A PowerShell module to interact with the IdentityNow REST API.
A bit more...
I’m excited to share my first publicly released PowerShell module!I decided to create this because the official SailPoint PowerShell module didn’t quite meet my needs when it came to error handling and ease of use.
My goal was to keep things as simple and modular as possible.
If you run into any bugs or have feedback, please let me know by raising an issue—I’d love to hear from you!
- Handles retrying failed request
- Supports pagination
- Automatically generates filter string
Currently supports the following Objects:
- access-profiles
- entitlements
- public-identities
- roles
- requestable-objects
- segments
Install-Module -Name PSIdentityNow -AllowPrereleaseTo use the SDK with your IdentityNow tenant, you must configure authentication by providing the required environment variables or using Azure Key Vault (or another vault) with the Microsoft.PowerShell.SecretManagement module.
-
Set Environment Variables
Set the following environment variables to authenticate to your IdentityNow tenant:
$env:IDNW_BASE_URL=https://[tenant].api.identitynow.com $env:IDNW_CLIENT_ID=[clientID] $env:IDNW_CLIENT_SECRET=[clientSecret]
Replace
[tenant],[clientID], and[clientSecret]with your specific values.Alternatively, you can use instance specific environment variables. If these variables are set, you have to specify the
-Instanceparameter when runningConnect-IDNW:$env:IDNW_ACC_BASE_URL=https://[tenant]-sb.api.identitynow.com $env:IDNW_ACC_CLIENT_ID=[clientID] $env:IDNW_ACC_CLIENT_SECRET=[clientSecret] $env:IDNW_PRD_BASE_URL=https://[tenant].api.identitynow.com $env:IDNW_PRD_CLIENT_ID=[clientID] $env:IDNW_PRD_CLIENT_SECRET=[clientSecret]
-
Connect to IdentityNow
Use the
Connect-IDNWcommand to authenticate using secrets from the registered Key Vault. Specify the-Instanceparameter (e.g.,ACCorPRD) as needed:# Using generic environment variables Connect-IDNW # Using instance specific environment variables (ACC) Connect-IDNW -Instance ACC # Using instance specific environment variables (PRD) Connect-IDNW -Instance PRD
You can securely store and manage the required credentials in Azure Key Vault and use the Microsoft.PowerShell.SecretManagement module to access them.
-
Add Secrets to Key Vault
Ensure the required secrets are stored in your Azure Key Vault. The secrets should correspond to the following environment variable names:
IDNW-BASE-URL IDNW-CLIENT-ID IDNW-CLIENT-SECRET
Alternatively, you can use instance specific environment variables. If these variables are set, you have to specify the
-Instanceparameter when runningConnect-IDNW:IDNW-ACC-BASE-URL IDNW-ACC-CLIENT-ID IDNW-ACC-CLIENT-SECRET IDNW-PRD-BASE-URL IDNW-PRD-CLIENT-ID IDNW-PRD-CLIENT-SECRET
-
Register your Key Vault
Use the following command to register your Azure Key Vault:
$kvparams = @{ AZKVaultName = "KEYVAULT-NAME" SubscriptionId = "subscription-id" } Register-SecretVault -Name 'KEYVAULT-NAME' -ModuleName Az.KeyVault -VaultParameters $kvparams
Replace
KEYVAULT-NAMEwith your Key Vault name andsubscription-idwith your Azure subscription ID. -
Connect to IdentityNow using SecretManagement
Use the
Connect-IDNWcommand with the-UseSecretManagementparameter to authenticate using secrets from the registered Key Vault. Specify the-Instanceparameter (e.g.,ACCorPRD) as needed:# Using generic secrets Connect-IDNW -UseSecretManagement # Using instance specific secrets (ACC) Connect-IDNW -Instance ACC -UseSecretManagement # Using instance specific secrets (PRD) Connect-IDNW -Instance PRD -UseSecretManagement
This retrieves the required secrets from your registered Key Vault and authenticates the SDK.
- Make sure the Azure Key Vault and the
Microsoft.PowerShell.SecretManagementmodule are properly configured and accessible from your environment. - For more information, consult the the SecretManagement module documentation.
Connects to IdentityNow.
Disconnects from IdentityNow.
Get the specified objects from IdentityNow.
Create a new object in IdentityNow.
Delete an object in IdentityNow.
Update an object in IdentityNow.