Create Bulk Access Requests in ISC

Thanks to @dernc and @ethompson whose posts helped in creating the PowerShell script.

Below is the modified PowerShell Script which you can use to create Access Request in Bulk.

#sandbox
$ClientID = "XXXXXXXXXXXXXXXXXXXXXXXXX"
$SecretID = "YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"
$pair = "$($ClientID):$($SecretID)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($pair))
$BasicAuth1 = "Basic $encodedCreds"

#Get credentials and encrypt them
$tokenParam = @{
               URI = 'https://my-tenant.api.identitynow.com/oauth/token'
               Body="grant_type=client_credentials"
               Headers = @{'Authorization' = "$BasicAuth1";"Content-Type"='application/x-www-form-urlencoded;application/json;charset=UTF-8'}
               Method = 'POST'
               
}
$tokenResponse = Invoke-RestMethod @tokenParam
$token = $tokenResponse.access_token
$users = @()
$entitlementId = "" 

foreach ($user in $users) {
    $body = @{
        requestedFor   = @(
            $user
        )
        requestType    = "GRANT_ACCESS"
        requestedItems = @(
            [PSCustomObject]@{
                type    = "ENTITLEMENT"
                id      = $entitlementId
                comment = "Assining entitlement to the users as per request from Karan"
            }
        )
    }
    (ConvertTo-Json $body -depth 5)
    
    $params = @{
        method      = "POST"
        uri         = "https://my-tenant.api.identitynow.com/v3/access-requests"
        body        = (ConvertTo-Json $body -Depth 5)
        headers     = @{'Authorization' = "Bearer $token"}
        ContentType = "application/json"
    }
    try {
        $response = Invoke-RestMethod @params
        $response
    }
    catch {
        Write-Host $response
        Write-Host $_.Exception.Message  -ForegroundColor Red
        Write-Host $_.Exception.ItemName  -ForegroundColor Red
    }
}
5 Likes

Thanks for sharing @karan_1984. This script could be really useful to perform bulk access request for let’s say 250 summer interns are informed to joining and we haven’t got RBAC set for them. Saves a lot of time.

Where do you think it’s best to save and run such script?

Hi @TheOneAMSheriff its up to you where you want to save. Would be good if it is executed by the person who knows how to use PowerShell script as you need to enter Identity ID and entitlement ID manually in this script.

Also, do note that you will enter the PAT information as well in this script.

1 Like