Skip to main content

GitHub IAM

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

Note: This integration should be used as part of our IAM premium pack. For further details, visit our IAM pack documentation. GitHub Integration consists of a set of API endpoints that enable you to automate provisioning of GitHub organization membership. This integration was integrated and tested with version v2 of GitHub IT Admin. For more information, please refer to the Identity Lifecycle Management article.

Configure GitHub IT Admin on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for GitHub IT Admin.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
urlGitHub URL https://<domain>.github.com/True
tokenTokenTrue
insecureTrust any certificate (not secure)False
create-user-enabledAllow creating usersFalse
update-user-enabledAllow updating usersFalse
disable-user-enabledAllow disabling usersFalse
mapper-inIncoming MapperTrue
mapper-outOutgoing MapperTrue
  • To allow the integration to access the mapper from within the code, as required by the ILM pack, both mappers have to be configured in their proper respective fields and not in the "Mapper (outgoing)" dropdown list selector.
  1. Click Test to check that you are able to connect to the integration.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

iam-create-user#


Creates a user.

Base Command#

iam-create-user

Input#

Argument NameDescriptionRequired
user-profileUser Profile indicator details.Required

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanIf true, the employee's status is active, otherwise false.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanIf true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-create-user user-profile={\"email\":\"testdemisto2@paloaltonetworks.com\", \"lastname\":\"Test\",\"firstname\":\"Demisto\"}

Human Readable Output#

Create User Results (GitHub IT Admin)#

brandinstanceNamesuccessactiveidusernameemaildetails
GitHub IT AdminGitHub IT Admin_instance_1truetrue00uujxnbh3uJw4tWA0h7testdemisto2@paloaltonetworks.comtestdemisto2@paloaltonetworks.comid: 00uujxnbh3uJw4tWA0h7
status: PROVISIONED
created: 2020-10-18T17:54:30.000Z
activated: 2020-10-18T17:54:30.000Z
statusChanged: 2020-10-18T17:54:30.000Z
lastLogin: null
lastUpdated: 2020-10-18T17:54:30.000Z
passwordChanged: null
type: {"id": "oty8zfz6plq7b0r830h7"}
profile: {"firstName": "Demisto", "lastName": "Test", "mobilePhone": null, "secondEmail": null, "login": "testdemisto2@paloaltonetworks.com", "email": "testdemisto44@paloaltonetworks.com"}
credentials: {"provider": {"type": "OKTA", "name": "OKTA"}}
_links: {"suspend": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/suspend", "method": "POST"}, "schema": {"href": "https://panw-test.oktapreview.com/api/v1/meta/schemas/user/osc8zfz6plq7b0r830h7"}, "resetPassword": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/reset_password", "method": "POST"}, "reactivate": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/reactivate", "method": "POST"}, "self": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7"}, "type": {"href": "https://panw-test.oktapreview.com/api/v1/meta/types/user/oty8zfz6plq7b0r830h7"}, "deactivate": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/deactivate", "method": "POST"}}

iam-update-user#


Updates an existing user with the data passed in the user-profile argument.

Base Command#

iam-update-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required
create-if-not-existsWhen true, the user will be created when the passed User Profile doesn't exist in Active Directory. Default is 'true'.Optional

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanIf true, indicates that the employee's status is active.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanIf true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-update-user user-profile={\"email\":\"testdemisto2@paloaltonetworks.com\", \"firstname\":\"Demisto-Test\"}

Human Readable Output#

Update User Results (GitHub IT Admin)#

brandinstanceNamesuccessactiveidusernameemaildetails
GitHub IT AdminGitHub IT Admin_instance_1truetrue00uujxnbh3uJw4tWA0h7testdemisto2@paloaltonetworks.comtestdemisto2@paloaltonetworks.comid: 00uujxnbh3uJw4tWA0h7
status: PROVISIONED
created: 2020-10-18T17:54:30.000Z
activated: 2020-10-18T17:54:30.000Z
statusChanged: 2020-10-18T17:54:30.000Z
lastLogin: null
lastUpdated: 2020-10-18T17:56:53.000Z
passwordChanged: null
type: {"id": "oty8zfz6plq7b0r830h7"}
profile: {"firstName": "Demisto-Test", "lastName": "Test", "mobilePhone": null, "secondEmail": null, "login": "testdemisto2@paloaltonetworks.com", "email": "testdemisto2@paloaltonetworks.com"}
credentials: {"provider": {"type": "OKTA", "name": "OKTA"}}
_links: {"suspend": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/suspend", "method": "POST"}, "schema": {"href": "https://panw-test.oktapreview.com/api/v1/meta/schemas/user/osc8zfz6plq7b0r830h7"}, "resetPassword": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/reset_password", "method": "POST"}, "reactivate": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/reactivate", "method": "POST"}, "self": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7"}, "type": {"href": "https://panw-test.oktapreview.com/api/v1/meta/types/user/oty8zfz6plq7b0r830h7"}, "deactivate": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/deactivate", "method": "POST"}}

iam-get-user#


Retrieves a single user resource.

Base Command#

iam-get-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanIf true, indicates that the employee's status is active.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanIf true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-get-user user-profile={\"email\":\"testdemisto2@paloaltonetworks.com\"}

Human Readable Output#

Get User Results (GitHub IT Admin)#

brandinstanceNamesuccessactiveidusernameemaildetails
GitHub IT AdminGitHub IT Admin_instance_1truetrue00uujxnbh3uJw4tWA0h7testdemisto2@paloaltonetworks.comtestdemisto2@paloaltonetworks.comid: 00uujxnbh3uJw4tWA0h7
status: PROVISIONED
created: 2020-10-18T17:54:30.000Z
activated: 2020-10-18T17:54:30.000Z
statusChanged: 2020-10-18T17:54:30.000Z
lastLogin: null
lastUpdated: 2020-10-18T17:56:53.000Z
passwordChanged: null
type: {"id": "oty8zfz6plq7b0r830h7"}
profile: {"firstName": "Demisto-Test", "lastName": "Test", "mobilePhone": null, "secondEmail": null, "login": "testdemisto2@paloaltonetworks.com", "email": "testdemisto2@paloaltonetworks.com"}
credentials: {"provider": {"type": "OKTA", "name": "OKTA"}}
_links: {"suspend": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/suspend", "method": "POST"}, "schema": {"href": "https://panw-test.oktapreview.com/api/v1/meta/schemas/user/osc8zfz6plq7b0r830h7"}, "resetPassword": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/reset_password", "method": "POST"}, "reactivate": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/reactivate", "method": "POST"}, "self": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7"}, "type": {"href": "https://panw-test.oktapreview.com/api/v1/meta/types/user/oty8zfz6plq7b0r830h7"}, "deactivate": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7/lifecycle/deactivate", "method": "POST"}}

iam-disable-user#


Deletes an active user.

Base Command#

iam-disable-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanIf true, indicates that the employee's status is active.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanIf true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-disable-user user-profile={\"email\":\"testdemisto2@paloaltonetworks.com\"}

Human Readable Output#

Disable User Results (GitHub IT Admin)#

brandinstanceNamesuccessactiveidusernameemaildetails
GitHub IT AdminGitHub IT Admin_instance_1truefalse00uujxnbh3uJw4tWA0h7testdemisto2@paloaltonetworks.comtestdemisto2@paloaltonetworks.comid: 00uujxnbh3uJw4tWA0h7
status: PROVISIONED
created: 2020-10-18T17:54:30.000Z
activated: 2020-10-18T17:54:30.000Z
statusChanged: 2020-10-18T17:54:30.000Z
lastLogin: null
lastUpdated: 2020-10-18T17:56:53.000Z
passwordChanged: null
type: {"id": "oty8zfz6plq7b0r830h7"}
profile: {"firstName": "Demisto-Test", "lastName": "Test", "mobilePhone": null, "secondEmail": null, "login": "testdemisto2@paloaltonetworks.com", "email": "testdemisto2@paloaltonetworks.com"}
credentials: {"provider": {"type": "OKTA", "name": "OKTA"}}
_links: {"self": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7"}}

iam-enable-user#


Create a deprovisioned user.

Base Command#

iam-enable-user

Input#

Argument NameDescriptionRequired
user-profileA User Profile indicator.Required
create-if-not-existsWhen true, the user will be created when the passed User Profile doesn't exist in AD. Default is 'true'.Optional

Context Output#

PathTypeDescription
IAM.Vendor.activeBooleanIf true, indicates that the employee's status is active.
IAM.Vendor.brandStringName of the integration.
IAM.Vendor.detailsstringIndicates if the API was successful or provides error information.
IAM.Vendor.emailStringThe employee's email address.
IAM.Vendor.errorCodeNumberHTTP error response code.
IAM.Vendor.errorMessageStringReason why the API failed.
IAM.Vendor.idStringThe employee's user ID in the app.
IAM.Vendor.instanceNamestringName of the integration instance.
IAM.Vendor.successBooleanIf true, indicates that the command was executed successfully.
IAM.Vendor.usernameStringThe employee's username in the app.

Command Example#

!iam-enable-user user-profile={\"email\":\"testdemisto2@paloaltonetworks.com\"}

Human Readable Output#

Enable User Results (GitHub IT Admin)#

brandinstanceNamesuccessactiveidusernameemaildetails
GitHub IT AdminGitHub IT Admin_instance_1truetrue00uujxnbh3uJw4tWA0h7testdemisto2@paloaltonetworks.comtestdemisto2@paloaltonetworks.comid: 00uujxnbh3uJw4tWA0h7
status: DEPROVISIONED
created: 2020-10-18T17:54:30.000Z
activated: 2020-10-18T17:54:30.000Z
statusChanged: 2020-10-18T17:54:30.000Z
lastLogin: null
lastUpdated: 2020-10-18T17:56:53.000Z
passwordChanged: null
type: {"id": "oty8zfz6plq7b0r830h7"}
profile: {"firstName": "Demisto-Test", "lastName": "Test", "mobilePhone": null, "secondEmail": null, "login": "testdemisto2@paloaltonetworks.com", "email": "testdemisto2@paloaltonetworks.com"}
credentials: {"provider": {"type": "OKTA", "name": "OKTA"}}
_links: {"self": {"href": "https://panw-test.oktapreview.com/api/v1/users/00uujxnbh3uJw4tWA0h7"}}