Hey gang!
I know there’s a whole PowerShell SDK and that the almighty @darrenjrobinson also has a (much more fleshed-out) PowerShell module, but I wanted to share mine here as well. I’ve been using/working on this for years, and it’s undergone a number of revisions as the API has matured, but it’s never made it to a public GitHub repo before now. The main benefit of this module is that it doesn’t require the SailPoint CLI or the PowerShell SDK, it makes the API calls to SailPoint directly (the downside of this, of course, is that this means I have to manually update functions when API endpoints change).
The module is also listed in the PSGallery, so it can be installed very easily with
Install-Module -Name iscUtils
Some additional notes:
- My module uses the
Microsoft.PowerShell.SecretStore
module to store the tenant/credential information, and basically just wraps my most-used API endpoints in PowerShell functions. It also uses a dynamic parameter for any function that cares about aSource
input, allowing you to tab-complete your source names via a dynamically-generated list pulled every time you connect to the API. - Function names are all in the singular rather than the plural, because that is the recommended nomenclature for PowerShell functions. The majority of the functions can still return a list of results where necessary.
- Comment-based help has been implemented for all functions as well. Running
Get-Help
for specific functions should help understand what parameters are available and what they do.
Current functions include:
Connect-ISC
- Connect to the ISC API.Get-ISCAccessProfile
- Retrieve a specific Access Profile or a list of Access Profiles from Identity Security Cloud.Get-ISCAccount
- Retrieve a specific account from Identity Security Cloud.Get-ISCConnection
- Retrieves information about the most recent connection to Identity Security Cloud.Get-ISCConnectorRule
- Retrieves connector rules from Identity Security Cloud.Get-ISCEntitlement
- Retrieve a specific entitlement from Identity Security Cloud.Get-ISCIdentity
- Retrieve a specific user from Identity Security Cloud.Get-ISCIdentityAttribute
- Retrieve an identity attribute from Identity Security Cloud.Get-ISCIdentityAttributeList
- Retrieve a list of Identity Attributes from Identity Security Cloud.Get-ISCPendingTaskList
- Retrieve a list of pending tasks from Identity Security Cloud.Get-ISCSource
- Retrieve a specific source from Identity Security Cloud.Get-ISCSourceSchema
- Retrieve a specific source schema from Identity Security Cloud.Get-ISCTaskList
- Retrieve a list of pending tasks from Identity Security Cloud.Get-ISCTransform
- Retrieve a specific transform from Identity Security Cloud.Get-ISCWorkflow
- Retrieve a specific workflow from Identity Security Cloud.Get-ISCWorkflowExecution
- Retrieve a specific workflow from Identity Security Cloud.Get-ISCWorkflowExecutionList
- Retrieve a list of executions from Identity Security Cloud for a specified workflow.Invoke-ISCQuery
- Run a specified query against Identity Security Cloud.New-ISCTenant
- Create a stored credential for a new ISC tenant.Remove-ISCTenant
- Remove a stored credential for an ISC tenant.Set-ISCAccessProfile
- Modifies an existing access profile in ISC.Set-ISCEntitlement
- Modifies an existing entitlement in ISC.Set-ISCTaskCompleted
- Modifies the status of a pending task in ISC.Test-ISCConnection
- Checks how old the existing Identity Security Cloud connection is.
Additional documentation (including examples) can be found in the GitHub repo’s ReadMe.
Please check it out and let me know what you think!