403 when using the cc/api/system/refreshidentities api with Python

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

I have pasted the python script below, any help on why this wouldn’t be working? I’m using my PAT client id and secret. My Identity is an Org Admin.

Is there a beta api that replaces this functionality?

import requests
import json


# Set the necessary variables
client_id = "<pat client id>"
client_secret = "<pat secret>"
base_url = f"https://example.api.identitynow.com"
url = f"{base_url}/cc/api/system/refreshidentities"

# Get an access token
auth_url = f"{base_url}/oauth/token"
auth_data = {
    "grant_type": "client_credentials",
    "client_id": client_id,
    "client_secret": client_secret,
}
auth_response = requests.post(auth_url, data=auth_data)
print(auth_response)

#Extract the access token from the response
access_token = auth_response.json()["access_token"]
print(access_token)


payload = json.dumps({
    "filter": "costCenterId == \"01.74100\"",
    "refreshArgs": {
        "correlateEntitlements": "true",
        "promoteAttributes": "true",
        "refreshManagerStatus": "true",
        "provision": "true",
        "synchronizeAttributes": "true"
    }
})

headers = {
    'Authorization': f'Bearer {access_token}',
	'Content-Type': 'application/json'
}

response = requests.request("PUT",url, headers=headers, data=payload)

if response.status_code == 200:
    data = response.json()
  
else:
    print(f"Request for sources failed with status code: {response.status_code}")
    print("Response content:", response.text)
2

baseurl should be https://tenant.api.identitynow-demo.com//cc/api/system/refreshIdentities

3

Rakesh, this helped, thanks!

I also had a PUT rather than a POST, which generated a 405 error.

I’m now not seeing any errors, but I also don’t see any status change. I would have thought the manager name would have displayed. I tried to do a manual aggregation on the account. The source is workday.

Does this API trigger an evaluation / manager correlation for the identity, or does something else need to happen?

4

Hi Fred,
It does evaluate based on the inputs you add. Let me check if it works for manage change as well.

5

One note, the manager didn’t change. Just the correlation had issues early on and it isn’t correlating for a given manager and their direct reports. So the MANAGER_ID in workday on the account is present, but the Manager Name (manager) is not populated. I’m trying to find a way for it to re-evaluate the manager correlation without HR having to change the manager and then change it back after an aggregation.

6

Hi Fred,
I think you may try to combine this 2 together

7

Kamil, this didn’t seem to do anything towards re-evaluating the manager correlation when processing it for a given id. However, maybe I ran it wrong as the 202 message back stated:
Response content: {“type”:“TASK_RESULT”,“id”:“09aea8e2-76ee-4b0a-b59e-11223716c6d2”,“name”:null}

8

That might be also interesting for you

9

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.