Identity and Access Management – Page 5

CyberArk PAM- Eliminate Hard Coded Credentials using Java REST API Calls

16th of January, 2019 / Nirmalkumar Dhanaraj / No Comments

Still in many Organization hard coded credentials are stored in Application config files for making application-to-application connection, in scripts (ex: scheduled tasks) and config files. Generally, these are high privileged service accounts and its passwords are set to be never changed.
Keeping hard coded credentials always risk to the organizations security posture. CyberArk provides a solution called Application Identity Manager using which, the passwords of Privileged Service Accounts can be stored centrally in Password Vault, logged, rotated and retrieved in many different ways.… [Keep reading] “CyberArk PAM- Eliminate Hard Coded Credentials using Java REST API Calls”

Managing SailPoint IdentityNow Tasks with PowerShell

16th of January, 2019 / Darren Robinson / No Comments

Update: Oct 2019. IdentityNow Tasks can be easily managed using the SailPoint IdentityNow PowerShell Module.

In SailPoint IdentityNow when using the Request Center, tasks are created for activities that are not able to be automatically (directly) fulfilled. Essentially completion of the request requires someone to do something, then return to the IdentityNow Portal and flag the Task as complete. What if we want to see what Tasks are open and flag them as complete through external automation?… [Keep reading] “Managing SailPoint IdentityNow Tasks with PowerShell”

Azure Self Service Password Reset Reporting using PowerShell

20th of December, 2018 / Darren Robinson / No Comments

Just over 18 months ago I wrote this post on using PowerShell and oAuth to access the Azure AD Reports API to retrieve MIM Hybrid Report data. This week I went to re-use that for Azure Password Reset Reporting and found out that the API had been deprecated.

API Deprecated.PNG

Using the error information that actually was informative I proceeded to the new API. Having authenticated as I had in the previous article, I executed the following to retrieve a list of the Audit Reports available.… [Keep reading] “Azure Self Service Password Reset Reporting using PowerShell”

Using SailPoint IdentityNow v3 API’s with PowerShell

18th of December, 2018 / Darren Robinson / No Comments

Update: Oct 2019. Leveraging the SailPoint IdentityNow API's is now easier using the SailPoint IdentityNow PowerShell Module.

The SailPoint IdentityNow SaaS product is evolving. I’ve previously posted about integrating with the IdentityNow API’s using PowerShell;

IdentityNow now has v3 API’s which are essentially the v2 and non-Published API’s with the added benefit of being able to obtain an oAuth token from a new oAuth Token endpoint.… [Keep reading] “Using SailPoint IdentityNow v3 API’s with PowerShell”

Enabling Requestable Roles in SailPoint IdentityNow using PowerShell

17th of December, 2018 / Darren Robinson / No Comments

Update: Oct 2019. IdentityNow Roles can be easily managed using the SailPoint IdentityNow PowerShell Module.

Recently I wrote this post about Retrieving, Creating, and Managing SailPoint IdentityNow Roles using PowerShell.

Last week SailPoint enhanced Roles with the ability to request them. The details are located on Compass here.

I had a number of Roles that we wanted to make requestable, so rather than opening each and using the Portal UI to enable them, I did it via the API using PowerShell.… [Keep reading] “Enabling Requestable Roles in SailPoint IdentityNow using PowerShell”

Using Invoke-WebRequest calls within a Granfeldt PowerShell MA for Microsoft Identity Manager

13th of December, 2018 / Darren Robinson / No Comments

If you use PowerShell extensively you should be familiar with the Invoke-RestMethod cmdlet and the ability for PowerShell to call API’s and receive information. The great thing about Invoke-RestMethod is the inbuilt conversion of the results to PowerShell Objects. However there are times when you need the raw response (probably because you are trying to bend things in directions they aren’t supposed to be; story of many of my integrations).

From within Granfeldt PowerShell Management Agent script(s) that use Invoke-WebRequest calls, these will in turn leverage the Internet Explorer COM API on the local machine.… [Keep reading] “Using Invoke-WebRequest calls within a Granfeldt PowerShell MA for Microsoft Identity Manager”

Overcoming Issues Installing Azure Active Directory Connect

27th of November, 2018 / hughbadini / No Comments

AzureADConnect

Having recently gone through the process of implementing a custom AADConnect staging installation for a large enterprise customer with more than 30,000 users, with a view to it serving as a fall back to an existing production AADConnect installation.

The requirement being to setup an Azure virtual machine running Windows 2016 Datacentre, AADConnect and SQL Server Standard 2017 (locally installed). Rather than SQL Express which comes by default but suffers limitations which preclude its use in large environments.… [Keep reading] “Overcoming Issues Installing Azure Active Directory Connect”

Searching & Returning all Objects/Users from a SailPoint IdentityNow Source

23rd of November, 2018 / Darren Robinson / No Comments

Update: Oct 2019. Searching Sources can be easily managed using the SailPoint IdentityNow PowerShell Module.

There are times when need to get an extract of all objects on an IdentityNow Source. Just a particular Source, not the object from the Identity Cube with attributes contributed from multiple sources.

I’ll cover how I do that in this post, which in turn also handles paging the results from IdentityNow as the SearchLimit is 2500 objects.

The basis of the logic is;

Define the Source to retrieve objects from
Define the number of results you wish to return per page (maximum is 2500)
Page results until you return the base object for all objects on the Source
Retrieve the Full Object details for each object

The Script

The following script has been written to run in VS Code and provide a Progress bar using the psInlineProgress PowerShell Module available from the PowerShell Gallery and here.… [Keep reading] “Searching & Returning all Objects/Users from a SailPoint IdentityNow Source”

Retrieving SailPoint IdentityNow Certification Reports using PowerShell

20th of November, 2018 / Darren Robinson / No Comments

Update: Oct 2019. Certification Campaign Reports can be easily managed using the SailPoint IdentityNow PowerShell Module.

This is the third and probably last post in the Certifications by API series. The first post detailed retrieving and searching campaigns, the second post detailed creating and starting campaigns. If you haven’t read those, check them out as they will give you the background for this one.

As detailed in the previous two posts this post also assumes you are authenticated to IdentityNow as detailed in this post, and you understand that this post details accessing Certifications using the non-versioned SailPoint IdentityNow API’s.… [Keep reading] “Retrieving SailPoint IdentityNow Certification Reports using PowerShell”

Creating SailPoint IdentityNow Certification Campaigns using PowerShell

16th of November, 2018 / Darren Robinson / No Comments

Update: Oct 2019. Certification Campaigns can be easily managed using the SailPoint IdentityNow PowerShell Module.

This is the second post in the Certifications by API series. The last post detailed searching and retrieving campaigns. If you haven’t read that, check that out as it will give you the background for this one.

Also as per the last post this post also assumes you are authenticated to IdentityNow as detailed in this post, and you understand that this post details accessing Certifications using the non-versioned SailPoint IdentityNow API’s.… [Keep reading] “Creating SailPoint IdentityNow Certification Campaigns using PowerShell”