Building SailPoint IdentityNow Azure AD Source Filters

When you have a large Azure AD tenant it is likely that you want to scope your SailPoint IdentityNow Source based on the different type of identities it contains. Using the Filtering and Scoping section of the Azure AD Source Configuration Guide from Compass I first started constructing queries as I normally would with Azure AD against the Microsoft Graph API.

However the queries/filters I was using against Microsoft Graph were not working for the Azure AD IdentityNow Source.… [Keep reading] “Building SailPoint IdentityNow Azure AD Source Filters”

Changing SailPoint IdentityNow Identity Profiles Priorities using PowerShell

Update: Oct 2019. IdentityNow Profiles Priorities can be easily managed using the SailPoint IdentityNow PowerShell Module.

In SailPoint IdentityNow a single user is highly likely to be represented on multiple Sources, that in turn are likely to be authoritative for differing SailPoint IdentityNow Identity Profiles. Often the first or last Identity Profile you create isn’t the one you wish to have the highest or lowest profile and you therefore need to change an Identity Profiles precedence so that the correct Identity Profile is associated with your identities.… [Keep reading] “Changing SailPoint IdentityNow Identity Profiles Priorities using PowerShell”

SailPoint IdentityNow Identity Profiles Mapping Report

Last year I wrote this post here that detailed using the SailPoint IdentityNow API to generate an IdentityNow Sources HTML Report using PowerShell.
In a similar vein here is a post that does a similar function, but for the IdentityNow Identity Profiles. The example script below will connect to IdentityNow and extract all the Identity Profiles and pull out the details for the Mappings and create an HTML Report with a section for each Identity Profile.… [Keep reading] “SailPoint IdentityNow Identity Profiles Mapping Report”

Aggregating SailPoint IdentityNow Sources via API with PowerShell

Update: Oct 2019. Aggregating Sources can be easily managed using the SailPoint IdentityNow PowerShell Module.

Aggregating an IdentityNow Source can be achieved in a number of ways, but when you are in a development environment there will be times where you need to add additional attributes for a Source to load. If the additional attribute(s) is/are used for Correlation, it’s at this time you will need to perform a full aggregation from a Source to re-evaluate each object with the new Correlation rules and to bring in the additional attributes for each identity on the Source.… [Keep reading] “Aggregating SailPoint IdentityNow Sources via API with PowerShell”

Creating SailPoint IdentityNow Access Profiles via API and PowerShell

Update: Oct 2019. Access Profiles can be easily managed using the SailPoint IdentityNow PowerShell Module.

Managing SailPoint IdentityNow Access Profiles is easy enough to do using the SailPoint IdentityNow Portal. But what if you have the requirement to update, report on, or create numerous Access Profiles? That’s where the SailPoint IdentityNow API comes into play. The Access Profiles API is documented here but doesn’t go into a lot of detail. In this post I’ll detail interfacing with it using PowerShell primarily to create and update Access Profiles.… [Keep reading] “Creating SailPoint IdentityNow Access Profiles via API and PowerShell”

Searching and Returning SailPoint IdentityNow Entitlements using the API and PowerShell

Update: Oct 2019. Entitlements can be easily searched using the SailPoint IdentityNow PowerShell Module.

Entitlements on IdentityNow Sources can be leveraged for many purposes within IdentityNow. Recently I’ve been looking to automate some Access Profiles that will in-turn have entitlements associated with them.

This post details how to query for Entitlements in IdentityNow using the v3 API and PowerShell.

Prerequisites

You will need to Authenticate to the IdentityNow API. The v3 authentication method is required.… [Keep reading] “Searching and Returning SailPoint IdentityNow Entitlements using the API and PowerShell”

SailPoint IdentityNow Governance Groups Management Agent for Microsoft Identity Manager

Last week I posted a SailPoint IdentityNow Roles Management Agent for Microsoft Identity Manager. Today I’m posting a sister for it, an IdentityNow Governance Groups Management Agent.

I’ve posted about Governance Groups before. See Managing SailPoint IdentityNow Governance Groups via the API with PowerShell. That post details creating and managing Governance Groups via the API.

This Management Agent is essentially the enumeration of Governance Groups in IdentityNow via API wrapped up in a PowerShell Management Agent.… [Keep reading] “SailPoint IdentityNow Governance Groups Management Agent for Microsoft Identity Manager”

SailPoint IdentityNow Roles Management Agent for Microsoft Identity Manager

This is the first post in a series where I will provide a number of base-level Management Agents for Microsoft Identity Manager to integrate with SailPoint IdentityNow. Whilst the two products have areas of competing/equivalent functionality there are other aspects where integration of the two compliment each other. Whilst that is not the purpose of this post, through the series of upcoming posts it will be relatively easy to extrapolate how the two products can happy co-exist and orchestrate each other for certain functions.… [Keep reading] “SailPoint IdentityNow Roles Management Agent for Microsoft Identity Manager”

Managing SailPoint IdentityNow Tasks with PowerShell

Update: Oct 2019. IdentityNow Tasks can be easily managed using the SailPoint IdentityNow PowerShell Module.

In SailPoint IdentityNow when using the Request Center, tasks are created for activities that are not able to be automatically (directly) fulfilled. Essentially completion of the request requires someone to do something, then return to the IdentityNow Portal and flag the Task as complete. What if we want to see what Tasks are open and flag them as complete through external automation?… [Keep reading] “Managing SailPoint IdentityNow Tasks with PowerShell”

Using SailPoint IdentityNow v3 API’s with PowerShell

Update: Oct 2019. Leveraging the SailPoint IdentityNow API's is now easier using the SailPoint IdentityNow PowerShell Module.

The SailPoint IdentityNow SaaS product is evolving. I’ve previously posted about integrating with the IdentityNow API’s using PowerShell;

IdentityNow now has v3 API’s which are essentially the v2 and non-Published API’s with the added benefit of being able to obtain an oAuth token from a new oAuth Token endpoint.… [Keep reading] “Using SailPoint IdentityNow v3 API’s with PowerShell”