Create Bulk Access Requests to Remove Users in ISC

Identity Security Cloud (ISC) ISC Community Knowledge Base
, , ,
1

Below is the modified PowerShell Script which you can use to create Access Request in Bulk to remove users.

#sandbox
$ClientID = "XXXXXXXXXXXXXXXXXXXXXXXXX"
$SecretID = "YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"
$pair = "$($ClientID):$($SecretID)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($pair))
$BasicAuth1 = "Basic $encodedCreds"

#Get credentials and encrypt them
$tokenParam = @{
               URI = 'https://my-tenant.api.identitynow.com/oauth/token'
               Body="grant_type=client_credentials"
               Headers = @{'Authorization' = "$BasicAuth1";"Content-Type"='application/x-www-form-urlencoded;application/json;charset=UTF-8'}
               Method = 'POST'
               
}
$tokenResponse = Invoke-RestMethod @tokenParam
$token = $tokenResponse.access_token
$users = Get-Content "D:\Add-Users.txt"
$entitlementId = "" 

foreach ($user in $users) {
    $body = @{
        requestedFor   = $user.split(':')
        requestType    = "REVOKE_ACCESS"
        requestedItems = @(
            [PSCustomObject]@{
                type    = "ENTITLEMENT"
                id      = $entitlementId
                comment = "Assining entitlement to the users as per request from Karan"
            }
        )
    }
    (ConvertTo-Json $body -depth 5)
    
    $params = @{
        method      = "POST"
        uri         = "https://my-tenant.api.identitynow.com/v3/access-requests"
        body        = (ConvertTo-Json $body -Depth 5)
        headers     = @{'Authorization' = "Bearer $token"}
        ContentType = "application/json"
    }
    try {
        $response = Invoke-RestMethod @params
        $response
    }
    catch {
        Write-Host $response
        Write-Host $_.Exception.Message  -ForegroundColor Red
        Write-Host $_.Exception.ItemName  -ForegroundColor Red
    }
}

# Combined the data for CSV export
$CombinedData = @()

foreach ($user in $body.requestedFor) {
    foreach ($item in $body.requestedItems) {
        $flattenedData += [PSCustomObject]@{
            RequestedFor    = $user
            RequestType     = $body.requestType
            ItemType        = $item.type
            ItemId          = $item.id
            ItemComment     = $item.comment
        }
    }
}
 $CombinedData| Export-Csv "C:\Users\Remove-Users.csv" -Append -NoTypeInformation
5 Likes
2

Hello @karan_1984,

Thanks for sharing such script within the community, I’ll save such script for my future endeavours

1 Like
3

Hi,

Do you have script to revoke access request in bulk?

I have 3k+ entitlements where I need to revoke access of all users in those entitltments

4

Hi @karan_1984 ,

Thanks for sharing also helps us with remove user file fields screenshot it will benefit more people for better understanding

Thanks in advance

Avinash Mulpuru

5

Yes.

I can publish the script.

6

Are you asking what information needs to be mentioned the txt file?

7

Yes exactly @karan_1984

8

Can you publish it here?

9

I have created a new Article in which the script is uploaded. Once it is approved you can search for the post. It is named as “Create Bulk Access Request for Removing Multiple users from Multiple Entitlements“.

10

Thank you for the information @karan_1984 .