “Release 1.0.6 SailPoint IdentityNow PowerShell Module”

Configuring a SailPoint IdentityNow Workday Source for additional Response Groups

The SailPoint IdentityNow Workday Source by default will retrieve the standard Workday records and associated metadata for employees and contingent workers. However, if you want to retrieve less or additional information from Workday you need to update the configuration for the Workday Response Groups. My first few attempts at modifying the IdentityNow Workday Source for additional response groups appeared to update the configuration as requested. However, on running an aggregation on the Workday source I’d receive the following error message;

[ ConnectorException ] [ Error details ] java.lang.Boolean
[Keep reading] “Configuring a SailPoint IdentityNow Workday Source for additional Response Groups”

SailPoint IdentityNow Active Directory Source TLS Configuration

Recently I needed to enable a SailPoint IdentityNow Active Directory Source to use TLS. Looking for information on how to complete this saw me read many articles in SailPoint Compass. However, none of them were written specifically for IdentityNow Active Directory Source TLS Configuration. Mostly they were for the IQService and Identity IQ. Putting pieces of this information together I got an existing Source (even though it is mentioned this shouldn’t work) updated and working for TLS.… [Keep reading] “SailPoint IdentityNow Active Directory Source TLS Configuration”

How to bypass the Microsoft AAD login Screen for a Federated SSO User when access an AAD integrated application

As more organisations are integrating their SAML applications to AAD instead of ADFS to take advantage of the Azure AD Conditional Access Policy. One user experience issue of the change is that federated users (e.g. using ADFS for single-sign on) are first redirected to default MS AAD Login page. Only when they have entered their UPN, they are redirected to the ADFS page to sign in.

Many customers and end-users have asked if they can be redirected straight to the ADFS page, bypassing the MS login page, especially when migrating an existing ADFS federated application to AAD.… [Keep reading] “How to bypass the Microsoft AAD login Screen for a Federated SSO User when access an AAD integrated application”

Microsoft Graph using MSAL with PowerShell

Microsoft Authentication Libraries (MSAL) became Generally Available in May 2019 after a very long preview cycle whilst the libraries evolved to reach parity with its predecessor the Azure Active Directory Authentication Libraries (ADAL). I’ve previously used and written posts on leveraging ADAL libraries with PowerShell for Azure AD/Microsoft Graph integration using PowerShell. With some upcoming projects it’s time for me to start integrating with Microsoft Graph using MSAL with PowerShell. This post details how I transitioned from ADAL to MSAL and reduced my scripts by 60-300 lines depending on the integration.… [Keep reading] “Microsoft Graph using MSAL with PowerShell”

Generate SailPoint IdentityNow v2 & v3 API Credentials

This post details how to generate SailPoint IdentityNow v2 and v3 API credentials. This method is valid as of Oct 2019 whereby v3 Credentials are now able to be generated via the SailPoint IdentityNow Portal and v2 Credentials can be generated via the IdentityNow API. v2 credentials are useful for some legacy API’s and API calls that are long running tasks (which thereby use Digest Auth) over using the v3 JWT method. These credentials can then be leveraged by the  SailPoint IdentityNow PowerShell Module for IdentityNow orchestration tasks.… [Keep reading] “Generate SailPoint IdentityNow v2 & v3 API Credentials”

SailPoint IdentityNow PowerShell Module

I’ve just published v1 of my SailPoint IdentityNow PowerShell Module.

NOTE: This is not an official SailPoint IdentityNow PowerShell Module.

Features

  • Easy command-line use, after setting default configuration options and securely saving them to the current user’s profile.
  • Get an IdentityNow Organisation and Get / Update an Organisation Configuration
  • Search IdentityNow Users
  • Search IdentityNow Users Profiles
  • Search IdentityNow Entitlements
  • Create / Get / Update / Remove IdentityNow Access Profiles
  • Create / Get / Start IdentityNow Certification Campaigns
  • Get IdentityNow Certification Campaign Reports (output to file or return as PSObject)
  • Create / Get / Update / Remove IdentityNow Governance Groups
  • Create / Get / Update / Remove IdentityNow Roles
  • Get / IdentityNow Sources
  • Get Accounts from an IdentityNow Source
  • Create / Update / Remove IdentityNow Source Account (Flat File / Delimited Sources)
  • Get / Complete IdentityNow Tasks
  • Get IdentityNow Virtual Appliance Clusters (and clients (VA’s))
  • Get / Update IdentityNow Applications
  • ….
[Keep reading] “SailPoint IdentityNow PowerShell Module”

Multi-Threading Granfeldt PowerShell Management Agent Imports

As I’m sure you are familiar (with my many posts on the topic), the Granfeldt PowerShell Management Agent is extremely flexible. When used to integrate Microsoft Identity Manager with modern REST API’s it is easy to retrieve pages of results from a REST API and process the objects through the Management Agent. However sometimes you need to integrate Microsoft Identity Manager with an API (e.g. a SOAP WebService) that doesn’t provide functionality to page results.… [Keep reading] “Multi-Threading Granfeldt PowerShell Management Agent Imports”

ChatOps for Microsoft Identity Manager

A Bot or ChatOps for Microsoft Identity Manager is something I’ve had in the back of my mind for just over two years. More recently last year I did build the Voice Assistant for Microsoft Identity Manager as a submission for an IoT Hackathon. But what is ChatOps?

ChatOps is a collaboration model that connects people, tools, process, and automation into a transparent workflow. This flow connects the work needed, the work happening, and the work done in a persistent location staffed by the people, bots, and related tools.[Keep reading] “ChatOps for Microsoft Identity Manager”