AWS - IAM (user lifecycle management)
AWS-ILM Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
Integrate with AWS-ILM Identity Access Management service to execute CRUD (create, read, update, and delete) and group (create, get, update, and delete) operations for employee lifecycle processes. For more information, refer to the Identity Lifecycle Management article.
#
Configure AWS-ILM in CortexParameter | Required |
---|---|
Base URL | True |
Tenant ID | True |
Authentication Token | True |
Allow creating users | False |
Allow updating users | False |
Allow enabling users | False |
Allow disabling users | False |
Automatically create user if not found in update command | False |
Incoming Mapper | True |
Outgoing Mapper | True |
Trust any certificate (not secure) | False |
Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
iam-create-userCreates a user.
#
Base Commandiam-create-user
#
InputArgument Name | Description | Required |
---|---|---|
user-profile | User Profile indicator details. | Required |
allow-enable | When set to true, after the command execution, the status of the user in the 3rd-party integration will be active. Possible values are: true, false. Default is true. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
IAM.Vendor.active | Boolean | When true, indicates that the employee's status is active in the 3rd-party integration. |
IAM.Vendor.brand | String | Name of the integration. |
IAM.Vendor.details | string | Provides the raw data from the 3rd-party integration. |
IAM.Vendor.email | String | The employee's email address. |
IAM.Vendor.errorCode | Number | HTTP error response code. |
IAM.Vendor.errorMessage | String | Reason why the API failed. |
IAM.Vendor.id | String | The employee's user ID in the app. |
IAM.Vendor.instanceName | string | Name of the integration instance. |
IAM.Vendor.success | Boolean | When true, indicates that the command was executed successfully. |
IAM.Vendor.username | String | The employee's username in the app. |
#
Command Example!iam-create-user user-profile={"email": "john.doe@example.com", "username": "test", "givenname": "test", "surname": "test", "displayname": "test"}
#
Context Example#
Human Readable Output#
Create User Results (AWS-ILM)
brand instanceName success active id username details AWS-ILM AWS-ILM_instance_1 true false 123456 test john.doe@example.com id: 123456
meta: {"resourceType": "User", "created": "2021-08-23T12:53:51Z", "lastModified": "2021-08-23T12:53:51Z"}
schemas: urn:ietf:params:scim:schemas:core:2.0:User
userName: test
name: {"familyName": "test", "givenName": "test"}
displayName: test
active: false
emails: {'value': 'john.doe@example.com', 'type': 'work', 'primary': True}
#
iam-update-userUpdates an existing user with the data passed in the user-profile argument.
#
Base Commandiam-update-user
#
InputArgument Name | Description | Required |
---|---|---|
user-profile | A User Profile indicator. | Required |
allow-enable | When set to true, after the command execution, the status of the user in the 3rd-party integration will be active. Possible values are: true, false. Default is true. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
IAM.Vendor.active | Boolean | When true, indicates that the employee's status is active in the 3rd-party integration. |
IAM.Vendor.brand | String | Name of the integration. |
IAM.Vendor.details | string | Provides the raw data from the 3rd-party integration. |
IAM.Vendor.email | String | The employee's email address. |
IAM.Vendor.errorCode | Number | HTTP error response code. |
IAM.Vendor.errorMessage | String | Reason why the API failed. |
IAM.Vendor.id | String | The employee's user ID in the app. |
IAM.Vendor.instanceName | string | Name of the integration instance. |
IAM.Vendor.success | Boolean | When true, indicates that the command was executed successfully. |
IAM.Vendor.username | String | The employee's username in the app. |
#
Command Example!iam-update-user user-profile={"username": "test"}
#
Context Example#
Human Readable Output#
Update User Results (AWS-ILM)
brand instanceName success active id username details AWS-ILM AWS-ILM_instance_1 true true 123456 test id: 123456
meta: {"resourceType": "User", "created": "2021-08-23T12:53:51Z", "lastModified": "2021-08-23T12:53:54Z"}
schemas: urn:ietf:params:scim:schemas:core:2.0:User
userName: test
name: {"familyName": "test", "givenName": "test"}
displayName: test
active: true
emails: {'value': 'john.doe@example.com', 'type': 'work', 'primary': True}
#
iam-get-userRetrieves a single user resource.
#
Base Commandiam-get-user
#
InputArgument Name | Description | Required |
---|---|---|
user-profile | A User Profile indicator. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
IAM.Vendor.active | Boolean | When true, indicates that the employee's status is active in the 3rd-party integration. |
IAM.Vendor.brand | String | Name of the integration. |
IAM.Vendor.details | string | Provides the raw data from the 3rd-party integration. |
IAM.Vendor.email | String | The employee's email address. |
IAM.Vendor.errorCode | Number | HTTP error response code. |
IAM.Vendor.errorMessage | String | Reason why the API failed. |
IAM.Vendor.id | String | The employee's user ID in the app. |
IAM.Vendor.instanceName | string | Name of the integration instance. |
IAM.Vendor.success | Boolean | When true, indicates that the command was executed successfully. |
IAM.Vendor.username | String | The employee's username in the app. |
#
Command Example!iam-get-user user-profile={"username": "test"}
#
Context Example#
Human Readable Output#
Get User Results (AWS-ILM)
brand instanceName success active id username details AWS-ILM AWS-ILM_instance_1 true false 123456 test id: 123456
meta: {"resourceType": "User", "created": "2021-08-23T12:53:51Z", "lastModified": "2021-08-23T12:53:57Z"}
schemas: urn:ietf:params:scim:schemas:core:2.0:User
userName: test
name: {"familyName": "test", "givenName": "test"}
displayName: test
active: false
emails: {'value': 'john.doe@example.com', 'type': 'work', 'primary': True}
#
iam-disable-userDisable an active user.
#
Base Commandiam-disable-user
#
InputArgument Name | Description | Required |
---|---|---|
user-profile | A User Profile indicator. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
IAM.Vendor.active | Boolean | When true, indicates that the employee's status is active in the 3rd-party integration. |
IAM.Vendor.brand | String | Name of the integration. |
IAM.Vendor.details | string | Provides the raw data from the 3rd-party integration. |
IAM.Vendor.email | String | The employee's email address. |
IAM.Vendor.errorCode | Number | HTTP error response code. |
IAM.Vendor.errorMessage | String | Reason why the API failed. |
IAM.Vendor.id | String | The employee's user ID in the app. |
IAM.Vendor.instanceName | string | Name of the integration instance. |
IAM.Vendor.success | Boolean | When true, indicates that the command was executed successfully. |
IAM.Vendor.username | String | The employee's username in the app. |
#
Command Example!iam-disable-user user-profile={"username": "test"}
#
Context Example#
Human Readable Output#
Disable User Results (AWS-ILM)
brand instanceName success active id username details AWS-ILM AWS-ILM_instance_1 true false 123456 test id: 123456
meta: {"resourceType": "User", "created": "2021-08-23T12:53:51Z", "lastModified": "2021-08-23T12:53:57Z"}
schemas: urn:ietf:params:scim:schemas:core:2.0:User
userName: test
name: {"familyName": "test", "givenName": "test"}
displayName: test
active: false
emails: {'value': 'john.doe@example.com', 'type': 'work', 'primary': True}
#
iam-get-groupRetrieves a group
#
Base Commandiam-get-group
#
InputArgument Name | Description | Required |
---|---|---|
scim | SCIM content in JSON format. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
GetGroup.id | String | Group ID. |
GetGroup.displayName | String | Display name of the group. |
GetGroup.members.display | String | Display name of the group member. |
GetGroup.members.value | String | ID of the group member. |
GetGroup.success | Boolean | Success status of the command. |
GetGroup.errorCode | Number | Error code if there is a failure. |
GetGroup.errorMessage | Unknown | Error details if there is a failure. |
#
Command Example!iam-get-group scim={"id": "121212"}
#
Context Example#
Human Readable Output#
AWS Get Group:
brand details displayName id instanceName success AWS-ILM id: 121212
meta: {"resourceType": "Group", "created": "2021-08-23T12:41:43Z", "lastModified": "2021-08-23T12:41:43Z"}
schemas: urn:ietf:params:scim:schemas:core:2.0:Group
displayName: The best group
members:The best group 121212 AWS-ILM_instance_1 true
#
iam-create-groupCreates an empty group
#
Base Commandiam-create-group
#
InputArgument Name | Description | Required |
---|---|---|
scim | Group SCIM data with the display name. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
CreateGroup.id | String | Group ID. |
CreateGroup.displayName | String | Display name of the group. |
CreateGroup.success | Boolean | Success status of the command. |
CreateGroup.errorCode | Number | Error code if there is a failure. |
CreateGroup.errorMessage | Unknown | Error details if there is a failure. |
#
Command Example!iam-create-group scim={"displayName": "The group"}
#
Context Example#
Human Readable Output#
AWS Create Group:
brand details displayName id instanceName success AWS-ILM id: 111111
meta: {"resourceType": "Group", "created": "2021-08-23T12:54:02Z", "lastModified": "2021-08-23T12:54:02Z"}
schemas: urn:ietf:params:scim:schemas:core:2.0:Group
displayName: The group
members:The group 111111 AWS-ILM_instance_1 true
#
iam-update-groupUpdates an existing group resource. This command allows individual (or groups of) users to be added or removed from the group with a single operation. A maximum of 100 users can be modified in a single call.
#
Base Commandiam-update-group
#
InputArgument Name | Description | Required |
---|---|---|
scim | Group SCIM data. | Required |
memberIdsToAdd | List of members IDs to add. A maximum of 100 users per call can be modified using this command. Possible values are: Comma-separated optional values. | Optional |
memberIdsToDelete | List of members IDs to be deleted from the group. A maximum of 100 users per call can be modified using this command. Possible values are: Comma-separated optional values. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
UpdateGroup.id | String | Group ID. |
UpdateGroup.displayName | String | Display name of the group. |
UpdateGroup.success | Boolean | Success status of the commands. |
UpdateGroup.errorCode | Number | Error code if there is a failure. |
UpdateGroup.errorMessage | Unknown | Error details if there is a failure. |
#
Command Example!iam-update-group scim={"id": "121212"} memberIdsToAdd=["123456"]
#
Context Example#
Human Readable Output#
AWS Update Group:
brand details id instanceName success AWS-ILM {'Date': 'Mon, 23 Aug 2021 12:54:08 GMT', 'Content-Type': 'application/json', 'Connection': 'keep-alive', 'x-amzn-RequestId': '123456'} 121212 AWS-ILM_instance_1 true
#
iam-delete-groupPermanently removes a group.
#
Base Commandiam-delete-group
#
InputArgument Name | Description | Required |
---|---|---|
scim | Group SCIM with ID. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
DeleteGroup.id | String | Group ID. |
DeleteGroup.displayName | String | Display name of the group. |
DeleteGroup.success | Boolean | Success status of the commands |
DeleteGroup.errorCode | Number | Error code if there is a failure. |
DeleteGroup.errorMessage | Unknown | Error details if there is failure. |
#
Command Example!iam-delete-group scim={"id": "121212"}
#
Context Example#
Human Readable Output#
AWS Delete Group:
brand details id instanceName success AWS-ILM {'Date': 'Mon, 23 Aug 2021 12:54:11 GMT', 'Content-Type': 'application/json', 'Connection': 'keep-alive', 'x-amzn-RequestId': '123456'} 121212 AWS-ILM_instance_1 true