How to read all entitlements through REST API call from PowerShell Script (with pagination)

mrahulbb · November 15, 2023, 10:31am

Please share if you have any sample code references to read all entitlements through REST API call from PowerShell Script (with pagination). We are working on reading all entitlements for all sources and check an attribute condition and update through PowerShell script. (limit is just 250 records)

Kurt_Ramsey · November 15, 2023, 12:02pm

Using GitHub - sailpoint-oss/powershell-sdk: PowerShell Module for accessing SailPoint IdentityNow APIs

This is a bit more than just the entitlements, but is part of a script that I have that exports all objects, this is what I have for sources

$orgName = "YOUR ORG"
$runtime = ([System.DateTime]::Now).ToString("yyyy-MM-ddTHH-mm-ss")

function Remove-NoteProperty {
    param(
        [Parameter(ValueFromPipeline=$true)]
        [PSCustomObject]$InputObject,
        [Parameter(Position=0)]
        [string]$Name
    )

    process {
        $InputObject.PSObject.Properties.Remove($Name)
        return $InputObject
    }
}

######################################################################################################
#  ___
# / __| ___ _  _ _ _ __ ___ ___
# \__ \/ _ \ || | '_/ _/ -_|_-<
# |___/\___/\_,_|_| \__\___/__/
#
######################################################################################################
	$objectType = "Sources"
	$Parameters = @{
	}

	try {
		$results = Invoke-Paginate -Function "Get-Sources" -Increment 250 -Limit 10000 -InitialOffset 0 -Parameters $Parameters
	} catch {
		Write-Host $_
		Write-Host ("Exception occurred when calling {1}: {0}" -f ($_.ErrorDetails | ConvertFrom-Json), "Get-Sources")
		Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
	}

	foreach ($object in $results) {
		$objectName = $object.name
		$objectName = $objectName -replace '[\\/:*?"<>|]', ''
		$objectId = $object.id

		$object.connectorAttributes | Remove-NoteProperty -Name 'accesstoken' > $null
		$object.connectorAttributes | Remove-NoteProperty -Name 'client_secret' > $null
		$object.connectorAttributes | Remove-NoteProperty -Name 'IQServicePassword' > $null
		$object.connectorAttributes | Remove-NoteProperty -Name 'clientKeySpec' > $null
		$object.connectorAttributes | Remove-NoteProperty -Name 'password' > $null
		$object.connectorAttributes | Remove-NoteProperty -Name 'oauthBearerToken' > $null
		$object.connectorAttributes | Remove-NoteProperty -Name 'clientSecret' > $null
		$object.connectorAttributes | Remove-NoteProperty -Name 'sourceSecret' > $null
		$object.connectorAttributes | Remove-NoteProperty -Name 'accesstoken' > $null
		$object.connectorAttributes.domainSettings | Remove-NoteProperty -Name 'password' > $null


		$json = $object | ConvertTo-Json -Depth 100

		if (!(Test-Path -Path "$scriptDirectory\$orgName\$objectType\$objectName")) { New-Item -ItemType Directory -Force -Path "$scriptDirectory\$orgName\$objectType\$objectName" | Out-Null }
		Add-Content -Path "$scriptDirectory\$orgName\$objectType\$objectName\$objectName.json" -value "# https://$orgName.identitynow.com/ui/admin#admin:connections:sources:$objectId"
		Add-Content -Path "$scriptDirectory\$orgName\$objectType\$objectName\$objectName.json" -value $json

		#Get-BetaEntitlements
			$subobjectType = "Entitlements"
			if (!(Test-Path -Path "$scriptDirectory\$orgName\$subobjectType")) { New-Item -ItemType Directory -Force -Path "$scriptDirectory\$orgName\$subobjectType" | Out-Null }

			$Parameters = @{
				"Filters" = "source.id eq ""$objectId"""
			}
			try {

				$subResults = Invoke-Paginate -Function "Get-BetaEntitlements" -Increment 250 -Limit 100000 -InitialOffset 0 -Parameters $Parameters
				Set-Content -Path "$scriptDirectory\$orgName\$subobjectType\$objectName.$subobjectType.csv" -Value """entitlements.id"",""entitlements.name"",""type"",""SourceName"",""SourceValue"""
				foreach ($subObject in $subResults) {
					$entType = "$($subObject.attribute)".Trim()
					$entName = "$($subObject.name)".Trim()
					$entSourceName = "$($subObject.attributes.name)".Trim()
					$sourceName = "$($subObject.source.name)".Trim()
					$entValue = "$($subObject.value)".Trim()
					$entIDNID = "$($subObject.id)".Trim()
					Add-Content -Path "$scriptDirectory\$orgName\$subobjectType\$objectName.$subobjectType.csv" -value """$entIDNID"",""$entName"",""$entType"",""$entSourceName"",""$entValue"""
				}
				Start-Sleep -Seconds 1

			} catch {
				Write-Host $_
				Write-Host ("Exception occurred when calling {1}: {0}" -f ($_.ErrorDetails | ConvertFrom-Json), "Get-BetaEntitlements")
				Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
			}

		#Get-SourceSchemas
			$subobjectType = "SourceSchemas"
			try {

				#$results = Invoke-Paginate -Function "Get-SourceSchemas" -Increment 250 -Limit 10000 -InitialOffset 0 -Parameters $Parameters
				$subResults = Get-SourceSchemas -SourceId $objectId
				foreach ($subObject in $subResults) {

					$json = $subObject | ConvertTo-Json -Depth 100

					$subObjectName = $subObject.name
					$subObjectId = $subObject.id

					if (!(Test-Path -Path "$scriptDirectory\$orgName\$objectType\$objectName")) { New-Item -ItemType Directory -Force -Path "$scriptDirectory\$orgName\$objectType\$objectName" | Out-Null }
					Add-Content -Path "$scriptDirectory\$orgName\$objectType\$objectName\$objectName.$subobjectType.$subObjectName.json" -value "# $orgName $subObjectId"
					Add-Content -Path "$scriptDirectory\$orgName\$objectType\$objectName\$objectName.$subobjectType.$subObjectName.json" -value $json

				}
				Start-Sleep -Seconds 1

			} catch {
				Write-Host $_
				Write-Host ("Exception occurred when calling {1}: {0}" -f ($_.ErrorDetails | ConvertFrom-Json), "Get-SourceSchemas")
				Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
			}

		#Get-ProvisioningPolicies
			$subobjectType = "ProvisioningPolicies"
			try {

				#$results = Invoke-Paginate -Function "Get-ProvisioningPolicies" -Increment 250 -Limit 10000 -InitialOffset 0 -Parameters $Parameters
				$subResults = Get-ProvisioningPolicies -SourceId $objectId
				foreach ($subObject in $subResults) {

					$json = $subObject | ConvertTo-Json -Depth 100

					$subObjectName = $subObject.name
					$subObjectId = $subObject.id

					if (!(Test-Path -Path "$scriptDirectory\$orgName\$objectType\$objectName")) { New-Item -ItemType Directory -Force -Path "$scriptDirectory\$orgName\$objectType\$objectName" | Out-Null }
					Add-Content -Path "$scriptDirectory\$orgName\$objectType\$objectName\$objectName.$subobjectType.$subObjectName.json" -value "# $orgName $subObjectId"
					Add-Content -Path "$scriptDirectory\$orgName\$objectType\$objectName\$objectName.$subobjectType.$subObjectName.json" -value $json

				}
				Start-Sleep -Seconds 1

			} catch {
				Write-Host $_
				Write-Host ("Exception occurred when calling {1}: {0}" -f ($_.ErrorDetails | ConvertFrom-Json), "Get-ProvisioningPolicies")
				Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
			}


	}

mcheek · November 15, 2023, 2:00pm

I posted a solution in the other topic you created yesterday on this exact same question.

system · January 14, 2024, 2:01pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to get all entitlements for all the IDN sources ISC Discussion and Questions identity-security-cloud	3	307	January 13, 2024
Powershell api issue not able to reach to tenant URL ISC Discussion and Questions identity-security-cloud , powershell-sdk	7	233	March 7, 2024
Powershell API calls ISC Discussion and Questions apis , identity-security-cloud	8	767	June 20, 2023
Issue IdentityNow Bulk Access Profile and Role-Importer ISC Discussion and Questions	11	2300	July 19, 2023
How to print object values in Powershell ISC Discussion and Questions apis , identity-security-cloud , powershell-sdk	5	125	March 26, 2024

How to read all entitlements through REST API call from PowerShell Script (with pagination)

Related Topics