IdentityNow – Page 2

Get/Update SailPoint IdentityNow Global Reminders and Escalation Policies

31st of May, 2019 / Darren Robinson / No Comments

Update: Oct 2019. Global Reminders and Escalation Policies can be easily managed using the SailPoint IdentityNow PowerShell Module.

SailPoint IdentityNow Access Requests for Roles or Applications usually require approvals which are configured on the associated Role or Application. The Approval could be by the Role/Application Owner, a Governance Group or the Requestor’s Manager. However for reminders and escalation policies the configuration is only available to be retrieved and set via the API. The SailPoint Identity Now api/v2/org API is used to configure these Global Reminders and Escalation Policies.… [Keep reading] “Get/Update SailPoint IdentityNow Global Reminders and Escalation Policies”

AD FS 2016 and InvalidNameIDPolicy using SAML Authentication to SailPoint IdentityNow

4th of April, 2019 / Jesse Loudon / 2 Comments

I recently had a seemingly simple task for a customer to setup a AD FS 2016 relying party trust for their SailPoint IdentityNow deployment. Sounds easy right?

In this scenario AD FS 2016 was to be the Identity Provider (IdP) and IdentityNow the Service Provider (SP). Our end-goal of the solution was to allow the customer’s users to authenticate via SAML into IdentityNow using their corporate AD DS email address and password. Great outcome from a user experience perspective and for corporate governance too!… [Keep reading] “AD FS 2016 and InvalidNameIDPolicy using SAML Authentication to SailPoint IdentityNow”

Indexing a SailPoint IdentityNow Attribute in an Identity Cube for use in Correlation Rules

29th of March, 2019 / Darren Robinson / No Comments

Joining/Matching rules in any Identity and Access Management Solution can make or break an Identity Lifecycle Management implementation. Out of the box SailPoint IdentityNow provides a number of common Identity Attributes that can be used for Correlation rules (joining/matching) from Identity Sources (connected systems).

Often though you want to add additional attributes to the list of Identity Attributes that can be used for correlation. The IdentityNow Portal does not provide this functionality, but it is possible via the IdentityNow API.… [Keep reading] “Indexing a SailPoint IdentityNow Attribute in an Identity Cube for use in Correlation Rules”

Building SailPoint IdentityNow Azure AD Source Filters

26th of March, 2019 / Darren Robinson / No Comments

When you have a large Azure AD tenant it is likely that you want to scope your SailPoint IdentityNow Source based on the different type of identities it contains. Using the Filtering and Scoping section of the Azure AD Source Configuration Guide from Compass I first started constructing queries as I normally would with Azure AD against the Microsoft Graph API.

However the queries/filters I was using against Microsoft Graph were not working for the Azure AD IdentityNow Source.… [Keep reading] “Building SailPoint IdentityNow Azure AD Source Filters”

Changing SailPoint IdentityNow Identity Profiles Priorities using PowerShell

13th of March, 2019 / Darren Robinson / No Comments

Update: Oct 2019. IdentityNow Profiles Priorities can be easily managed using the SailPoint IdentityNow PowerShell Module.

In SailPoint IdentityNow a single user is highly likely to be represented on multiple Sources, that in turn are likely to be authoritative for differing SailPoint IdentityNow Identity Profiles. Often the first or last Identity Profile you create isn’t the one you wish to have the highest or lowest profile and you therefore need to change an Identity Profiles precedence so that the correct Identity Profile is associated with your identities.… [Keep reading] “Changing SailPoint IdentityNow Identity Profiles Priorities using PowerShell”

SailPoint IdentityNow Identity Profiles Mapping Report

12th of March, 2019 / Darren Robinson / No Comments

Last year I wrote this post here that detailed using the SailPoint IdentityNow API to generate an IdentityNow Sources HTML Report using PowerShell.
In a similar vein here is a post that does a similar function, but for the IdentityNow Identity Profiles. The example script below will connect to IdentityNow and extract all the Identity Profiles and pull out the details for the Mappings and create an HTML Report with a section for each Identity Profile.… [Keep reading] “SailPoint IdentityNow Identity Profiles Mapping Report”

Aggregating SailPoint IdentityNow Sources via API with PowerShell

6th of March, 2019 / Darren Robinson / No Comments

Update: Oct 2019. Aggregating Sources can be easily managed using the SailPoint IdentityNow PowerShell Module.

Aggregating an IdentityNow Source can be achieved in a number of ways, but when you are in a development environment there will be times where you need to add additional attributes for a Source to load. If the additional attribute(s) is/are used for Correlation, it’s at this time you will need to perform a full aggregation from a Source to re-evaluate each object with the new Correlation rules and to bring in the additional attributes for each identity on the Source.… [Keep reading] “Aggregating SailPoint IdentityNow Sources via API with PowerShell”

Creating SailPoint IdentityNow Access Profiles via API and PowerShell

5th of March, 2019 / Darren Robinson / No Comments

Update: Oct 2019. Access Profiles can be easily managed using the SailPoint IdentityNow PowerShell Module.

Managing SailPoint IdentityNow Access Profiles is easy enough to do using the SailPoint IdentityNow Portal. But what if you have the requirement to update, report on, or create numerous Access Profiles? That’s where the SailPoint IdentityNow API comes into play. The Access Profiles API is documented here but doesn’t go into a lot of detail. In this post I’ll detail interfacing with it using PowerShell primarily to create and update Access Profiles.… [Keep reading] “Creating SailPoint IdentityNow Access Profiles via API and PowerShell”

Searching and Returning SailPoint IdentityNow Entitlements using the API and PowerShell

4th of March, 2019 / Darren Robinson / 1 Comment

Update: Oct 2019. Entitlements can be easily searched using the SailPoint IdentityNow PowerShell Module.

Entitlements on IdentityNow Sources can be leveraged for many purposes within IdentityNow. Recently I’ve been looking to automate some Access Profiles that will in-turn have entitlements associated with them.

This post details how to query for Entitlements in IdentityNow using the v3 API and PowerShell.

Prerequisites

You will need to Authenticate to the IdentityNow API. The v3 authentication method is required.… [Keep reading] “Searching and Returning SailPoint IdentityNow Entitlements using the API and PowerShell”

SailPoint IdentityNow Governance Groups Management Agent for Microsoft Identity Manager

29th of January, 2019 / Darren Robinson / No Comments

Last week I posted a SailPoint IdentityNow Roles Management Agent for Microsoft Identity Manager. Today I’m posting a sister for it, an IdentityNow Governance Groups Management Agent.

I’ve posted about Governance Groups before. See Managing SailPoint IdentityNow Governance Groups via the API with PowerShell. That post details creating and managing Governance Groups via the API.

This Management Agent is essentially the enumeration of Governance Groups in IdentityNow via API wrapped up in a PowerShell Management Agent.… [Keep reading] “SailPoint IdentityNow Governance Groups Management Agent for Microsoft Identity Manager”