Skip to main content

SailPoint IdentityNow

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

SailPoint IdentityNow This integration was integrated and tested with SailPoint IdentityNow.

Configure SailPointIdentityNow on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for SailPointIdentityNow.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
identitynow_urlIdentityNow Server URL (e.g. https://org.api.identitynow.com\)True
client_idClient Id (for OAuth 2.0)True
client_secretClient Secret (for OAuth 2.0)True
isFetchFetch incidentsFalse
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
incidentTypeIncident typeFalse
max_fetchMaximum number of incidents per fetchFalse
first_fetchFirst fetch timeFalse
  1. Click Test to validate the URLs, token, and connection.

Important Note#

This integration pack does not fetch incidents from IdentityNow. It rather utilizes "Generic Webhook" to create incidents on event triggers published by IdentityNow. One can achieve this by following the steps below:

  1. Configure Cortex XSOAR Platform - Use the following link to configure Cortex XSOAR platform to initiate receiving of Event Triggers from IdentityNow platform.
  1. Enable & Configure the Event Handler - IdentityNow Event Trigger can forward the events occurring within the platform to any external services/platform that have subscribed to the list of triggers available in IdentityNow. Request the IdentityNow team to enable/provide you with the 'identitynow-events-pan-xsoar' event handler designed for Cortex XSOAR. This is a standalone .nodejs microservice that assists with event trigger transform and relaying to Cortex XSOAR. Following is a list of environment variables (added to the app.config.js) needed to configure this microservice:
Environment VariableDescription
XSOAR_WEBHOOK_URLThis is the webhook URL that will be available once you configure the "Generic Webhook" in step 1.
XSOAR_USERNAMEUsername to connect to the "Generic Webhook".
XSOAR_PASSWORDPassword to connect to the "Generic Webhook".
  1. Configure IdentityNow Platform - Use the following link to configure IdentityNow platform to subscribe to event triggers.

Once you have configured all the above steps, whenever an event trigger will occur in IdentityNow, it will notify Cortex XSOAR (as Incidents) using the above setup.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

identitynow-search-identities#


Search for identity(identities) using elastic search query used by IdentityNow Search Engine.

Base Command#

identitynow-search-identities

Input#

Argument NameDescriptionRequired
queryElastic search query for retrieving identities.Required
offsetOffset into the full result set. Usually specified with limit to paginate through the results.Optional
limitMax number of results to return. Maximum of 250.Optional

Context Output#

PathTypeDescription
SailPointIdentityNow.Identity.idStringThe IdentityNow internal Id (uuid).
SailPointIdentityNow.Identity.nameStringName of the identity.
SailPointIdentityNow.Identity.displayNameStringThe display name of the identity.
SailPointIdentityNow.Identity.firstNameStringThe first name of the identity.
SailPointIdentityNow.Identity.lastNameStringThe last name of the identity.
SailPointIdentityNow.Identity.emailStringEmail address of the Identity.
SailPointIdentityNow.Identity.createdDateTimestamp when the identity was created.
SailPointIdentityNow.Identity.modifiedDateTimestamp when the identity was last modified.
SailPointIdentityNow.Identity.inactiveBooleanIndicates whether the identity is active.
SailPointIdentityNow.Identity.protectedBooleanIndicates whether this identity is protected.
SailPointIdentityNow.Identity.statusStringStatus of this Identity.
SailPointIdentityNow.Identity.isManagerBooleanIndicates whether this identity is a manager.
SailPointIdentityNow.Identity.identityProfileStringIdentity profile that maps this identity.
SailPointIdentityNow.Identity.sourceStringSource that maps this identity.
SailPointIdentityNow.Identity.attributesStringMap of variable number of attributes unique to this identity.
SailPointIdentityNow.Identity.accountsStringArray of objects representing the accounts belonging to this identity.
SailPointIdentityNow.Identity.accountCountNumberNumber of accounts belonging to this identity.
SailPointIdentityNow.Identity.appCountNumberNumber of applications belonging to this identity.
SailPointIdentityNow.Identity.accessCountNumberNumber of access objects belonging to this identity.
SailPointIdentityNow.Identity.entitlementCountNumberNumber of entitlements assigned to this identity.
SailPointIdentityNow.Identity.roleCountNumberNumber of roles assigned to this identity.
SailPointIdentityNow.Identity.accessProfileCountNumberNumber of access profiles assigned to this identity.
SailPointIdentityNow.Identity.podStringPod on which the organization that this identity belongs to resides on.
SailPointIdentityNow.Identity.orgStringThe organization that this identity belongs to.
SailPointIdentityNow.Identity.typeStringType of object, will be "identity".

Command Example#

!identitynow-search-identities query=id:2c918084740346d5017408d79229489e

Human Readable Output#

Results:#

Total: 1

Identity(Identities)#

idnamedisplayNamefirstNamelastNameemailcreatedmodifiedinactiveprotectedstatusisManageridentityProfilesourceattributesaccountsaccountCountappCountaccessCountentitlementCountroleCountaccessProfileCountpodorgtype
2c918084740346d5017408d79229489etesty.testerson@sailpoint.comtesty.testerson@sailpoint.comtesty.testerson@sailpoint.comtesty.testerson@sailpoint.comtesty.testerson@sailpoint.com2020-08-19T22:29:39.498Z2021-02-04T02:03:11.294ZfalsefalseUNREGISTEREDfalseid: 2c9180887372d217017408d3c85d0b20
name: ZIA Users
id: 2c91808a737cf404017408d28c1e77a2
name: ZIA
uid: 7a736361-6c65-7200-7363-696d005d7d1a
firstname: testy.testerson@sailpoint.com
cloudAuthoritativeSource: 2c91808a737cf404017408d28c1e77a2
cloudStatus: UNREGISTERED
iplanet-am-user-alias-list:
displayName: testy.testerson@sailpoint.com
internalCloudStatus: UNREGISTERED
identificationNumber: 7a736361-6c65-7200-7363-696d005d7d1a
email: testy.testerson@sailpoint.com
lastname: testy.testerson@sailpoint.com
{'id': '2c918084740346d5017408d7922a489f', 'name': 'testy.testerson@sailpoint.com', 'accountId': '7a736361-6c65-7200-7363-696d005d7d1a', 'source': {'id': '2c91808a737cf404017408d28c1e77a2', 'name': 'ZIA', 'type': 'SCIM 2.0'}, 'disabled': False, 'locked': False, 'privileged': False, 'manuallyCorrelated': False, 'entitlementAttributes': {}, 'created': '2020-08-19T22:29:39.498Z'},
{'id': '2c918084740346d601740c98765a306e', 'name': 'testy.testerson@sailpoint.com', 'accountId': 'testy.testerson@sailpoint.com', 'source': {'id': '2c91808563f9f8b40163fa9734d3029f', 'name': 'IdentityNow', 'type': 'IdentityNowConnector'}, 'disabled': False, 'locked': False, 'privileged': False, 'manuallyCorrelated': False, 'entitlementAttributes': {}, 'created': '2020-08-20T15:59:12.475Z'}
200000stg-uswestsailpoint-idnidentity

identitynow-get-accounts#


Get accounts by search/filter parameters (id, name, native_identity).

Base Command#

identitynow-get-accounts

Input#

Argument NameDescriptionRequired
idAccount Id of the user/identity.Optional
nameName of the user/identity on the account.Optional
native_identityNative identity for the user account.Optional
offsetOffset into the full result set. Usually specified with limit to paginate through the results.Optional
limitMax number of results to return. Maximum of 250.Optional

Context Output#

PathTypeDescription
SailPointIdentityNow.Account.idStringThe IdentityNow internal id (uuid).
SailPointIdentityNow.Account.nameStringName of the identity on this account.
SailPointIdentityNow.Account.identityIdStringThe IdentityNow internal identity id.
SailPointIdentityNow.Account.nativeIdentityStringThe IdentityNow internal native identity id.
SailPointIdentityNow.Account.sourceIdStringSource id that maps this account.
SailPointIdentityNow.Account.createdDateTimestamp when the account was created.
SailPointIdentityNow.Account.modifiedDateTimestamp when the account was last modified.
SailPointIdentityNow.Account.attributesStringMap of variable number of attributes unique to this account.
SailPointIdentityNow.Account.authoritativeBooleanIndicates whether the account is the true source for this identity.
SailPointIdentityNow.Account.disabledBooleanIndicates whether the account is disabled.
SailPointIdentityNow.Account.lockedBooleanIndicates whether the account is locked.
SailPointIdentityNow.Account.systemAccountBooleanIndicates whether the account is a system account.
SailPointIdentityNow.Account.uncorrelatedBooleanIndicates whether the account is uncorrelated.
SailPointIdentityNow.Account.manuallyCorrelatedBooleanIndicates whether the account was manually correlated.
SailPointIdentityNow.Account.hasEntitlementsBooleanIndicates whether the account has entitlement.

Command Example#

!identitynow-get-accounts id=2c918084740346d30174088afa6d625e

Human Readable Output#

Results:#

Account(s)#

idnameidentityIdnativeIdentitysourceIdcreatedmodifiedattributesauthoritativedisabledlockedsystemAccountuncorrelatedmanuallyCorrelatedhasEntitlements
2c918084740346d30174088afa6d625eTesty.Testerson412632c918084737cf3fe01740875ebac75cd2020-08-19T21:05:59.917Z2020-08-19T21:06:01.269ZexternalId: null
IIQDisabled: true
id: 41263
userName: Testy.Testerson
idNowDescription: f74806c7011b760457c914ef5ea254b8752496a441a92475b910ded9eb5ec487
falsetruefalsefalsetruefalsefalse

identitynow-get-accountactivities#


Get account activities by search/filter parameters (requested_for, requested_by, regarding_identity, type).

Base Command#

identitynow-get-accountactivities

Input#

Argument NameDescriptionRequired
idAccount activity Id.Optional
requested_forThe identity that the activity was requested for (me indicates current user).Optional
requested_byThe identity that requested the activity (me indicates current user).Optional
regarding_identityThe specified identity will be either requester or target of account activity (me indicates current user).Optional
typeType of account activity.Optional
offsetOffset into the full result set. Usually specified with limit to paginate through the results.Optional
limitMax number of results to return. Maximum of 250.Optional

Context Output#

PathTypeDescription
SailPointIdentityNow.AccountActivity.idStringThe IdentityNow internal id (uuid).
SailPointIdentityNow.AccountActivity.nameStringName of the account activity.
SailPointIdentityNow.AccountActivity.createdDateTimestamp when the account activity was created.
SailPointIdentityNow.AccountActivity.modifiedDateTimestamp when the account activity was last modified.
SailPointIdentityNow.AccountActivity.completedDateTimestamp when the account activity was completed.
SailPointIdentityNow.AccountActivity.completionStatusStringCompletion status of the activity.
SailPointIdentityNow.AccountActivity.typeStringType of account activity.
SailPointIdentityNow.AccountActivity.requesterIdentitySummaryStringInformation of the requester identity.
SailPointIdentityNow.AccountActivity.targetIdentitySummaryStringInformation of the target identity.
SailPointIdentityNow.AccountActivity.itemsStringList of items that were requested as part of the account activity.
SailPointIdentityNow.AccountActivity.executionStatusStringExecution status of the account activity.
SailPointIdentityNow.AccountActivity.cancelableBooleanIndicates whether the account activity is cancelable.
SailPointIdentityNow.AccountActivity.cancelCommentStringComments added while canceling the account activity.

Command Example#

!identitynow-get-accountactivities id=c8f2907b336043be8570676b270965a9

Human Readable Output#

Results:#

Account Activity(Account Activities)#

idnamecreatedmodifiedcompletedcompletionStatustyperequesterIdentitySummarytargetIdentitySummaryitemsexecutionStatuscancelablecancelComment
c8f2907b336043be8570676b270965a9c8f2907b336043be8570676b270965a92020-02-20T15:28:47.051Z2020-02-20T15:29:10.735Z2020-02-20T15:29:10.735ZINCOMPLETEappRequestid: 2c91808363f06ad80163fb690fae55b8
name: adam.kennedy
id: 2c91808a6fca28a6016fd7f5ec3f5228
name: jack.brown
{}VERIFYINGfalse

identitynow-search-accessprofiles#


Search for access profile(s) using elastic search query used by IdentityNow Search Engine.

Base Command#

identitynow-search-accessprofiles

Input#

Argument NameDescriptionRequired
queryElastic search query for retrieving identities.Required
offsetOffset into the full result set. Usually specified with limit to paginate through the results.Optional
limitMax number of results to return. Maximum of 250.Optional

Context Output#

PathTypeDescription
SailPointIdentityNow.AccessProfile.idStringThe IdentityNow internal id of the access profile object.
SailPointIdentityNow.AccessProfile.nameStringName of the access profile object.
SailPointIdentityNow.AccessProfile.descriptionStringUser friendly description of the access profile.
SailPointIdentityNow.AccessProfile.sourceStringSource of the access profile.
SailPointIdentityNow.AccessProfile.entitlementsStringEntitlements included in the access profile.
SailPointIdentityNow.AccessProfile.entitlementCountNumberNumber of entitlements included in the access profile.
SailPointIdentityNow.AccessProfile.createdDateDate when the access profile was created.
SailPointIdentityNow.AccessProfile.modifiedDateDate when the access profile was last modified.
SailPointIdentityNow.AccessProfile.syncedDateDate when the access profile was last synced.
SailPointIdentityNow.AccessProfile.enabledBooleanIndicates whether the access profile is active (true/false).
SailPointIdentityNow.AccessProfile.requestableBooleanIndicates whether the access profile is requestable in IdentityNow.
SailPointIdentityNow.AccessProfile.requestCommentsRequiredBooleanIndicates whether any request for this profile must contain comments.
SailPointIdentityNow.AccessProfile.ownerStringOwner of the access profile.
SailPointIdentityNow.AccessProfile.podStringPod that the organization containing the access profile belongs to.
SailPointIdentityNow.AccessProfile.orgStringName of the org on which the access profile exists.
SailPointIdentityNow.AccessProfile.typeStringType of access profile, will be "accessprofile".

Command Example#

!identitynow-search-accessprofiles query=id:2c91808874feffbc01750a4d06560370

Human Readable Output#

Results:#

Total: 1

Access Profile(s)#

idnamedescriptionsourceentitlementsentitlementCountcreatedmodifiedsyncedenabledrequestablerequestCommentsRequiredownerpodorgtype
2c91808874feffbc01750a4d06560370Basic UsersBasic Usersid: 2c9180876ff2de9601700b99e5fb51c6
name: Direct Access Profile
{'hasPermissions': False, 'description': None, 'attribute': 'Roles', 'value': 'Basic Users', 'schema': 'group', 'privileged': False, 'id': '2c91808a6fede9c401700ba9c4d43ef9', 'name': 'Basic Users'}12020-10-08T22:20:21Z2020-11-17T15:12:41Z2021-03-01T06:30:18.772Ztruetruefalseemail: adam.kennedy@sailpoint.com
type: IDENTITY
id: 2c91808363f06ad80163fb690fae55b8
name: adam.kennedy
stg-uswestsailpoint-idnaccessprofile

identitynow-search-roles#


Search for role(s) using elastic search query used by IdentityNow Search Engine.

Base Command#

identitynow-search-roles

Input#

Argument NameDescriptionRequired
queryElastic search query for retrieving roles.Required
offsetOffset into the full result set. Usually specified with limit to paginate through the results.Optional
limitMax number of results to return. Maximum of 250.Optional

Context Output#

PathTypeDescription
SailPointIdentityNow.Role.idStringThe IdentityNow internal id of the role object.
SailPointIdentityNow.Role.nameStringName of the role.
SailPointIdentityNow.Role.descriptionStringDescription of this role.
SailPointIdentityNow.Role.accessProfilesUnknownArray of objects representing the access profiles that belong to this role.
SailPointIdentityNow.Role.accessProfileCountNumberNumber indicated how many access profiles are attached to this role.
SailPointIdentityNow.Role.createdDateTimestamp when this role was created.
SailPointIdentityNow.Role.modifiedDateTimestamp when this role was last modified.
SailPointIdentityNow.Role.syncedDateTimestamp when this role was last synced.
SailPointIdentityNow.Role.enabledBooleanIndicates whether this role is enabled.
SailPointIdentityNow.Role.requestableBooleanIndicates whether this role is requestable.
SailPointIdentityNow.Role.requestCommentsRequiredBooleanIndicates whether comments are required when requesting this role.
SailPointIdentityNow.Role.ownerStringOwner of the role.
SailPointIdentityNow.Role.podStringPod on which the organization responsible for this role belongs.
SailPointIdentityNow.Role.orgStringOrganization on which this role exists.
SailPointIdentityNow.Role.typeStringType of object, will be "role".

Command Example#

!identitynow-search-roles query=id:2c9180846ff9c50201700beb2e9000da

Human Readable Output#

Results:#

Total: 1

Role(s)#

idnamedescriptionaccessProfilesaccessProfileCountcreatedmodifiedsyncedenabledrequestablerequestCommentsRequiredownerpodorgtype
2c9180846ff9c50201700beb2e9000daBasicBasic Users{'id': '2c9180846ff9c50201700becb01e00db', 'name': 'Basic'}12020-02-03T16:38:47Z2020-02-03T16:40:42Z2021-03-01T05:30:09.434Ztruetruefalseemail: adam.kennedy@sailpoint.com
type: IDENTITY
id: 2c91808363f06ad80163fb690fae55b8
name: adam.kennedy
stg-uswestsailpoint-idnrole

identitynow-search-entitlements#


Search for entitlement(s) using elastic search query used by IdentityNow Search Engine.

Base Command#

identitynow-search-entitlements

Input#

Argument NameDescriptionRequired
queryElastic search query for retrieving entitlements.Required
offsetOffset into the full result set. Usually specified with limit to paginate through the results.Optional
limitMax number of results to return. Maximum of 250.Optional

Context Output#

PathTypeDescription
SailPointIdentityNow.Entitlement.idStringThe IdentityNow internal id of the entitlement object.
SailPointIdentityNow.Entitlement.nameStringName of the entitlement object.
SailPointIdentityNow.Entitlement.displayNameStringDisplayname of the entitlement object.
SailPointIdentityNow.Entitlement.descriptionStringDescription of the entitlement.
SailPointIdentityNow.Entitlement.modifiedDateTimestamp when the entitlement was last modified.
SailPointIdentityNow.Entitlement.syncedDateTimestamp when the entitlement was last synced.
SailPointIdentityNow.Entitlement.sourceStringSource from which this entitlement was aggregated.
SailPointIdentityNow.Entitlement.privilegedBooleanIndicates this is a privileged entitlement.
SailPointIdentityNow.Entitlement.identityCountNumberIndicates how many identities have this entitlement.
SailPointIdentityNow.Entitlement.attributeStringName of the attribute type on the source.
SailPointIdentityNow.Entitlement.valueStringValue of the entitlement (its native identifier).
SailPointIdentityNow.Entitlement.schemaStringThe source schema that this entitlement utilizes.
SailPointIdentityNow.Entitlement.podStringPod on which the organization this entitlement belongs to is located.
SailPointIdentityNow.Entitlement.orgStringOrganization on which the source of this entitlement resides.
SailPointIdentityNow.Entitlement.typeStringType of object, will be "entitlement".

Command Example#

!identitynow-search-entitlements query=id:2c9180846ff7e56b01700bb399f60eaa

Human Readable Output#

Results:#

Total: 1

Entitlement(s)#

idnamedisplayNamedescriptionmodifiedsyncedsourceprivilegedidentityCountattributevalueschemapodorgtype
2c9180846ff7e56b01700bb399f60eaaBASIC_DIRECTBASIC_DIRECT2020-10-21T19:58:39Z2021-03-01T04:30:40.632Zid: 2c9180876ff2de9601700b99e5fb51c6
name: Basic Direct
falseRolesBASIC_DIRECTgroupstg-uswestsailpoint-idnentitlement

identitynow-search-events#


Search for event(s) using elastic search query used by IdentityNow Search Engine.

Base Command#

identitynow-search-events

Input#

Argument NameDescriptionRequired
queryElastic search query for retrieving events.Required
offsetOffset into the full result set. Usually specified with limit to paginate through the results.Optional
limitMax number of results to return. Maximum of 250.Optional

Context Output#

PathTypeDescription
SailPointIdentityNow.Event.idStringThe IdentityNow internal id of the event object.
SailPointIdentityNow.Event.nameStringName of the event.
SailPointIdentityNow.Event.stackStringComponent that triggered the event.
SailPointIdentityNow.Event.createdDateTimestamp when the event was created.
SailPointIdentityNow.Event.syncedStringTimestamp when the event was last synced.
SailPointIdentityNow.Event.objectsUnknownArray of object types that were the target of this event.
SailPointIdentityNow.Event.ipAddressStringIP address that triggered this event.
SailPointIdentityNow.Event.technicalNameStringSystem name for the event.
SailPointIdentityNow.Event.targetStringTarget of this event action.
SailPointIdentityNow.Event.actorStringEntity that initiated the action that caused this event.
SailPointIdentityNow.Event.actionStringAction type of the event.
SailPointIdentityNow.Event.attributesStringAttributes of other interesting information about this event, contextual to the type.
SailPointIdentityNow.Event.operationStringOperation performed that triggered event.
SailPointIdentityNow.Event.statusStringStatus of the event.
SailPointIdentityNow.Event.podStringPod on which the organization that the event exists.
SailPointIdentityNow.Event.orgStringOrganization that initiated the event.
SailPointIdentityNow.Event.typeStringType of event.

Command Example#

!identitynow-search-events query=id:2bd61299-d986-4c27-bd37-408b9c9ba118

Human Readable Output#

Results:#

Total: 1

Event(s)#

idnamestackcreatedsyncedobjectsipAddresstechnicalNametargetactoractionattributesoperationstatuspodorgtype
2bd61299-d986-4c27-bd37-408b9c9ba118Delete Task Result Passedsweep2020-02-24T22:07:03.793Z2020-02-24T22:07:03.831ZTASK,
RESULT
TASK_RESULT_DELETE_PASSEDname: unknowntaskResultsPrunedhostName: 24
sourceName: null
DELETEPASSEDstg-uswestsailpoint-idnSYSTEM_CONFIG

identitynow-request-grant#


Grant access request for a single object(access profile or role) for a single user.

Base Command#

identitynow-request-grant

Input#

Argument NameDescriptionRequired
requested_forIdentity Id for whom the access request is being made.Required
requested_itemId of the object(access profile or role).Required
requested_item_typeType of object(ACCESS_PROFILE or ROLE).Required
commentComments to attach to the item request.Optional

Context Output#

There is no context output for this command.

Command Example#

!identitynow-request-grant requested_for=2c9180886ccef167016cdb658fb6547a requested_item=2c918086775e1f5d01776530eb67037b requested_item_type=ACCESS_PROFILE comment=PAN_XSOAR_TEST

Human Readable Output#

Access request was successful!

identitynow-request-revoke#


Revoke access request for a single object(access profile or role) for a single user.

Base Command#

identitynow-request-revoke

Input#

Argument NameDescriptionRequired
requested_forIdentity Id for whom the access request is being made.Required
requested_itemId of the object(access profile or role).Required
requested_item_typeType of object(ACCESS_PROFILE or ROLE).Required
commentComments to attach to the item request.Optional

Context Output#

There is no context output for this command.

Command Example#

!identitynow-request-revoke requested_for=2c9180886ccef167016cdb658fb6547a requested_item=2c918086775e1f5d01776530eb67037b requested_item_type=ACCESS_PROFILE comment=PAN_XSOAR_TEST

Human Readable Output#

Access request was successful!