ISC Extensions for Visual Studio Code

Hello everyone!

As a daily-user of VSCode, I wanted to have a helpful extension to ease things with ISC and its APIs.

Note: This extension is not developed, maintained or supported by SailPoint. It is a community effort to help manage IdentityNow from Visual Studio Code.

The extension has evolved and support the following operation, while benefiting from a fully-feature IDE like VSCode:

• Connect to several tenants
• Import and export config of a tenant
• Edit access request, public identities, password, and org configuration for a tenant
• View, edit, aggregate, test, peek, ping, clone, or reset sources
• View, create, edit, delete, clone, and test transforms
• View, create, edit, delete provisioning policies of a source
• View, create, edit, delete schemas of a source
• View, edit, enable, disable, export, import workflows and view execution history
• View, create, edit, delete connector rules and export/import the script of a rule
• View, edit, delete service desk integrations
• View, edit, delete identity profiles and lifecycle states, and refreshes all the identities under a profile
• Import/Export Accounts (import for delimited files only), uncorrelated accounts, entitlement details
• View, edit, create, delete, export, import access profiles
• View, edit, create, delete, export, import roles, and dimensions
• View, edit, create, delete, export, import forms
• View, edit, create, delete search attribute config
• View, edit, create, delete identity attribute
• View, trigger attribute sync or process, delete identities
• View, edit, create, delete applications
• View, report, escalate, send reminders, reassign to access item owners or reassign based on a file, approve in bulk certification campaigns

Once you have installed the extension, you will be have a new “ISC” menu where you add tenants and view objects:

image1112×723 54.8 KB

For more information, you can get to SailPoint Identity Security Cloud - Visual Studio Marketplace

Installation

Installation is straightforward as the extension is published in VSCode marketplace.

Go to the extension menu or press Ctrl+Shift+X and look for the extension “SailPoint Identity Security Cloud”. Click on the button Install.

Here is version 1.0.0
It brings the support of entitlements for importing/exporting roles.
Most importantly, the extension has reached a milestone for which I considered the direct usage of API or Postman is unnecessary.
The extension will continue to evolve (the next step is probably the depreciation of the CC API for instance). But I think it deserves its version 1.0.

As usual, if you have any issue or any idea, do not hesitate to open a new issue in GitHub!

Here is version 1.3.0

As of now, all new tenant added will be marked as “read-only” by default. You can unlock the tenant by clicking the lock that appears when you pass the mouse over the tenant name

Lots of fixes, refactoring, updates and new features:

• Update for source aggregation and reset to leverage beta endpoints instead of CC endpoints
• Add searching and viewing identities by @henrique_quintino (cf. #74)
• Add attribute sync, process and delete command on identities by @henrique_quintino (cf. #74)
• Fixed normalizeNames (cf. #73)
• Lock tenant as read-only to prevent any change (cf. #75 and #81)
• Fixed with generate digit token to use the username and not the account name
• Automatically update workflow if its status is changed
• Fixed case where a single entitlement or single access profiles is returned during role creation

@angelo_mekenkamp the issue with workflow cache you’ve shown me should be solved

Here are versions 1.3.7 and 1.3.8

It brings small fixes, solves a long-due issue with retry and brings cool features around certification. I think it will really help people managing certification from on operation perspective.

• Viewing a workflow does not bring statistics as this can cause timeouts.
• Support of certifications
  • Dashboard
  • Esclation
  • Reminders
  • Report
  • Automatic reassignment to access item owners
  • Custom reassignment
• Fix axios-retry not working
• Removed filtering on sources since CC API is decommissioned

Big thank you to @mostafa_helmy and @Bassem_Mohamed who contributed on this.

Here is version 1.3.20

It brings new functionnality that has been in the backlog for a while:

• Add “Open in Web UI” command (cf. Add “Open in IdentityNow” command #15)
• Add “Edit email settings” command for a tenant
• New command to evaluate transform in the cloud (cf. Evaluate transforms in the cloud #32)
• Include `input` in the template for substring transform

Here is a demo of the new “preview” command. I hope you’ll like it!

Awesome!!
If you could also add a feature to view cloud rules in java format that would be great

Hi Yannick, when exporting rules they should be in json format or XML format. if json how can we convert our rule created to json?

if json how can we convert our rule created to json?

You mean “to XML”?

No here in ISC everything is json right? I have developed a connector rule and would want to upload to isc and then attach it to source. how an it be done?

For connector rules, that’s easy !
Take your beanshell code, right-click in the editor and start the process by using the command “ISC: Upload this code to a rule…” to create a new rule or else.

image626×515 12.3 KB

Thank You for your reply @yannick_beot . Can we create provisioning policy for Webservice source using ISC.

Hi,
Of course you can.
Web service connector supports account creation.

Hi @yannick_beot , by any chance do you have an example workflow that can be used to send bulk reminders to all the campaign reviewers who still need to complete their certification from VS Code without having to select one at a time or per page.

Hi @carlosherdocia
You can have a look at the README: Send Reminder Notification To Reviewers

Thank you, got that working. I now know you can send reminder to all and selecting multiple in the campaign but wanted to know if there was a way to only target the reviewers who have not completed their certifications.

If you are using the command “Send reminders”, to send to all, it will actually first get identities with remaining access review before sending mails.

Awesome, thank you very much.

Here is version 1.3.23

It brings new functionnality around access profiles and roles, to reflect updates of the platform:

• Support `dimensional` flag and attributes for dimention for role import and export
• Add support for metadata when importing or exporting Roles or Access Profiles
• Import/Export of dimensions for dimensional roles
• Roles and Access Profiles can be updated

And a few other things:

• Edit organization configuration at the tenant level (for timezone for instance)
• Clone transform

And fixes since the 1.3.20:

• Semantic errors do not display cause (cf. #122)
• When exporting lifecycle states in multiple files, the name of the lifecycle state is prefixed with the name of the identity profile
• Issue Attribute Sync Config export in multiple files if the source have been deleted (cf. #123)
• Fix issue with Access Profile & Entitlement Pie Chart of a campaign (cf. #125)

Underneath, I’ve started to migrate to the V2025 endpoint and get rid of v3/beta endpoints.

Thank You Yannick (and team)!!!