ISC Community Toolbox

derek_putnam · January 24, 2024, 1:12pm


	Description	This is the developer community’s open-source admin tool, providing additional admin capabilities and reporting not currently available in the Identity Security Cloud UI.
	Legal Agreement	By using this CoLab item, you are agreeing to SailPoint’s Terms of Service for our developer community and open-source CoLab.
	Repository Link	https://github.com/sailpoint-oss/isc-community-toolbox
	Supported by	Community Developed

Overview

The ISC Community Toolbox is a desktop application with a collection of features in the Identity Security Cloud that haven’t yet made it into the UI. The ISC Community Toolbox is built using Electron and Sveltekit, and it is developed and maintained by the and the SailPoint Developer Relations team.

Requirements

The latest version of Windows, Mac, or Linux. This is a standalone installer and does not require any coding or development packages.

Guide

So, what can you do with the ISC Community Toolbox today? Below is a list of features, their descriptions, and what they can do, along with some screenshots.

All functionality. today for the ISC Community Toolbox is read-only, with the exception of the Courier tab, which allows you to make API calls.

Login

The login system is the same Oauth login system found in Identity Security Cloud, and offers the same Oauth flow and protections.

Homepage

The first thing you’ll see when you login to the ISC Community Toolbox is the homepage. Currently, the homepage has four items:

Identity Security Cloud Status

This is the official status of our platform, polled directly from status.sailpoint.com and will show you the latest status update. Clicking on this link will take you to status.sailpoint.com.

Tenant Links

This section just provides you fast links to common places you may want to navigate to in your tenant when doing common administration functions, so we simply provided those links for you here, for quick access.

Resources

Similar to tenant links, we know you may commonly visit external, SailPoint-owned resources, and so we’ve provided those links for you here, for quick access, as well.

Support

Last but not least, (again!), quick links to common support resources that you may reach out to after gleaning new information from your environment.

Sources Tab

The sources tab is very similar to the sources you would see in the Identity Security Cloud UI, but with additional data exposed for administrators, such as the Raw JSON objects of each source. The purpose of this tab is to make it easier for administrators to find relevant information about their sources (such as ID’s) when troubleshooting their environment, or having others (support, services, etc.) troubleshoot your environment.

Identities

The identities tab is very similar to the identities you would see in the Identity Security Cloud UI, but with additional data exposed for administrators, such as the Raw JSON objects of each identity. The purpose of this tab is to make it easier for administrators to find relevant information about their identities (such as ID’s) when troubleshooting their environment, or having others (support, services, etc.) troubleshoot your environment.

This tool also makes it much easier to view identity events for a given identity. This can be found under the Identities tab:

Click Open for your chosen identity
Scroll to the bottom of the identity page to see the identity events for that identity

Reports

The reports tab provides common queries that administrators may need to run to get an understanding of the health and posture of their Identity Security Cloud implementation. New reports can always be added to this section by requesting them here in the CoLab. You can find the current reports offered, below.

Source Account Create Error

This report will show all source accounts for which there is a create error associated with the source.

Inactive Identities with Access

This report will show all identities that are inactive but still have access in sources.

Missing Cloud Life Cycle State

This report will show all identities that are missing a cloud life cycle state.

Source Owner Configured

This report will show all sources and their configured owners.

Source Aggregations

This report will show all sources and their most recent aggregation events.

Courier

The courier tab makes it easy for you to run API calls without having to worry about managing authentication and authorization in a separate tool. This is especially useful when troubleshooting using the above tabs, and quick dropping down to the courier tab to make a remediation based on information learned above.

sharvari · January 25, 2024, 12:58pm

So happy to see this tool back online. It’s very useful.

derek_putnam · January 25, 2024, 2:22pm

Actually the old tool you knew with this name is no more, but we are working on a new admin console with all new features

JedHyder · January 30, 2024, 9:13pm

The old tools source code is still around if you need it or would like to contribute. GitHub - jhyderjhyder/idn-admin-console: This tool is build to help the community to manage SailPoint IdentityNow (IDN).. But it’s exciting to see there is something officially being offered to the community.

jrossicare · January 30, 2024, 10:06pm

Hi Jordan,
I am very excited for the new admin console, with all the new features!

Is there a page where we can keep track of the status or ETA of release?

derek_putnam · January 31, 2024, 11:31am

Hey Jason—this topic/page right here!

edmarks · January 31, 2024, 10:50pm

Try as I might, my virus scanner (Mcafee) blocks this a few seconds after launching and deletes the files. Any thoughts?

jrossicare · January 31, 2024, 10:53pm

Ed, I couldn’t run it either. I was trying the setup exe one.

derek_putnam · January 31, 2024, 11:02pm

@LukeHagar @philip-ellis, tagging the developers themselves!

LukeHagar · February 2, 2024, 3:59am

@edmarks @jrossicare,

We are working on code signing for this project, which should resolve the majority of these issues.

swcoleman · April 10, 2024, 2:47pm

@derek_putnam It appears that the links on the Github page to the releases and back to this page are broken.

derek_putnam · April 11, 2024, 2:29pm

Hey Scott! All fixed!

jrossicare · April 17, 2024, 3:58am

Hi,
Instructions say

Go to the folder: ./Sveltekit-App First, run this command:
npm install

I dont see Sveltekit-App folder, or Electron-App folder.

I am not sure what I am doing wrong. Thanks.

derek_putnam · April 17, 2024, 9:12am

Hey Jason,

Sorry about that—it looks like we had some old docs on the GitHub repo

I’ve removed those old docs, and you can find the docs here now:

jrossicare · April 19, 2024, 5:57am

I have another question

Why does it use username and password, and not PAT (Client ID + Secret)?

Thanks

derek_putnam · April 19, 2024, 2:17pm

Hey Jason,

To make sure I understand, are you asking why it uses an OAuth flow to take you to your login rather than letting you enter in a PAT to run the tool?

jrossicare · April 21, 2024, 11:06pm

Hi Jordan, Yes.

We have a ‘remote Identity Provider’ enabled, for SSO to ISC, so no-one knows their ISC login credentials.

Also, I think with having an IdP enabled, the ISC Toolbox doesnt is just blank after the screen where you enter your tenant name. You dont even see the screen/page to enter username and password.

I have not confirmed this 100% by disabling Remote Identity Provider, but will try it out of hours so I do not affect others.

Ideally it would be an option, to choose PAT rather than OAuth flow. I was going to see if I could code that myself if I get some time.

derek_putnam · April 22, 2024, 2:07pm

@philip-ellis - a good use case for including PAT as an option!

dblanchard · June 10, 2024, 12:21pm

Hello everyone,
I opened an incident on GIT because I can’t connect to the application, do you have other error cases in a similar case?
I also find it strange that the callback goes to IPV6 while all the other calls are in IPV4.
This tools seem very nice and I look forward to test it.

whoisdave · June 28, 2024, 2:10am

Hi Guys,

We leverage an IDP in front of IDN to perform Auth for us via SSO. Upon logon a white screen is shown as there is no HTTP response received from the initial auth request.

Initially - It does seem to not be compatible with the current latest version of the ISC toolbox 0.04.

Digging deeper,

There is a bug with the current release in which it fails the CORS policy on the browser. e.g. From the trace below you can see the referral from the Electron browser is https://localhost:3000, which will fail in the browser before it even hits the tenant endpoint. The redirect_uri param in the querystring is also incorrectly pulled from the referral, it probably needs to be built from the text field inputs on the first screen.

Hope this helps the team.

curl “https://xxxxxxxxx.identitynow.com/oauth/authorize?client_id=sailpoint-cli&response_type=code&redirect_uri=http://localhost:3000/callback” ^
-H “Referer: http://localhost:3000/” ^
-H “Upgrade-Insecure-Requests: 1” ^
-H “User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) isc-community-toolbox-svelte/0.0.4 Chrome/122.0.6261.129 Electron/29.1.4 Safari/537.36”