Add Identites to Role from CSV

Does anyone have details for Postman for uploading a list of Identities from a CSV to an existing Role? I believe this could be done with the Access Request but I’m pretty new at using Postman. Any help would be appreciated! Thanks

This is our business process if it helps makes sense of another solution:

• We have an application with a list of users with direct login
• Application is going to switch to SSO login so we want to control access through Role
• Rather than having ## of Identities Request access they already have we have approval to add all the Identities for the Role
• After they have all been added we change the Role to be approved by Owner going forward

A role request call would be a post to the /beta/access-requests endpoint with a body that looks like
{
“requestedFor”: [
“ID of Identity”
],
“requestType”: “REQUEST_ACCESS”,
“requestedItems”: [
{
“type”: “ROLE”,
“id”: “ID of ROLE”,
“comment”: “Request role from csv”
}
]
}

To do this from a csv you would need a script of some kind. I have a python script I could share if that is of interest.

Hi @ajtardio,

Welcome to SailPoint Developer Community,

I can’t think of any direct ways to load it from CSV and make update, but since know the list of Identities that might need why not use the Assignment criteria type to Identity List and upload the entire list in a single request?

Patch Role Endpoint can come in handy, click here for more details

[
  {
    "op": "replace",
    "path": "/membership",
    "value": {
      "type": "IDENTITY_LIST",
      "identities": [
        {
          "id": "2c91808973fe906c0174262092014ed9"
        },
        {
          "id": "2c918086262092014ed94fb8a47612f3"
        }
      ]
    }
  }
]

If you are looking from a code standpoint you can get-role and add the identities and patch-role

Here is an example of something I’ve used to upload that uses a file. Is anyone familiar with this? It was for a Source so not sure this could be used for a Request to a Role.

I’ve done this before with application go-lives where we need to provision access all at once.

Do you happen to have a list of all the identity ids involved here?

Oh sure, I can quickly run an export with PowerShell in AD for all the users in a current group to a CSV then use that as the import file. Could you share how you’ve done that before?

Assuming you have the postman collection downloaded, I would create a new “runner” collection specifically for performing these types of tasks. I called mine “zRuns” and I copy requests I want to loop through to that collection

In this request body, make sure you variable-ize the requestor Id. I have the Id of the access profile hard-coded because I’m assuming you know that and you’re submitting requests for the same item for multiple people

In the pre-request script, add a line of script to populate that variable from the CSV. This is assuming the CSV column is called “identityId”

Click on the parent folder where the request exists, and then click “Run” at the top right. This will bring up the runner view

Ensure you’ve only checked the request you want to loop through, then on the right, click “Select File” to upload your CSV. The Iterations field should reflect the number of rows in the csv.

I typically check the “Persist responses for a session” in case there were any errors, then click the Run button at the bottom.

Goes without saying you should probably test this in a non-production tenant first

It should be noted that since the access requests API allows an array of identities, you can always just paste the identity Ids into the “requestedFor” array instead of doing this looping, but this is a good skill to know for other use cases.

On top of all our fellow experts solutions,

May be you can build a simple PowerShell script to read data from a CSV file and invoke Access Requests for each user as a loop.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.