A completely different ISC PowerShell Module

Identity Security Cloud (ISC) ISC Community Knowledge Base
, ,
1

Hey gang!

I know there’s a whole PowerShell SDK and that the almighty @darrenjrobinson also has a (much more fleshed-out) PowerShell module, but I wanted to share mine here as well. I’ve been using/working on this for years, and it’s undergone a number of revisions as the API has matured, but it’s never made it to a public GitHub repo before now.

My module uses the Microsoft.PowerShell.SecretStore module to store the tenant/credential information, and basically just wraps my most-used API endpoints in PowerShell functions. It also uses a dynamic parameter for any function that cares about a Source input, allowing you to tab-complete your source names via a dynamically-generated list pulled every time you connect to the API.

Note that the function names are all in the singular rather than the plural, because that is the recommended nomenclature for PowerShell functions. The majority of the functions can still return a list of results where necessary.

Comment-based help has been implemented for all functions as well. Running Get-Help for specific functions should help understand what parameters are available and what they do.

Current functions include:

  • Connect-ISC - initialize the connection to the API for the specified tenant

  • Test-ISCConnection - check whether the current token is still valid

  • Get-ISCConnection - retrieve some details about the current session

  • Invoke-ISCQuery - run a specified query

  • Get-ISCIdentity - retrieve a specific identity, or a list of identities

  • Get-ISCAccount - retrieve a specific account, or a list of accounts

  • Get-ISCAccessProfile - retrieve a specific access profile, or a list of access profiles

  • Set-ISCAccessProfile - modify an existing access profile

  • Get-ISCConnectorRule - retrieve a specific connector rule, or a list of all connector rules

  • Get-ISCEntitlement - retrieve a specific entitlement, or a list of all entitlements

  • Set-ISCEntitlement - modify an existing entitlement

  • Get-ISCPendingTaskList - retrieve a list of pending tasks

  • Get-ISCTransform - retrieve a specific transform, or a list of all transforms

  • Get-ISCWorkflow - retrieve a specific workflow, or a list of all workflows matching the defined criteria

  • Get-ISCWorkflowExecutionList - retrieve a list of workflow executions for a specified workflow

  • Get-ISCWorkflowExecution - retrieve the details of a specific workflow execution

  • Set-ISCTaskCompleted - update a specified workflow execution to mark it as complete or errored

Please check it out and let me know what you think!

19 Likes
2

Hello! Just an update - I’ve added the ability to connect to Demo tenants (identitynow-demo.com, i.e. Ambassador DevRel tenants) and FedRamp tenants (saas.sailpointfedramp.com) by specifying the -Domain value on the Connect-ISC cmdlet. If this is not specified, it’ll use the default domain (identitynow.com).

3

Another update! I’ve simplified the storing of a new set of credentials. You no longer have to formulate your own Secret name for a Set-Secret call, you can simply run New-ISCTenant and pass in the tenant name (the {tenant} part in https://{tenant}.identitynow.com) along with either a ClientID and ClientSecret (which needs to be a SecureString) or a Credential Object (which you can either make by hand or with Get-Credential, using the ClientID as the username and the ClientSecret as the password in either case).

You can do something like this:

New-ISCTenant -Tenant 'devrel-ga-xxxx '-ClientID '1619...426d' -ClientSecret ('cd2c.......b178' | ConvertTo-SecureString -AsPlainText -Force)

or this:

$clientID = '1619...426d'
$clientSecret = 'cd2c.......b178' | ConvertTo-SecureString -AsPlainText -Force

$credential = [PSCredential]::New($clientID, $clientSecret)

New-ISCTenant -Tenant 'devrel-ga-xxxx ' -Credential $credential

or this:

$credential = Get-Credential

New-ISCTenant -Tenant 'devrel-ga-xxxx ' -Credential $credential
1 Like