Scheduled IIQ Workflows execution with PowerShell

aditya_pathak · April 12, 2023, 6:12am

Problem Statement: Sometimes there might be a need to -
a) extend existing PS Scripts to leverage and pass several inputs to SailPoint IIQ WFs/receive response and (if required) run it periodically.
b) Call a SailPoint IIQ WF through PS Script and run it periodically.
c) Test the IIQ WF using PowerShell in the absence of tools like Postman.

Solution -

The following steps can be used in this scenario -

Using an admin account in IIQ , create an API client using Global Settings → API Authentication. E.g. -

Create a PowerShell script to initiate launching IIQ WF using IIQ APIs. Refer Below -

#replace your clientID and secret
$clientID = 'xxxxxxxxxxxxxxxxxxx'
$secret = 'xxxxxxxxxxxxxxxxxx'
$credential = "Basic " + [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes($clientID + ":" + $secret))



$splat = @{
Method = 'POST'
#replace hostname and port
uri = 'https://<iiq hostname or VIP>:<port>/identityiq/oauth2/token'
ContentType = 'application/x-www-form-urlencoded'
Body = 'grant_type=client_credentials'
Headers = @{Authorization = $credential}
UseBasicParsing = $true
}



$result = Invoke-WebRequest @splat
$resultJSON = ConvertFrom-Json $result.Content
$tokenBearer = $resultJSON.token_type
$token = $resultJSON.access_token
$headers = @{ Authorization = "Bearer $token"}



$jsonBase1 = @{}
$list = New-Object System.Collections.ArrayList
$list = "urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow","urn:ietf:params:scim:schemas:sailpoint:1.0:TaskResult"
$jsonBase1.Add("schemas", $list)


#Inputs to be passed. Replace the inputs with the inputs your WF expects
$requestNo = @{"key"="requestNo";"value"="123456"}
$requestDescription = @{"key"="requestDescription";"value"="Test Demo"}
$sunsetTime = @{"key"="sunsetTime";"value"="24"}
$workstation = @{"key"="workstation";"value"="XYZ123"}
$sAMAccountName = @{"key"="sAMAccountName";"value"="pathaka"}



$list2 = New-Object System.Collections.ArrayList
$list2 = $requestNo, $requestDescription, $sunsetTime, $workstation, $sAMAccountName
#replace the WorkflowName with the name of your workflow
$launchWorkflow = @{"workflowName"="test_Aditya";"input"=$list2}



$jsonBase1.Add("urn:ietf:params:scim:schemas:sailpoint:1.0:LaunchedWorkflow", $launchWorkflow)
$jsonPayLoad = $jsonBase1 | ConvertTo-Json -Depth 10



$result2 = ''
#replace hostname and port
$uri2 = "https://<iiq hostname or VIP>:<port>/identityiq/scim/v2/LaunchedWorkflows"
$result2 = Invoke-RestMethod -Headers $headers -Uri $uri2 -Body $jsonPayLoad -Method Post
$result2.id
$result2.messages
$result2.attributes

If required use schtasks create to create a scheduled task on Windows server to periodically run this powershell script -
schtasks create | Microsoft Learn

Topic		Replies	Views
Scheduled SailPoint IdentityIQ Workflow Execution Using PowerShell Community Blog	2	1536	March 8, 2024
Endpoint API available only for GET Method to test developed Custom Workflows IIQ Discussion and Questions apis , identityiq	3	132	March 22, 2024
IIQ Password Interceptor rest API Call IIQ Discussion and Questions	5	2283	July 19, 2023
Complete WorkItem from API IIQ Discussion and Questions identityiq	4	359	August 14, 2023
Disconnected application onboarding via APi IIQ Discussion and Questions apis , identityiq	8	975	July 5, 2023

Scheduled IIQ Workflows execution with PowerShell

Related Topics