Script to pull Governance groups and get their members and access profiles into a csv for a particular

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hi All,

can anyone help me with the script for getting all governance group for particular source with their member and associated access profile.

Thanks in advance.
Swati

2

@Swati, you can first get the Access Profiles for a source using this API:
:link: List Access Profiles for Source App (Beta)

GET /beta/access-profiles?source.id=<source-id>

Then, for each Access Profile, check the owner field. If type = GOVERNANCE_GROUP, that means it’s owned by a Governance Group. and for each Access Profile, get the members of that group, use this API:

GET /v3/governance-groups/{group-id}/members

Example Python script : (using pandas library for CSV genration)

import requests
import pandas as pd

# == Configs based on your source ===

TENANT = "......"  
SOURCE_ID = "....."
TOKEN = "...."


headers = {
    "Authorization": f"Bearer {TOKEN}",
    "Content-Type": "application/json"
}

# == Get the Access Profiles ==

url_profiles = f"https://{TENANT}.api.identitynow.com/beta/access-profiles?source.id={SOURCE_ID}"
response = requests.get(url_profiles, headers=headers)

if response.status_code != 200:
    print("Failed to fetch access profiles:", response.text)
    exit()

profiles = response.json().get("items", [])
results = []

# == Then get group members  for each Access Profiles ==

for profile in profiles:
    profile_name = profile.get("name", "Unnamed Profile")
    owner = profile.get("owner")

    if owner and owner.get("type") == "GOVERNANCE_GROUP":
        group_id = owner.get("id")
        group_name = owner.get("name")
      
        members_url = f"https://{TENANT}.api.identitynow.com/v3/governance-groups/{group_id}/members"
        members_response = requests.get(members_url, headers=headers)

        if members_response.status_code == 200:
            members = members_response.json().get("items", [])
            for m in members:
                results.append({
                    "Access Profile": profile_name,
                    "Governance Group": group_name,
                    "Member Name": m.get("name", "Unknown"),
                    "Member ID": m.get("id", "")
                })
        else:
            results.append({
                "Access Profile": profile_name,
                "Governance Group": group_name,
                "Member Name": "Error fetching members",
                "Member ID": ""
            })
    else:
        results.append({
            "Access Profile": profile_name,
            "Governance Group": "None",
            "Member Name": "",
            "Member ID": ""
        })

# ==  Finally export results to CSV ==

df = pd.DataFrame(results)
df.to_csv("access_profiles_with_members.csv", index=False)
print("✅ Exported to access_profiles_with_members.csv")

Best of luck!

4

Oh ok, try the following flow then?

  1. Get Governance Groups (API: GET /beta/workgroups)
  2. Get members of each group (API: GET /v3/governance-groups/{group-id}/members)
  3. Find Access Profiles owned by members (API: GET /beta/access-profiles → Filter where owner.id = member id)

Hope that works!

5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.