Pet Project: IDN Admin Console

Hi All

This has been a long time coming!!! This has been my personal goal to drive this and to get help to build something for the community. Thanks for the great internal support this vision is finally coming true for me!!!

I am not a coder and definitely have 0 knowledge on Angular. But just have been looking and improvising on some existing codes after building a framework with someone who had the know-how. Have had a great support team to help build with me. Weekends, nights.. all sweat and blood 🙂 

NOTE: This application is not developed, maintained or supported by SailPoint. It is built and based on a community effort. We are hoping people will contribute and help it grow.

About the tool

The goal of this project was to lessen the pain we saw in the field during deployment and go-live and by clients during daily op. I also wanted to drive the goal of a GUI model for easy and codeless interaction for end users for some basic tasks.

GitHub Repo: https://github.com/piyush-khandelwal-sp/idn-admin-console

SailPoint Developer Community Post: https://developer.sailpoint.com/discuss/t/tool-idn-admin-console/4688

Goal

In an ideal world, wish we had dedicated time and knowledge on how to keep building on this but…

We are looking for (list is not exhaustive)

  • Help from internal and external community if they are interested in spreading the word
  • Help from keen internal and external community to help us build more features and extend existing ones.
  • GitHub and Actions know-how to help management and auto build / deploy / version et al
  • Help us make the Angular framework better and plug holes if any.
  • Help us enhance it (pagination, current build documentation / standardizing and refactoring code et al .. list is endless)
  • Testing, finding, and reporting and hopefully help fixing bugs – we are bound to find lot of issues to being with as its very new and not many people have used it. Please use in sandbox environment first.
  • Looking for contributors for the repo to help us set it up properly

Features

Current Feature list is

  • Find Multiple Accounts in source and download report
  • Sources
    • Bulk Manage Aggregation Schedules (enable / disable / backup and restore accounts & entitlement)
    • Bulk Manage Source Owners
    • Bulk Run Aggregations (unoptimized/file upload)
  • Rules
    • Download Cloud Rules
    • Manage Connector Rules (Add / update / delete / download)
  • Roles
    • Bulk Manage Roles (Enable/disable/mark unmark as requestable/delete)
    • Bulk Manage Source Owners
  • Misc
    • Check and Set Org Time

Screenshots

Technical

It is an Angular app and using Electron to build for various environments. There is some technical how-to in the readme file. Currently hosted on GitHub repo and open source with MIT license.

I really hope this tool helps you in some way and feel free to enhance it and spread the word!!!

Till the next time…

IDN Export / Import API now in beta

Good News everyone (Prof Farnsworth)

We have just released Export / Import API for certain SP configurations in IDN. 

API Details: https://developer.sailpoint.com/apis/beta/#tag/SP-Config

Documentation: https://developer.sailpoint.com/docs/sp_config.html

Current Endpoints

Description REST API End-Point
List Config Objects GET /beta/sp-config/config-objects
Export Objects POST /beta/sp-config/export
Export Status GET /beta/sp-config/export/{id}
Export Results GET /beta/sp-config/export/{id}/download
Import Objects POST /beta/sp-config/import
Import Status GET /beta/sp-config/import/{id}
Import Results GET /beta/sp-config/import/{id}/download

As you will see currently the supported objects are limited (ETS / Rules / Sources / Transforms as I type this) but that list is set to grow as the API solidifies. The documentation is quite good and comprehensive on what you can do and how to. You can also take this to next step and incorporate / build your own CI/CD process to migrate your tenant config from sandbox to production. 

Disclaimer: This is still beta endpoints so please do test out the process and give feedback to SailPoint

How to upload Connector Rules into IDN via API

So I did a post couple of days ago that now we are allowed to upload some rule types via API

Here is a quick guide on how to do so. In this example, I will take a very basic BuildMap rule

Previously we would submit the rule like above to ES team to upload. Now you just need to take the code and upload yourself.

Now the real trick – You need to escape the actual java code else you will not be able to upload it and postman will show errors.

So head down to https://www.freeformatter.com/java-dotnet-escape.html and paste the code part of above. There are other such websites or can be some easier local method in your editor.

You will get some output like

Rest is then easy as per the API links

You should get a 201 Created and see a similar output

That is it. You should be able to see and use this rule now on your source. 

Please remember to follow the IDN Rule Guide on what is allowed and what is not.

And if you want you can reverse the process by getting existing rules via API, unescape it via the URL above and get the neat looking java code.

ProTip – Create Quick Postman Collection for IDN APIs

As you may already know we have a developer portal which is now the central repository for all public APIs for IDN (and other products). We all use Postman as a tool for using these APIs. Currently there isn’t an official Postman collection for SailPoint but you can easily build one from the developer portal via swagger imports. 

Quick guide on how to do so

 

 

 

 

  • Open Postman and click on File -> Import
  • Click on Upload File and select the previously downloaded swagger.json file

  • Click on Import

  • Once imported, you will have a collection of yours ready to go

Advance Tips: To make your life easier for administration, I highly recommend doing the following

Hope this help get you started in the API world with IDN & SailPoint.

Find Multiple Accounts from Sources #IDN101

Currently there is no easy way in our default search UI to find all identities who have more than one accounts from a single source. There are other ways like doing account link search or via accounts CSV etc. 

But there is a way to do find them (not pretty but still helpful) via search aggregation API. I found this somewhat easier if the result is small. If its a large set, you can always parse it to you liking. I am no coder 🙂 

Here is the call

The result will be something like this

Here you can see multiple accounts for a user from Azure AD

Similarly another user having duplicate accounts in Google Suite and Active Directory.

You can’t filter to get particular sources only but at least this will give you all users with more than one account from all sources.

Hope this helps!!! 

%d bloggers like this: