Identitynow Powershell comand not working

Hi, I am facing one strange issue with Powershell SDK. I am not able set environment variables properly. Can someone help me on this. Here is output:

PS C:\Users\Testuser.sailpoint> sail env mytestenv
Tenant URL (ex. https://tenant.identitynow.com): https://mytestenv-sp.identitynow.com
API Base URL (ex. https://tenant.api.identitynow.com): https://mytestenv-sp.api.identitynow.com

PS C:\Users\Testuser.sailpoint> sail set pat
Personal Access Token Client ID:
Personal Access Token Client Secret:

PS C:\Users\Testuser.sailpoint> Get-DefaultConfiguration
System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry
No clientid set for environment: mytestenv
No clientsecret set for environment: mytestenv

Name Value

TokenUrl https://mytestenv-sp.api.identitynow.com/oauth/token
BaseUrl https://mytestenv-sp.api.identitynow.com/
Proxy
DefaultHeaders {}
RetryIntervalSeconds 5
Environment mytestenv
ClientId
MaximumRetryCount 10
SkipCertificateCheck False
ClientSecret
TokenExpiration
Token

PS C:\Users\Testuser.sailpoint> cat config.yaml
activeenvironment: mytestenv
authtype: pat
debug: false
environments:
aonsandbox:
baseurl: https://mytestenv-sp.api.identitynow.com
tenanturl: https://mytestenv-sp.identitynow.com
mytestenv:
baseurl: https://mytestenv-sp.api.identitynow.com
tenanturl: https://mytestenv-sp.identitynow.com
exporttemplatespath: “”
reporttemplatespath: “”
searchtemplatespath: “”

PS C:\Users\Testuser.sailpoint> sail env mytestenv
Tenant URL (ex. https://tenant.identitynow.com): https://mytestenv-sp.identitynow.com
API Base URL (ex. https://tenant.api.identitynow.com): https://mytestenv-sp.api.identitynow.com

PS C:\Users\Testuser.sailpoint> sail set pat
Personal Access Token Client ID:
Personal Access Token Client Secret:

PS C:\Users\Testuser.sailpoint> Get-DefaultConfiguration
System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry
No clientid set for environment: mytestenv
No clientsecret set for environment: mytestenv

Name Value

TokenUrl https://mytestenv-sp.api.identitynow.com/oauth/token
BaseUrl https://mytestenv-sp.api.identitynow.com/
Proxy
DefaultHeaders {}
RetryIntervalSeconds 5
Environment mytestenv
ClientId
MaximumRetryCount 10
SkipCertificateCheck False
ClientSecret
TokenExpiration
Token

PS C:\Users\Testuser.sailpoint> $PSVersionTable

Name Value

PSVersion 6.2.0
PSEdition Core
GitCommitId 6.2.0
OS Microsoft Windows 10.0.22621
Platform Win32NT
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0

If you’re just wanting to use the PowerShell SDK, you can create a config.json file directly in the directory you’re working in without having to use the CLI to generate a file. If you’re wanting to use the CLI, then you will need to reference: CLI | SailPoint Developer Community which describes the manual configuration of the environment variables.

Considering I work with many different tenants, I utilize the config.json file and have separate sub-directories each with a specific tenant specific configuration file.

Example config.json file (local directory option noted above)

{
	"baseurl": "https://<tenant>.api.identitynow.com/",
	"clientid": "<clientID>",
	"clientsecret": "<clientSecret>"
}

I am very confused here. I have placed config.json file under folder C:\Program Files\PowerShell\6 → config.json but still when I run powershell command I am getting below message:
PS C:\Users\hranjan> Get-DefaultConfiguration
System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry
No clientid set for environment: spdev
No clientsecret set for environment: spdev

Name Value

TokenExpiration
Token
MaximumRetryCount 10
SkipCertificateCheck False
TokenUrl https://tenant.api.identitynow.com/oauth/token
ClientSecret
RetryIntervalSeconds 5
BaseUrl https://tenant-sb.api.identitynow.com/
Environment spdev
ClientId
DefaultHeaders {}
Proxy

I have these folders:
C:\Program Files\PowerShell\6 → config.json
C:\Users\hranjan\Documents\PowerShell\Modules\PSSailpoint\1.1.3
C:\Users\hranjan \ .sailpoint → config.yaml

Could you please help on this issue, I am not able to run any powershell command of Sailpoint

I have Sailpoint CLI installed, some CLI commands are giving output (like sail workflow list) but not all.

@darrenjrobinson Robinson could you please help me on powershell command execution, issue details you can see above

Looks like you are missing items from your configuration.
Specifically clientid and client secret. Have you configured a Personal Access Token and put the values into your configuration?

@darrenjrobinson
I have referred this URL to set environment for my CLI - CLI | SailPoint Developer Community

I opened windows command prompt terminal and followed these steps:

1. C:\Users\hranjan>sail env devenv
   Tenant URL (ex. https://tenant.identitynow.com): https://mytestenv-sb.identitynow.com
   API Base URL (ex. https://tenant.api.identitynow.com): https://mytestenv-sb.api.identitynow.com

2. C:\Users\hranjan>sail set pat
   Personal Access Token Client ID:
   Personal Access Token Client Secret:

3. C:\Users\hranjan>sail set auth pat
   2023/11/25 16:54:56 INFO Authentication method set to PAT

PS C:\Users\hranjan> Get-DefaultConfiguration

Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are
you sure you want to install the modules from ‘PSGallery’?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is “N”): A
WARNING: Version ‘1.0.2’ of module ‘PSYaml’ is already installed at ‘C:\Users\hranjan\Documents\PowerShell\Modules\PSYaml\1.0.2’. To reinstall this version ‘1.0.2’, run Install-Module or Updated-Module cmdlet with the -Force parameter.
System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry
No clientid set for environment: devenv
No clientsecret set for environment: devenv

Name Value

RetryIntervalSeconds 5
ClientSecret
MaximumRetryCount 10
Proxy
BaseUrl https://mytestenv-sb.api.identitynow.com/
ClientId
TokenUrl https://mytestenv-sb.api.identitynow.com/oauth/token
Token
SkipCertificateCheck False
Environment devenv
DefaultHeaders {}
TokenExpiration

I tried to use other powershell command like:
PS C:\Users\hranjan> Get-BetaConnectorList
System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry System.Collections.DictionaryEntry
No clientid set for environment: devenv
No clientsecret set for environment: devenv
ClientId, ClientSecret or TokenUrl Missing. Please provide values in the environment or in ~/.sailpoint/config.yaml

This is content from ~/.sailpoint/config.yaml (C:\Users\hranjan \ .sailpoint)
activeenvironment: devenv
authtype: pat
debug: false
environments:
devenv:
baseurl: https://mytestenv-sb.api.identitynow.com
clientid: xxxxxxxxxxxxxxxxxx
clientsecret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
tenanturl: https://mytestenv-sb.identitynow.com
spdev:
baseurl: https://mytestenv-sb.api.identitynow.com
clientid: xxxxxxxxxxxxxxxxxx
clientsecret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
tenanturl: https://mytestenv-sb.identitynow.com
exporttemplatespath: “”
reporttemplatespath: “”
searchtemplatespath: “”

Could you please guide me on missing steps.

Did you try if after configuration your CLI works? just try to execute sail connectors list - if no exception then you have correctly configured your connection and problem is on powershell side.

You can also use CLI to generate templates for Powershell scripts just execute “sail sdk init powershell” it will create few sample scripts - maybe that would be usefull.

Let me know if the CLI works properly - if yes then we need to search for issues somwhere else.

Thanks Kamil for your response. I tried to run command as per your suggestion and here is the output:
C:\Users\hranjan>sail connectors list
±—±------+
| ID | ALIAS |
±—±------+
±—±------+

ID and ALIAS both are blank.

but some of the sail commands displaying output like
C:\Users\hranjan>sail transform list
±---------------------------------------------------±-------------------------------------+
| NAME | ID |
±---------------------------------------------------±-------------------------------------+
| Demo Transform | 06ee6983-bcb6-4720-a861-0b2ce02f095c |

I’ve just checked how the Get-DefaultConfiguration is checking config and it seems it’s not really compatible with the way how it’s created by the CLI.

Try to make something like that

image1292×613 58.7 KB

Because as you can see this is how the Configurations script is extracting values:

image1516×259 8.18 KB

Sure, I updated config.yaml file as per your input and when I try ps command Get-DefaultConfiguration I am getting below message:

PS C:\Users\hranjan> Get-DefaultConfiguration
Exception calling “Load” with “1” argument(s): “(Line: 11, Col: 6, Idx: 301) - (Line: 11, Col: 6, Idx: 301): While parsing a block mapping, did not find expected key.”
At C:\Users\hranjan\Documents\PowerShell\Modules\PSYaml\1.0.2\Public\ConvertFrom-Yaml.ps1:13 char:5
$yamlStream.Load([System.IO.TextReader]$stringReader)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : NotSpecified: ( : ) , MethodInvocationException
FullyQualifiedErrorId : SemanticErrorException

You cannot call a method on a null-valued expression.
At C:\Users\hranjan\Documents\PowerShell\Modules\PSYaml\1.0.2\Private\ConvertFrom-YAMLDocument.ps1:43 char:5
$TheTypeOfNode = $TheNode.GetType().Name # determine this
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : InvalidOperation: ( : ) [ ], RuntimeException
FullyQualifiedErrorId : InvokeMethodOnNull

No environments specified in config file
Cannot index into a null array.
At C:\Users\hranjan\Documents\PowerShell\Modules\PSSailpoint\1.1.3\Configuration.ps1:27 char:9
if (!($Configuration.BaseUrl[-1] -eq “/”)) {
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : InvalidOperation: ( : ) , ParentContainsErrorRecordException
FullyQualifiedErrorId : NullArray

Better use notepad++ or visual studio because looks like you entered some unparsable character.

Here’s the process graphically.

Install PSYaml and PSSailpoint PS Modules.

image1083×335 24.5 KB

In the directory you have downloaded the CLI into then configure it for your env and to use a PAT.

image956×101 6.75 KB

Import the PSSailpoint module

image1113×740 65.9 KB

Use the cmdlets to orchestrate your environment.

image1113×740 63.4 KB

Note the deprecation warning for using this method, but it is a quick way to verify you have all the correct binaries and configuration.

Hi Darren @darrenjrobinson Thanks for your input. I am able to run ps commands for our IDN! I need few inputs on running Sailpoint PS command as I am very new to use API using PS. Here is one use case for me:
I am using one API from Postman which is to fetch one particular workflow execution where status was failed

---> https://mytenant.api.identitynow.com/beta/workflows/{workflowid}/executions?filters=status eq "Failed"
I am looking to use similar API from powershell like →
PS C:\Program Files\WindowsPowerShell\Modules\PSSailpoint\1.1.3\beta\src\PSSailpointBeta\Api> Get-BetaWorkflowExecutions {workflowid}
This is giving me complete workflow execution history like I get from postman api, but I am not sure how to apply filter in powershell. Could you please suggest me how can I apply filter in PS command for above case- (like show only status eq failed)

id                                   xxxxxxxxxxxxxxxxxxxxxxxxx
workflowId                     {workflowid}
requestId                      xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
startTime                      2023-11-27T07:38:40.156508799Z
closeTime                      2023-11-27T07:38:41.253593783Z
status                          Completed

id                                   xxxxxxxxxxxxxxxxxxxxxxxxx
workflowId                     {workflowid}
requestId                      xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
startTime                      2023-11-27T07:38:40.156508799Z
closeTime                     2023-11-27T07:38:41.253593783Z
status                         Failed

PS C:\Program Files\WindowsPowerShell\Modules\PSSailpoint\1.1.3\beta\src\PSSailpointBeta\Api> Get-BetaWorkflows -status "failed"
Get-BetaWorkflows: A parameter cannot be found that matches parameter name 'status'.

PS C:\Program Files\WindowsPowerShell\Modules\PSSailpoint\1.1.3\beta\src\PSSailpointBeta\Api> Get-BetaWorkflowExecutions {workflowid} filters=status eq "Failed"
Get-BetaWorkflowExecutions: Cannot process argument transformation on parameter 'Limit'. Cannot convert value "filters=status" to type "System.Int32". Error: "The input string 'filters=status' was not in a correct format."

I tried like above but its not working. May be I am not sure how to apply filter in powershell api call

The quickest way is to return all, then to apply the filter on the returned results using PS.

Something like this

$workflowExecutions = Get-BetaWorkflowExecutions
$failedWorkflowExecutions = $workflowExecutions | where-object {$_.status -eq 'Failed'}
$failedWorkflowExecutions

Regards,
DR

Hi Himanshu,
Can you try this?

# general setting of the PowerShell module, e.g. base URL, authentication, etc
$Configuration = Get-Configuration
# Configure OAuth2 access token for authorization: UserContextAuth
$Configuration.AccessToken = "YOUR_ACCESS_TOKEN"

# Configure OAuth2 access token for authorization: UserContextAuth
$Configuration.AccessToken = "YOUR_ACCESS_TOKEN"

$Id = "c17bea3a-574d-453c-9e04-4365fbf5af0b" # String | Id of the workflow
$Limit = 250 # Int32 | Max number of results to return. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 250)
$Offset = 0 # Int32 | Offset into the full result set. Usually specified with *limit* to paginate through the results. See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to 0)
$Count = $true # Boolean | If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.  Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.  See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. (optional) (default to $false)
$Filters = "status eq "Failed"" # String | Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)  Filtering is supported for the following fields and operators:  **startTime**: *eq, lt, le, gt, ge*  **status**: *eq* (optional)

# List Workflow Executions
try {
    $Result = Get-BetaWorkflowExecutions -Id $Id -Limit $Limit -Offset $Offset -Count $Count -Filters $Filters
} catch {
    Write-Host ("Exception occurred when calling Get-BetaWorkflowExecutions: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
    Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}

This is example from SDK documentation which seems to do exactly what you need with correct syntax

Hi Kamil,
Thanks for your script. I tried to run but getting one error:

PS C:\Program Files\WindowsPowerShell\Modules\PSSailpoint\1.1.3\beta\src\PSSailpointBeta\Api> .\Test-api-1.ps1
ParserError: C:\Program Files\WindowsPowerShell\Modules\PSSailpoint\1.1.3\beta\src\PSSailpointBeta\Api\Test-api-1.ps1:12
Line |
  12 |  $Filters = "status eq "Failed""
     |                         ~~~~~~~~
     | Unexpected token 'Failed""' in expression or statement.

$Configuration.clientid = "xxxxxxxxxxxxxxxx"
$Configuration.clientsecret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

$Id = "xxxxxxxxxxxxxxxx" # String | Id of the workflow
$Limit = 250
$Offset = 0
$Count = $true
$Filters = "status eq "Failed""

# List Workflow Executions
try {
    $Result = Get-BetaWorkflowExecutions -Id $Id -Limit $Limit -Offset $Offset -Count $Count -Filters $Filters
	Write-Output($Result)	
	Write-Host($Result)
} catch {
    Write-Host ("Exception occurred when calling Get-BetaWorkflowExecutions: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
    Write-Host ("Response headers: {0}" -f ($_.Exception.Response.Headers | ConvertTo-Json))
}

and if I try #$Filters = {$_.status -eq ‘Failed’} its giving error message

ConvertFrom-Json: C:\Program Files\WindowsPowerShell\Modules\PSSailpoint\1.1.3\beta\src\PSSailpointBeta\Api\Test-api-1.ps1:28
Line |
  28 |  … BetaWorkflowExecutions: {0}" -f ($_.ErrorDetails | ConvertFrom-Json))
     |                                                       ~~~~~~~~~~~~~~~~
     | Cannot bind argument to parameter 'InputObject' because it is null.
Exception occurred when calling Get-BetaWorkflowExecutions:
Response headers: null

somehow filter is not getting apply Filters = “status eq “Failed”” could you please check at your end with similar test

somehow filter is not getting apply

@darrenjrobinson I tried your script as well but its getting stuck at filter level. error message posted above

I don’t have any workflows in this environment so here is the commands working against Connectors. And an extra pipe to just return Connector name and status.

image1660×561 46.1 KB