search

darrenjrobinson / powershell_module_identitynow

SailPoint IdentityNow PowerShell Module
https://blog.darrenjrobinson.com/sailpoint-identitynow/
MIT License
47 stars 15 forks source link

Search-IdentityNowUserProfile #67

Open dmcconnell68 opened 1 year ago

dmcconnell68 commented 1 year ago

Hi,

How can I use Search-IdentityNowUserProfile to search for email address?

Thanks, David

darrenjrobinson commented 1 year ago

You're best to use the Invoke-IdentityNowRequest cmdlet and target the latest APIs.

You'll need to create a search query object in the new format which for your search looks like this.

query         : {[query, email:"darren@darrenjrobinson.com"]}
indices       : {identities}
includeNested : False
sort          : {displayName}

Then convert to JSON and use with Invoke-IdentityNowRequest like this against the v3 Search API.

$searchBodyJSON = $searchObj | ConvertTo-Json 
Invoke-IdentityNowRequest -uri "https://YOURTENANT.api.identitynow.com/v3/search" -method Post -headers Headersv3_JSON -body $searchBodyJSON
darrenjrobinson commented 1 year ago

from one of my environments using the above.

image

dmcconnell68 commented 1 year ago

Thanks for the quick reply!

Does this look correct? I'm still getting an error.

2023-10-27_18-49-18

darrenjrobinson commented 1 year ago

The error indicates your JSON isn't valid. How did you generate it? As a custom PSObject and then convert? Does converting your json to a PSObject fail indicating where the syntax error is?

dmcconnell68 commented 1 year ago

Yes, I found an issue with the JSON, corrected that and it works now. I did notice the email address is case-sensitive when searching, is there a way to make it case-insensitive?

Thanks, David

darrenjrobinson commented 1 year ago

Yes, drop the email attribute from the query then it becomes case-insensitive. 

query         : {[query, "darren@darrenjrobinson.com"]}

But then you will need to iterate through the results to find the result associated with an identity on the source you expect.

dmcconnell68 commented 1 year ago

Thanks Darren. I got this working in our sandbox environment. Having some issues with prod though. I have created a Personal Access Token with all scopes, but getting this error when trying to run cmdlets. Am I missing a step somewhere?

image

darrenjrobinson commented 1 year ago

Bad client credentials indicates your PAT clientID and clientSecret are not correct. Try using the Test-IdentityNowCredentials to validate them.