search

OneIdentity / safeguard-ps

One Identity Safeguard PowerShell scripting resources
Apache License 2.0
22 stars 27 forks source link

What is the best way to update only the "ChangePasswordAfterCheckin" parameter in an Access Request Policy #530

Open sgundlach3 opened 2 weeks ago

sgundlach3 commented 2 weeks ago

I'm working with a customer that migrated from TPAM to Safeguard-- and they have about 2000 ARP that need to have the "ChangePasswordAfterCheckin" updated from true to false.

What is the best method to do this programmatically using powershell? Its easy to do in swagger where you get the entire body, and then replace the ChangePasswordAfterCheckin=false, and then use the PUT statement to update.

When I try to use Powershell, I need to include all the scope items else they are removed when I do the invoke Safeguard method.

Thanks for any help you can offer. Is there an cmdlet for Edit-SafeguardAccessPolicy??

JeffHarkavy commented 7 hours ago

@sgundlach3 There's not an Edit- command for the access policy, but you can use Get-SafeguardAccessPolicy to retrieve the policy in question, update the property, then use Invoke-SafeguardMethod to write it back.

$policy = Get-SafeguardAccessPolicy -EntitlementToGet "Name of Entitlement" -PolicyToGet "Name of policy"
$policy.AccessRequestProperties.ChangePasswordAfterCheckin = $false
$Invoke-SafeguardMethod Core Put AccessPolicies/$($policy.id) -Body $policy
sgundlach3 commented 7 hours ago

Thank you!

[signature_547945481]

From: Jeff Harkavy @.> Date: Thursday, October 3, 2024 at 7:00 AM To: OneIdentity/safeguard-ps @.> Cc: Sherry Gundlach @.>, Mention @.> Subject: Re: [OneIdentity/safeguard-ps] What is the best way to update only the "ChangePasswordAfterCheckin" parameter in an Access Request Policy (Issue #530) CAUTION: External Sender. Please do not click on links or open attachments from senders you do not trust.

@sgundlach3https://github.com/sgundlach3 There's not an Edit- command for the access policy, but you can use Get-SafeguardAccessPolicy to retrieve the policy in question, update the property, then use Invoke-SafeguardMethod to write it back.

$policy = Get-SafeguardAccessPolicy -EntitlementToGet "Name of Entitlement" -PolicyToGet "Name of policy"

$policy.AccessRequestProperties.ChangePasswordAfterCheckin = $false

$Invoke-SafeguardMethod Core Put AccessPolicies/$($policy.id) -Body $policy

— Reply to this email directly, view it on GitHubhttps://github.com/OneIdentity/safeguard-ps/issues/530#issuecomment-2391122566, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AZ7E37UPZW3S4ZTFELNGXALZZUPS3AVCNFSM6AAAAABOMYFRB6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGOJRGEZDENJWGY. You are receiving this because you were mentioned.Message ID: @.***>