Skip to main content

AWS - IAM (user lifecycle management)

This Integration is part of the AWS-ILM Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Integrate with AWS-ILM Identity Access Management service to execute CRUD (create, read, update, and delete) and group (create, get, update, and delete) operations for employee lifecycle processes. For more information, refer to the Identity Lifecycle Management article.

Configure AWS-ILM on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for AWS-ILM.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    Base URLTrue
    Tenant IDTrue
    Authentication TokenTrue
    Allow creating usersFalse
    Allow updating usersFalse
    Allow enabling usersFalse
    Allow disabling usersFalse
    Automatically create user if not found in update commandFalse
    Incoming MapperTrue
    Outgoing MapperTrue
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

iam-create-user#


Creates a user.

Base Command#

iam-create-user

Input#

Argument NameDescriptionRequired
user-profileUser Profile indicator details.Required
allow-enableWhen set to true, after the command execution, the status of the user in the 3rd-party integration will be active. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-create-user user-profile={"email": "john.doe@example.com", "username": "test", "givenname": "test", "surname": "test", "displayname": "test"}

Context Example#

{
"IAM": {
"UserProfile": {
"displayname": "test",
"email": "john.doe@example.com",
"givenname": "test",
"surname": "test",
"username": "test"
},
"Vendor": {
"action": "create",
"active": false,
"brand": "AWS-ILM",
"details": {
"active": false,
"displayName": "test",
"emails": [
{
"primary": true,
"type": "work",
"value": "john.doe@example.com"
}
],
"id": "123456",
"meta": {
"created": "2021-08-23T12:53:51Z",
"lastModified": "2021-08-23T12:53:51Z",
"resourceType": "User"
},
"name": {
"familyName": "test",
"givenName": "test"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "test"
},
"email": "john.doe@example.com",
"errorCode": null,
"errorMessage": "",
"id": "123456",
"instanceName": "AWS-ILM_instance_1",
"reason": "",
"skipped": false,
"success": true,
"username": "test"
}
}
}

Human Readable Output#

Create User Results (AWS-ILM)#

brandinstanceNamesuccessactiveidusernameemaildetails
AWS-ILMAWS-ILM_instance_1truefalse123456testjohn.doe@example.comid: 123456
meta: {"resourceType": "User", "created": "2021-08-23T12:53:51Z", "lastModified": "2021-08-23T12:53:51Z"}
schemas: urn:ietf:params:scim:schemas:core:2.0:User
userName: test
name: {"familyName": "test", "givenName": "test"}
displayName: test
active: false
emails: {'value': 'john.doe@example.com', 'type': 'work', 'primary': True}

iam-update-user#


Updates an existing user with the data passed in the user-profile argument.

Base Command#

iam-update-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required
allow-enableWhen set to true, after the command execution, the status of the user in the 3rd-party integration will be active. Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-update-user user-profile={"username": "test"}

Context Example#

{
"IAM": {
"UserProfile": {
"username": "test"
},
"Vendor": {
"action": "update",
"active": true,
"brand": "AWS-ILM",
"details": {
"active": true,
"displayName": "test",
"emails": [
{
"primary": true,
"type": "work",
"value": "john.doe@example.com"
}
],
"id": "123456",
"meta": {
"created": "2021-08-23T12:53:51Z",
"lastModified": "2021-08-23T12:53:54Z",
"resourceType": "User"
},
"name": {
"familyName": "test",
"givenName": "test"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "test"
},
"email": null,
"errorCode": null,
"errorMessage": "",
"id": "123456",
"instanceName": "AWS-ILM_instance_1",
"reason": "",
"skipped": false,
"success": true,
"username": "test"
}
}
}

Human Readable Output#

Update User Results (AWS-ILM)#

brandinstanceNamesuccessactiveidusernamedetails
AWS-ILMAWS-ILM_instance_1truetrue123456testid: 123456
meta: {"resourceType": "User", "created": "2021-08-23T12:53:51Z", "lastModified": "2021-08-23T12:53:54Z"}
schemas: urn:ietf:params:scim:schemas:core:2.0:User
userName: test
name: {"familyName": "test", "givenName": "test"}
displayName: test
active: true
emails: {'value': 'john.doe@example.com', 'type': 'work', 'primary': True}

iam-get-user#


Retrieves a single user resource.

Base Command#

iam-get-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-get-user user-profile={"username": "test"}

Context Example#

{
"IAM": {
"UserProfile": {
"Email": "john.doe@example.com",
"Given Name": "test",
"Surname": "test",
"Username": "test"
},
"Vendor": {
"action": "get",
"active": false,
"brand": "AWS-ILM",
"details": {
"active": false,
"displayName": "test",
"emails": [
{
"primary": true,
"type": "work",
"value": "john.doe@example.com"
}
],
"id": "123456",
"meta": {
"created": "2021-08-23T12:53:51Z",
"lastModified": "2021-08-23T12:53:57Z",
"resourceType": "User"
},
"name": {
"familyName": "test",
"givenName": "test"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "test"
},
"email": null,
"errorCode": null,
"errorMessage": "",
"id": "123456",
"instanceName": "AWS-ILM_instance_1",
"reason": "",
"skipped": false,
"success": true,
"username": "test"
}
}
}

Human Readable Output#

Get User Results (AWS-ILM)#

brandinstanceNamesuccessactiveidusernamedetails
AWS-ILMAWS-ILM_instance_1truefalse123456testid: 123456
meta: {"resourceType": "User", "created": "2021-08-23T12:53:51Z", "lastModified": "2021-08-23T12:53:57Z"}
schemas: urn:ietf:params:scim:schemas:core:2.0:User
userName: test
name: {"familyName": "test", "givenName": "test"}
displayName: test
active: false
emails: {'value': 'john.doe@example.com', 'type': 'work', 'primary': True}

iam-disable-user#


Disable an active user.

Base Command#

iam-disable-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanWhen true, indicates that the employee's status is active in the 3rd-party integration.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringProvides the raw data from the 3rd-party integration.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanWhen true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-disable-user user-profile={"username": "test"}

Context Example#

{
"IAM": {
"UserProfile": {
"username": "test"
},
"Vendor": {
"action": "disable",
"active": false,
"brand": "AWS-ILM",
"details": {
"active": false,
"displayName": "test",
"emails": [
{
"primary": true,
"type": "work",
"value": "john.doe@example.com"
}
],
"id": "123456",
"meta": {
"created": "2021-08-23T12:53:51Z",
"lastModified": "2021-08-23T12:53:57Z",
"resourceType": "User"
},
"name": {
"familyName": "test",
"givenName": "test"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "test"
},
"email": null,
"errorCode": null,
"errorMessage": "",
"id": "123456",
"instanceName": "AWS-ILM_instance_1",
"reason": "",
"skipped": false,
"success": true,
"username": "test"
}
}
}

Human Readable Output#

Disable User Results (AWS-ILM)#

brandinstanceNamesuccessactiveidusernamedetails
AWS-ILMAWS-ILM_instance_1truefalse123456testid: 123456
meta: {"resourceType": "User", "created": "2021-08-23T12:53:51Z", "lastModified": "2021-08-23T12:53:57Z"}
schemas: urn:ietf:params:scim:schemas:core:2.0:User
userName: test
name: {"familyName": "test", "givenName": "test"}
displayName: test
active: false
emails: {'value': 'john.doe@example.com', 'type': 'work', 'primary': True}

iam-get-group#


Retrieves a group

Base Command#

iam-get-group

Input#

Argument NameDescriptionRequired
scimSCIM content in JSON format.Required

Context Output#

PathTypeDescription
GetGroup.idStringGroup ID.
GetGroup.displayNameStringDisplay name of the group.
GetGroup.members.displayStringDisplay name of the group member.
GetGroup.members.valueStringID of the group member.
GetGroup.successBooleanSuccess status of the command.
GetGroup.errorCodeNumberError code if there is a failure.
GetGroup.errorMessageUnknownError details if there is a failure.

Command Example#

!iam-get-group scim={"id": "121212"}

Context Example#

{
"GetGroup": {
"active": null,
"brand": "AWS-ILM",
"details": {
"displayName": "The best group",
"id": "121212",
"members": [],
"meta": {
"created": "2021-08-23T12:41:43Z",
"lastModified": "2021-08-23T12:41:43Z",
"resourceType": "Group"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
},
"displayName": "The best group",
"email": null,
"errorCode": null,
"errorMessage": null,
"id": "121212",
"instanceName": "AWS-ILM_instance_1",
"members": null,
"success": true,
"username": null
}
}

Human Readable Output#

AWS Get Group:#

branddetailsdisplayNameidinstanceNamesuccess
AWS-ILMid: 121212
meta: {"resourceType": "Group", "created": "2021-08-23T12:41:43Z", "lastModified": "2021-08-23T12:41:43Z"}
schemas: urn:ietf:params:scim:schemas:core:2.0:Group
displayName: The best group
members:
The best group121212AWS-ILM_instance_1true

iam-create-group#


Creates an empty group

Base Command#

iam-create-group

Input#

Argument NameDescriptionRequired
scimGroup SCIM data with the display name.Required

Context Output#

PathTypeDescription
CreateGroup.idStringGroup ID.
CreateGroup.displayNameStringDisplay name of the group.
CreateGroup.successBooleanSuccess status of the command.
CreateGroup.errorCodeNumberError code if there is a failure.
CreateGroup.errorMessageUnknownError details if there is a failure.

Command Example#

!iam-create-group scim={"displayName": "The group"}

Context Example#

{
"CreateGroup": {
"active": null,
"brand": "AWS-ILM",
"details": {
"displayName": "The group",
"id": "111111",
"members": [],
"meta": {
"created": "2021-08-23T12:54:02Z",
"lastModified": "2021-08-23T12:54:02Z",
"resourceType": "Group"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:Group"
]
},
"displayName": "The group",
"email": null,
"errorCode": null,
"errorMessage": null,
"id": "111111",
"instanceName": "AWS-ILM_instance_1",
"members": null,
"success": true,
"username": null
}
}

Human Readable Output#

AWS Create Group:#

branddetailsdisplayNameidinstanceNamesuccess
AWS-ILMid: 111111
meta: {"resourceType": "Group", "created": "2021-08-23T12:54:02Z", "lastModified": "2021-08-23T12:54:02Z"}
schemas: urn:ietf:params:scim:schemas:core:2.0:Group
displayName: The group
members:
The group111111AWS-ILM_instance_1true

iam-update-group#


Updates an existing group resource. This command allows individual (or groups of) users to be added or removed from the group with a single operation. A maximum of 100 users can be modified in a single call.

Base Command#

iam-update-group

Input#

Argument NameDescriptionRequired
scimGroup SCIM data.Required
memberIdsToAddList of members IDs to add. A maximum of 100 users per call can be modified using this command. Possible values are: Comma-separated optional values.Optional
memberIdsToDeleteList of members IDs to be deleted from the group. A maximum of 100 users per call can be modified using this command. Possible values are: Comma-separated optional values.Optional

Context Output#

PathTypeDescription
UpdateGroup.idStringGroup ID.
UpdateGroup.displayNameStringDisplay name of the group.
UpdateGroup.successBooleanSuccess status of the commands.
UpdateGroup.errorCodeNumberError code if there is a failure.
UpdateGroup.errorMessageUnknownError details if there is a failure.

Command Example#

!iam-update-group scim={"id": "121212"} memberIdsToAdd=["123456"]

Context Example#

{
"UpdateGroup": {
"active": null,
"brand": "AWS-ILM",
"details": "{'Date': 'Mon, 23 Aug 2021 12:54:08 GMT', 'Content-Type': 'application/json', 'Connection': 'keep-alive', 'x-amzn-RequestId': '123456'}",
"displayName": null,
"email": null,
"errorCode": null,
"errorMessage": null,
"id": "121212",
"instanceName": "AWS-ILM_instance_1",
"members": null,
"success": true,
"username": null
}
}

Human Readable Output#

AWS Update Group:#

branddetailsidinstanceNamesuccess
AWS-ILM{'Date': 'Mon, 23 Aug 2021 12:54:08 GMT', 'Content-Type': 'application/json', 'Connection': 'keep-alive', 'x-amzn-RequestId': '123456'}121212AWS-ILM_instance_1true

iam-delete-group#


Permanently removes a group.

Base Command#

iam-delete-group

Input#

Argument NameDescriptionRequired
scimGroup SCIM with ID.Required

Context Output#

PathTypeDescription
DeleteGroup.idStringGroup ID.
DeleteGroup.displayNameStringDisplay name of the group.
DeleteGroup.successBooleanSuccess status of the commands
DeleteGroup.errorCodeNumberError code if there is a failure.
DeleteGroup.errorMessageUnknownError details if there is failure.

Command Example#

!iam-delete-group scim={"id": "121212"}

Context Example#

{
"DeleteGroup": {
"active": null,
"brand": "AWS-ILM",
"details": "{'Date': 'Mon, 23 Aug 2021 12:54:11 GMT', 'Content-Type': 'application/json', 'Connection': 'keep-alive', 'x-amzn-RequestId': '123456'}",
"displayName": null,
"email": null,
"errorCode": null,
"errorMessage": null,
"id": "121212",
"instanceName": "AWS-ILM_instance_1",
"members": null,
"success": true,
"username": null
}
}

Human Readable Output#

AWS Delete Group:#

branddetailsidinstanceNamesuccess
AWS-ILM{'Date': 'Mon, 23 Aug 2021 12:54:11 GMT', 'Content-Type': 'application/json', 'Connection': 'keep-alive', 'x-amzn-RequestId': '123456'}121212AWS-ILM_instance_1true