Spaces:

Juggernaut1397
/

Demo

Sleeping

App Files Files Community

Juggernaut1397 commited on Feb 19, 2025

Commit

12bee28

1 Parent(s): 07951b7

Add all project files

Browse files

Files changed (17) hide show

.env +3 -0
.gitignore +10 -0
.gradio/certificate.pem +31 -0
.python-version +1 -0
README.md +0 -12
app.py +469 -0
identityNow.py +141 -0
iiq.py +110 -0
okta.py +109 -0
pyproject.toml +13 -0
session_28e04043-15a7-4e6b-8dd9-eeddbee5428b.zip +3 -0
sessions/28e04043-15a7-4e6b-8dd9-eeddbee5428b/IdentityNow/sod-policies (2025-02-19_10-32-26)/data.jsonl +8 -0
sessions/28e04043-15a7-4e6b-8dd9-eeddbee5428b/IdentityNow/transforms (2025-02-19_10-32-27)/data.jsonl +14 -0
sessions/28e04043-15a7-4e6b-8dd9-eeddbee5428b/IdentityNow/workflow-library (2025-02-19_10-32-32)/data.jsonl +0 -0
sessions/28e04043-15a7-4e6b-8dd9-eeddbee5428b/IdentityNow/workflows (2025-02-19_10-32-29)/data.jsonl +23 -0
utils.py +74 -0
uv.lock +0 -0

.env ADDED Viewed

	@@ -0,0 +1,3 @@

+OKTA_API_SPEC = "https://raw.githubusercontent.com/shivam13297/Data-connector/refs/heads/main/openapi.json"
+IDENTITY_NOW_API_SPEC = "https://raw.githubusercontent.com/sailpoint-oss/api-specs/refs/heads/main/dereferenced/deref-sailpoint-api.v3.yaml"
+IIQ_API_SPEC = "https://raw.githubusercontent.com/sailpoint-oss/api-specs/refs/heads/main/iiq/sailpoint-api.iiq.yaml"

.gitignore ADDED Viewed

	@@ -0,0 +1,10 @@

+# Python-generated files
+__pycache__/
+*.py[oc]
+build/
+dist/
+wheels/
+*.egg-info
+# Virtual environments
+.venv

.gradio/certificate.pem ADDED Viewed

	@@ -0,0 +1,31 @@

+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
+WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
+ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
+MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
+h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
+0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
+A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
+T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
+B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
+B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
+KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
+OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
+jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
+qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
+rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
+hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
+3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
+NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
+ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
+TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
+jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
+oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
+4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
+mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
+emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----

.python-version ADDED Viewed

	@@ -0,0 +1 @@


1	+ 3.13

README.md CHANGED Viewed

@@ -1,12 +0,0 @@
----
-title: DataConnector Demo
-emoji: 👀
-colorFrom: indigo
-colorTo: purple
-sdk: gradio
-sdk_version: 5.16.1
-app_file: app.py
-pinned: false
----
-Check out the configuration reference at https://huggingface.co/docs/hub/spaces-config-reference

app.py ADDED Viewed

	@@ -0,0 +1,469 @@

+import requests
+import yaml
+from identityNow import handle_identitynow_call
+from okta import handle_okta_call
+from iiq import handle_iiq_call
+from utils import extract_path_params, extract_query_params
+import gradio as gr
+import os
+from dotenv import load_dotenv
+from pathlib import Path
+script_dir = Path(__file__).resolve().parent
+env_path = script_dir / '.env'
+load_dotenv(dotenv_path=env_path)
+def fetch_api_endpoints_yaml(spec_url):
+    try:
+        response = requests.get(spec_url)
+        response.raise_for_status()
+        content = response.text
+        api_spec = yaml.safe_load(content)
+    except Exception as e:
+        print(f"Error fetching/parsing YAML spec from {spec_url}: {e}")
+        return {}
+    endpoints = {}
+    if "paths" not in api_spec:
+        print("No endpoints found in the specification.")
+        return {}
+    valid_methods = ['get', 'post', 'put', 'delete', 'patch', 'head', 'options']
+    for path, methods in api_spec["paths"].items():
+        endpoints[path] = {}
+        if not methods or not isinstance(methods, dict):
+            continue
+        # Get common parameters defined at path level
+        common_params = methods.get("parameters", [])
+        for method, details in methods.items():
+            if method.lower() not in valid_methods:
+                continue
+            # Combine path-level and method-level parameters
+            method_params = details.get("parameters", [])
+            all_params = common_params + method_params
+            endpoint_info = {
+                "summary": details.get("summary", ""),
+                "description": details.get("description", ""),
+                "parameters": all_params  # Include all parameters
+            }
+            endpoints[path][method.lower()] = endpoint_info
+    return endpoints
+def fetch_api_endpoints_json(spec_url):
+    try:
+        response = requests.get(spec_url)
+        response.raise_for_status()
+        api_spec = response.json()
+    except Exception as e:
+        print(f"Error fetching/parsing JSON spec from {spec_url}: {e}")
+        return {}
+    endpoints = {}
+    if "paths" not in api_spec:
+        print("No endpoints found in the specification.")
+        return {}
+    valid_methods = ['get', 'post', 'put', 'delete', 'patch', 'head', 'options']
+    for path, methods in api_spec["paths"].items():
+        endpoints[path] = {}
+        if not methods or not isinstance(methods, dict):
+            continue
+        # Get common parameters defined at path level
+        common_params = methods.get("parameters", [])
+        for method, details in methods.items():
+            if method.lower() not in valid_methods:
+                continue
+            # Combine path-level and method-level parameters
+            method_params = details.get("parameters", [])
+            all_params = common_params + method_params
+            endpoint_info = {
+                "summary": details.get("summary", ""),
+                "description": details.get("description", ""),
+                "parameters": all_params  # Include all parameters
+            }
+            endpoints[path][method.lower()] = endpoint_info
+    return endpoints
+def get_endpoints(spec_choice):
+    api_spec_options = {
+        "Okta (JSON)": os.getenv("OKTA_API_SPEC"),
+        "SailPoint IdentityNow (YAML)": os.getenv("IDENTITY_NOW_API_SPEC"),
+        "Sailpoint IIQ (YAML)": os.getenv("IIQ_API_SPEC")
+    }
+    spec_url = api_spec_options.get(spec_choice)
+    if not spec_url:
+        return {}
+    if "JSON" in spec_choice:
+        return fetch_api_endpoints_json(spec_url)
+    return fetch_api_endpoints_yaml(spec_url)
+def group_endpoints(endpoints, spec_choice):
+    """Group endpoints with special handling for Okta API"""
+    groups = {}
+    # Special handling for Okta endpoints
+    if spec_choice == "Okta (JSON)":
+        for path, methods in endpoints.items():
+            # Remove /api/v1/ prefix and get the first segment
+            clean_path = path.replace('/api/v1/', '')
+            segments = clean_path.strip("/").split("/")
+            group_key = segments[0] if segments else "other"
+            if group_key not in groups:
+                groups[group_key] = {}
+            groups[group_key][path] = methods
+    else:
+        # Original grouping logic for other APIs
+        for path, methods in endpoints.items():
+            segments = path.strip("/").split("/")
+            group_key = segments[0] if segments[0] != "" else "other"
+            if group_key not in groups:
+                groups[group_key] = {}
+            groups[group_key][path] = methods
+    return groups
+with gr.Blocks(
+    theme=gr.themes.Default(
+        primary_hue=gr.themes.colors.red,
+        secondary_hue=gr.themes.colors.gray,
+        neutral_hue="slate",
+        text_size="md",
+        radius_size="md",
+        font=gr.themes.GoogleFont("Inter")
+    )
+) as demo:
+    gr.Markdown("# Data Connector Demo")
+    gr.Markdown("Select an API spec, then click Refresh Endpoints to see available endpoints grouped in accordions.")
+    # Session state
+    session_id_state = gr.State("")
+    confirmed_endpoints_state = gr.State([])
+    display_values_state = gr.State([])
+    max_groups = 100
+    # API Spec Selection
+    with gr.Row():
+        spec_choice = gr.Radio(
+            label="Choose API Spec",
+            choices=["Okta (JSON)", "SailPoint IdentityNow (YAML)", "Sailpoint IIQ (YAML)"],
+            value="SailPoint IdentityNow (YAML)"
+        )
+        refresh_eps = gr.Button("Refresh Endpoints", variant="primary")
+    # Loading indicator
+    loading_status = gr.Markdown("Select an API spec and click 'Refresh Endpoints' to load available endpoints.")
+    # Create accordion placeholders
+    accordion_placeholders = []
+    with gr.Column():
+        for i in range(max_groups):
+            with gr.Accordion(label="", open=False, visible=False) as acc:
+                cb = gr.CheckboxGroup(label="", choices=[], value=[])
+            accordion_placeholders.append((acc, cb))
+    # Parameter group
+    with gr.Group(visible=False) as param_group:
+        param_header = gr.Markdown("### Parameters Required")  # Default header
+        param_components = []
+        with gr.Column() as param_container:
+            for i in range(5):
+                with gr.Group(visible=False) as group:
+                    display = gr.Markdown(visible=False)
+                    input_box = gr.Textbox(
+                        label="Parameter Value",
+                        visible=False,
+                        interactive=True
+                    )
+                    param_components.append((group, display, input_box))
+    # Authentication sections
+    with gr.Group() as identitynow_auth:
+        with gr.Row():
+            grant_type = gr.Textbox(label="Enter grant_type", value="client_credentials")
+            client_id = gr.Textbox(label="Enter client_id")
+            client_secret = gr.Textbox(label="Enter client_secret", type="password")
+    with gr.Group(visible=False) as okta_auth:
+        api_token = gr.Textbox(label="Enter Okta API Token", type="password")
+    with gr.Group(visible=False) as iiq_auth:
+        with gr.Row():
+            iiq_username = gr.Textbox(label="Enter IIQ Username")
+            iiq_password = gr.Textbox(label="Enter IIQ Password", type="password")
+    api_base_url = gr.Textbox(label="Enter API Base URL")
+    # Buttons
+    confirm_endpoints_btn = gr.Button("Submit and Confirm Endpoints", variant="primary")
+    call_api_btn = gr.Button("Call API", variant="primary")
+    # Output components
+    responses_out = gr.JSON(label="API Responses")
+    download_out = gr.File(label="Download Session Data (ZIP)")
+    def update_acc(spec_choice):
+        """Update accordions with endpoints"""
+        try:
+            endpoints = get_endpoints(spec_choice)
+            if not endpoints:
+                return [gr.update(visible=False)] * (max_groups * 2) + ["⚠️ No endpoints found"]
+            groups = group_endpoints(endpoints, spec_choice)
+            group_keys = list(groups.keys())
+            if not group_keys:
+                return [gr.update(visible=False)] * (max_groups * 2) + ["⚠️ No endpoint groups found"]
+            updates = []
+            # Always process exactly max_groups number of slots
+            for i in range(max_groups):
+                if i < len(group_keys):
+                    group = group_keys[i]
+                    choices = []
+                    # Collect GET endpoints for this group
+                    for ep, methods in groups[group].items():
+                        if 'get' in methods:
+                            summary = methods['get'].get('summary', 'No summary')
+                            label = f"{ep} | GET - {summary}"
+                            choices.append(label)
+                    # Add updates regardless of choices
+                    acc_update = gr.update(
+                        label=f"Group: {group}" if choices else "",
+                        visible=bool(choices),
+                        open=(i == 0 and bool(choices))
+                    )
+                    cb_update = gr.update(choices=choices, value=[], visible=bool(choices))
+                    updates.append((acc_update, cb_update))
+                else:
+                    # Fill remaining slots with hidden updates
+                    acc_update = gr.update(visible=False, label="")
+                    cb_update = gr.update(visible=False, choices=[], value=[])
+                    updates.append((acc_update, cb_update))
+            # Flatten updates and add status message
+            flattened = []
+            for up in updates:
+                flattened.extend(up)  # This will give us exactly max_groups * 2 updates
+            visible_groups = sum(1 for group in groups.values() if any('get' in methods for methods in group.values()))
+            success_msg = f"✅ Loaded {visible_groups} groups with GET endpoints"
+            flattened.append(success_msg)
+            return flattened
+        except Exception as e:
+            error_msg = f"❌ Error loading endpoints: {str(e)}"
+            return [gr.update(visible=False)] * (max_groups * 2) + [error_msg]
+    def update_auth_fields(api_choice):
+        updates = {
+            "Okta (JSON)": [False, True, False],
+            "SailPoint IdentityNow (YAML)": [True, False, False],
+            "Sailpoint IIQ (YAML)": [False, False, True]
+        }
+        visibilities = updates.get(api_choice, [False, False, False])
+        return [
+            gr.update(visible=visibilities[0]),
+            gr.update(visible=visibilities[1]),
+            gr.update(visible=visibilities[2])
+        ]
+    def confirm_selected_endpoints(spec_choice, *checkbox_values):
+        """Collect and confirm all selected endpoints"""
+        all_selected = []
+        for checkbox_group in checkbox_values:
+            if isinstance(checkbox_group, list) and checkbox_group:
+                all_selected.extend(checkbox_group)
+        # Get the API spec
+        endpoints = get_endpoints(spec_choice)
+        # Process selected endpoints to find ones with parameters
+        endpoints_with_params = []
+        display_values = []  # Track display values
+        for selection in all_selected:
+            endpoint = selection.split(" | ")[0]
+            endpoint_spec = endpoints.get(endpoint, {}).get('get', {})
+            # Get both path and query parameters
+            path_params = extract_path_params(endpoint)
+            query_params = extract_query_params(endpoint_spec)
+            if path_params or query_params:
+                endpoints_with_params.append((endpoint, path_params, query_params))
+                display_values.append(f"Endpoint: {endpoint}")
+        # Create updates for all components
+        updates = []
+        updates.append(endpoints_with_params)  # confirmed_endpoints_state
+        updates.append(display_values)  # display_values_state
+        # Determine parameter types present
+        has_path_params = any(path_params for _, path_params, _ in endpoints_with_params)
+        has_query_params = any(query_params for _, _, query_params in endpoints_with_params)
+        # Set appropriate header based on parameter types
+        if has_path_params and has_query_params:
+            header_text = "### Path and Query Parameters Required"
+        elif has_path_params:
+            header_text = "### Path Parameters Required/Optional"
+        elif has_query_params:
+            header_text = "### Query Parameters Required/Optional"
+        else:
+            header_text = "### Parameters Required"
+        # Update group visibility and header text separately
+        updates.append(gr.update(visible=bool(endpoints_with_params)))  # param_group visibility
+        updates.append(gr.update(value=header_text, visible=True))  # param_header update
+        # Then create updates for each parameter component
+        param_index = 0
+        for i in range(100):  # Assuming max 5 endpoints
+            if i < len(endpoints_with_params):
+                endpoint, path_params, query_params = endpoints_with_params[i]
+                # Handle path parameters
+                for param_name in path_params:  # Changed: iterate directly over parameter names
+                    if param_index < 5:  # Stay within component limit
+                        updates.extend([
+                            gr.update(visible=True),
+                            gr.update(visible=True, value=f"Endpoint: {endpoint} - Path Parameter"),
+                            gr.update(
+                                visible=True,
+                                label=f"Enter path parameter: {param_name}",
+                                placeholder=f"Required path parameter for {endpoint}"
+                            )
+                        ])
+                        param_index += 1
+                # Handle query parameters
+                for param in query_params:  # Changed: handle query parameter tuples
+                    _, name, required, description = param  # Unpack all 4 values
+                    if param_index < 5:  # Stay within component limit
+                        updates.extend([
+                            gr.update(visible=True),
+                            gr.update(visible=True, value=f"Endpoint: {endpoint} - Query Parameter"),
+                            gr.update(
+                                visible=True,
+                                label=f"Enter query parameter: {name}" + (" (Required)" if required else " (Optional)"),
+                                placeholder=description
+                            )
+                        ])
+                        param_index += 1
+        # Fill remaining parameter components with hidden updates
+        while param_index < 5:
+            updates.extend([
+                gr.update(visible=False),
+                gr.update(visible=False, value=""),
+                gr.update(visible=False, label="")
+            ])
+            param_index += 1
+        return updates
+    def handle_api_call(spec_choice, api_base_url, session_id, grant_type, client_id, client_secret,
+                   api_token, iiq_username, iiq_password, display_values, *args):
+        # Create param_values dictionary
+        num_params = len(param_components)
+        path_params = {}
+        query_params = {}
+        for i, display_value in enumerate(display_values):
+            if display_value and args[i]:
+                endpoint_text = display_value.split(": ")[1].split(" - ")[0]
+                param_type = "path" if "Path Parameter" in display_value else "query"
+                param_name = args[i].split(":")[0].strip()
+                if param_type == "path":
+                    path_params[param_name] = args[i]
+                else:
+                    query_params[param_name] = args[i]
+        checkbox_values = args[num_params:]
+        try:
+            if spec_choice == "Okta (JSON)":
+                return handle_okta_call(api_base_url, api_token, session_id, path_params, query_params, *checkbox_values)
+            elif spec_choice == "SailPoint IdentityNow (YAML)":
+                return handle_identitynow_call(api_base_url, grant_type, client_id, client_secret,
+                                        session_id, path_params, query_params, *checkbox_values)
+            else:  # IIQ
+                return handle_iiq_call(api_base_url, iiq_username, iiq_password, session_id,
+                                path_params, query_params, *checkbox_values)
+        except Exception as e:
+            print(f"Error in handle_api_call: {str(e)}")
+            return (
+                {"error": f"API call failed: {str(e)}"},
+                None,
+                session_id,
+                f"❌ Error: {str(e)}"
+            )
+    # Wire up the events
+    spec_choice.change(
+        fn=update_auth_fields,
+        inputs=[spec_choice],
+        outputs=[identitynow_auth, okta_auth, iiq_auth]
+    )
+    refresh_eps.click(
+        fn=update_acc,
+        inputs=spec_choice,
+        outputs=[*[accordion_placeholders[i][j] for i in range(max_groups) for j in range(2)], loading_status]
+    )
+    confirm_endpoints_btn.click(
+        fn=confirm_selected_endpoints,
+        inputs=[
+            spec_choice,
+            *[acc_cb[1] for acc_cb in accordion_placeholders]
+        ],
+        outputs=[
+            confirmed_endpoints_state,
+            display_values_state,
+            param_group,
+            param_header,  # Add param_header to outputs
+            *[item for group, display, input_box in param_components
+            for item in (group, display, input_box)]
+        ]
+    )
+    call_api_btn.click(
+        fn=handle_api_call,
+        inputs=[
+            spec_choice,
+            api_base_url,
+            session_id_state,
+            grant_type,
+            client_id,
+            client_secret,
+            api_token,
+            iiq_username,
+            iiq_password,
+            display_values_state,
+            *[input_box for _, _, input_box in param_components],
+            *[acc_cb[1] for acc_cb in accordion_placeholders]
+        ],
+        outputs=[responses_out, download_out, session_id_state, loading_status]
+    )
+if __name__ == "__main__":
+    demo.launch(
+        favicon_path="https://www.sailpoint.com/wp-content/uploads/2020/08/favicon.png",
+        show_error=True
+    )

identityNow.py ADDED Viewed

	@@ -0,0 +1,141 @@

+import requests
+import datetime
+import json
+import os
+import uuid
+import traceback
+from utils import zip_session_folder, handle_path_parameters
+def fetch_identitynow_token(api_url, grant_type, client_id, client_secret):
+    """Fetch OAuth token for IdentityNow"""
+    token_endpoint = api_url.rstrip("/") + "/oauth/token"
+    payload = {
+        'grant_type': grant_type,
+        'client_id': client_id,
+        'client_secret': client_secret
+    }
+    headers = {
+        'Accept': 'application/json',
+        'Content-Type': 'application/x-www-form-urlencoded'
+    }
+    try:
+        response = requests.post(token_endpoint, data=payload, headers=headers)
+        response.raise_for_status()
+        token_data = response.json()
+        access_token = token_data.get("access_token")
+        expires_in = token_data.get("expires_in", 0)
+        expiry_timestamp = datetime.datetime.now(datetime.timezone.utc).timestamp() + expires_in
+        return {
+            "access_token": access_token,
+            "expiry_timestamp": expiry_timestamp,
+            "success": True,
+            "message": None
+        }
+    except Exception as e:
+        return {
+            "access_token": None,
+            "expiry_timestamp": None,
+            "success": False,
+            "message": str(e)
+        }
+def handle_identitynow_call(api_base_url, oauth_grant, oauth_client, oauth_secret, session_id, param_values, *checkbox_values):
+    """Handle IdentityNow API calls with parameter support"""
+    if not session_id:
+        session_id = str(uuid.uuid4())
+    # Get OAuth token
+    token_result = fetch_identitynow_token(
+        api_base_url,
+        oauth_grant,
+        oauth_client,
+        oauth_secret
+    )
+    if not token_result["success"]:
+        return (
+            {"error": f"Failed to get OAuth token: {token_result['message']}"},
+            None,
+            session_id,
+            "❌ OAuth token fetch failed"
+        )
+    # Format expiry time
+    expiry_dt = datetime.datetime.fromtimestamp(token_result["expiry_timestamp"], tz=datetime.timezone.utc)
+    expiry_str = expiry_dt.strftime("%Y-%m-%d %H:%M:%S UTC")
+    token_msg = f"✅ OAuth token received! Valid until: {expiry_str}"
+    # Process selected endpoints
+    responses = {}
+    base_save_folder = os.path.join("sessions", session_id, "IdentityNow")
+    os.makedirs(base_save_folder, exist_ok=True)
+    headers = {
+        'Accept': 'application/json',
+        'Authorization': f'Bearer {token_result["access_token"]}'
+    }
+    # Parse and call selected endpoints
+    for selections in checkbox_values:
+        if isinstance(selections, list):
+            for selection in selections:
+                try:
+                    if " | " in selection:
+                        endpoint, method_part = selection.split(" | ")
+                        method = method_part.split(" - ")[0].lower()
+                    else:
+                        endpoint = selection
+                        method = "get"
+                    # Handle parameter replacement if needed
+                    if any(char in endpoint for char in ['{', '}']):
+                        full_url, error = handle_path_parameters(endpoint, f"{api_base_url}/v3", param_values)
+                        if error:
+                            responses[endpoint] = f"Error: {error}"
+                            continue
+                    else:
+                        full_url = f"{api_base_url.rstrip('/')}/v3{endpoint}"
+                    print(f"Calling endpoint: {full_url}")
+                    r = requests.get(full_url, headers=headers)
+                    r.raise_for_status()
+                    data = r.json() if r.headers.get('content-type', '').startswith('application/json') else r.text
+                    responses[endpoint] = data
+                    # Save response data
+                    save_response_data(data, endpoint, base_save_folder)
+                except Exception as e:
+                    responses[endpoint] = f"Error: {traceback.format_exc()}"
+    # Create and return session zip
+    zip_filename = create_session_zip(session_id)
+    return responses, zip_filename, session_id, "✅ API calls complete!"
+def save_response_data(data, endpoint, base_save_folder):
+    """Save API response data to file"""
+    safe_endpoint_name = endpoint.strip("/").replace("/", "_") or "root"
+    timestamp = datetime.datetime.now().strftime("%Y-%m-%d_%H-%M-%S")
+    save_folder = os.path.join(base_save_folder, f"{safe_endpoint_name} ({timestamp})")
+    os.makedirs(save_folder, exist_ok=True)
+    filename = os.path.join(save_folder, "data.jsonl")
+    with open(filename, "w", encoding="utf-8") as f:
+        if isinstance(data, list):
+            for item in data:
+                f.write(json.dumps(item) + "\n")
+        elif isinstance(data, dict):
+            f.write(json.dumps(data) + "\n")
+        else:
+            f.write(str(data))
+def create_session_zip(session_id):
+    """Create ZIP file of session data"""
+    session_folder = os.path.join("sessions", session_id)
+    zip_file = zip_session_folder(session_folder)
+    zip_filename = f"session_{session_id}.zip"
+    with open(zip_filename, "wb") as f:
+        f.write(zip_file.read())
+    return zip_filename

iiq.py ADDED Viewed

	@@ -0,0 +1,110 @@

+import requests
+import datetime
+import json
+import os
+import uuid
+import traceback
+from utils import zip_session_folder, handle_path_parameters
+def validate_iiq_credentials(username, password):
+    """Validate IIQ credentials"""
+    try:
+        return {
+            "username": username,
+            "password": password,
+            "success": True,
+            "message": None
+        }
+    except Exception as e:
+        return {
+            "success": False,
+            "message": str(e)
+        }
+def save_response_data(data, endpoint, base_save_folder):
+    """Save API response data to file"""
+    safe_endpoint_name = endpoint.strip("/").replace("/", "_") or "root"
+    timestamp = datetime.datetime.now().strftime("%Y-%m-%d_%H-%M-%S")
+    save_folder = os.path.join(base_save_folder, f"{safe_endpoint_name} ({timestamp})")
+    os.makedirs(save_folder, exist_ok=True)
+    filename = os.path.join(save_folder, "data.jsonl")
+    with open(filename, "w", encoding="utf-8") as f:
+        if isinstance(data, list):
+            for item in data:
+                f.write(json.dumps(item) + "\n")
+        elif isinstance(data, dict):
+            f.write(json.dumps(data) + "\n")
+        else:
+            f.write(str(data))
+def create_session_zip(session_id):
+    """Create ZIP file of session data"""
+    session_folder = os.path.join("sessions", session_id)
+    zip_file = zip_session_folder(session_folder)
+    zip_filename = f"session_{session_id}.zip"
+    with open(zip_filename, "wb") as f:
+        f.write(zip_file.read())
+    return zip_filename
+def handle_iiq_call(api_base_url, username, password, session_id, param_values, *checkbox_values):
+    """Handle IIQ API calls with parameter support"""
+    if not session_id:
+        session_id = str(uuid.uuid4())
+    # Validate credentials
+    cred_result = validate_iiq_credentials(username, password)
+    if not cred_result["success"]:
+        return (
+            {"error": f"Failed to validate IIQ credentials: {cred_result['message']}"},
+            None,
+            session_id,
+            "❌ IIQ authentication failed"
+        )
+    responses = {}
+    base_save_folder = os.path.join("sessions", session_id, "IIQ")
+    os.makedirs(base_save_folder, exist_ok=True)
+    auth = (cred_result["username"], cred_result["password"])
+    # Process selected endpoints
+    for selections in checkbox_values:
+        if isinstance(selections, list):
+            for selection in selections:
+                try:
+                    if " | " in selection:
+                        endpoint, method_part = selection.split(" | ")
+                        method = method_part.split(" - ")[0].lower()
+                    else:
+                        endpoint = selection
+                        method = "get"
+                    # Handle parameter replacement if needed
+                    if any(char in endpoint for char in ['{', '}']):
+                        full_url, error = handle_path_parameters(endpoint, api_base_url, param_values)
+                        if error:
+                            responses[endpoint] = f"Error: {error}"
+                            continue
+                    else:
+                        full_url = f"{api_base_url.rstrip('/')}{endpoint}"
+                    print(f"Calling IIQ endpoint: {full_url}")
+                    r = requests.get(full_url, auth=auth)
+                    r.raise_for_status()
+                    data = r.json() if r.headers.get('content-type', '').startswith('application/json') else r.text
+                    responses[endpoint] = data
+                    # Save response data
+                    save_response_data(data, endpoint, base_save_folder)
+                except Exception as e:
+                    responses[endpoint] = f"Error: {traceback.format_exc()}"
+    # Create and return session zip
+    zip_filename = create_session_zip(session_id)
+    return responses, zip_filename, session_id, "✅ IIQ API calls complete!"
+# Include save_response_data and create_session_zip functions (same as IdentityNow)

okta.py ADDED Viewed

	@@ -0,0 +1,109 @@

+import requests
+import datetime
+import json
+import os
+import uuid
+import traceback
+from utils import zip_session_folder, handle_path_parameters
+def validate_okta_token(api_token):
+    """Validate Okta API token"""
+    try:
+        return {
+            "access_token": api_token,
+            "success": True,
+            "message": None
+        }
+    except Exception as e:
+        return {
+            "success": False,
+            "message": str(e)
+        }
+def save_response_data(data, endpoint, base_save_folder):
+    """Save API response data to file"""
+    safe_endpoint_name = endpoint.strip("/").replace("/", "_") or "root"
+    timestamp = datetime.datetime.now().strftime("%Y-%m-%d_%H-%M-%S")
+    save_folder = os.path.join(base_save_folder, f"{safe_endpoint_name} ({timestamp})")
+    os.makedirs(save_folder, exist_ok=True)
+    filename = os.path.join(save_folder, "data.jsonl")
+    with open(filename, "w", encoding="utf-8") as f:
+        if isinstance(data, list):
+            for item in data:
+                f.write(json.dumps(item) + "\n")
+        elif isinstance(data, dict):
+            f.write(json.dumps(data) + "\n")
+        else:
+            f.write(str(data))
+def create_session_zip(session_id):
+    """Create ZIP file of session data"""
+    session_folder = os.path.join("sessions", session_id)
+    zip_file = zip_session_folder(session_folder)
+    zip_filename = f"session_{session_id}.zip"
+    with open(zip_filename, "wb") as f:
+        f.write(zip_file.read())
+    return zip_filename
+def handle_okta_call(api_base_url, api_token, session_id, param_values, *checkbox_values):
+    """Handle Okta API calls with parameter support"""
+    if not session_id:
+        session_id = str(uuid.uuid4())
+    if not api_base_url.startswith('https://'):
+        api_base_url = f"https://{api_base_url}"
+    headers = {
+        "Accept": "application/json",
+        "Authorization": f"SSWS {api_token}"
+    }
+    responses = {}
+    base_save_folder = os.path.join("sessions", session_id, "Okta")
+    os.makedirs(base_save_folder, exist_ok=True)
+    # Process selected endpoints
+    for selections in checkbox_values:
+        if isinstance(selections, list):
+            for selection in selections:
+                try:
+                    if " | " in selection:
+                        endpoint, method_part = selection.split(" | ")
+                        method = method_part.split(" - ")[0].lower()
+                    else:
+                        endpoint = selection
+                        method = "get"
+                    # Ensure endpoint starts with /api/v1
+                    if not endpoint.startswith('/api/v1'):
+                        endpoint = f"/api/v1{endpoint}"
+                    # Handle parameter replacement if needed
+                    if any(char in endpoint for char in ['{', '}']):
+                        full_url, error = handle_path_parameters(endpoint, api_base_url, param_values)
+                        if error:
+                            responses[endpoint] = f"Error: {error}"
+                            continue
+                    else:
+                        full_url = f"{api_base_url.rstrip('/')}{endpoint}"
+                    print(f"Calling Okta endpoint: {full_url}")
+                    r = requests.get(full_url, headers=headers)
+                    r.raise_for_status()
+                    data = r.json() if r.headers.get('content-type', '').startswith('application/json') else r.text
+                    responses[endpoint] = data
+                    # Save response data
+                    save_response_data(data, endpoint, base_save_folder)
+                except Exception as e:
+                    responses[endpoint] = f"Error: {traceback.format_exc()}"
+    # Create and return session zip
+    zip_filename = create_session_zip(session_id)
+    return responses, zip_filename, session_id, "✅ Okta API calls complete!"
+# Include save_response_data and create_session_zip functions (same as IdentityNow)

pyproject.toml ADDED Viewed

	@@ -0,0 +1,13 @@

+[project]
+name = "data-connector"
+version = "0.1.0"
+description = "Add your description here"
+readme = "README.md"
+requires-python = ">=3.13"
+dependencies = [
+    "gradio>=5.16.0",
+    "python-dotenv>=1.0.1",
+    "pyyaml>=6.0.2",
+    "requests>=2.32.3",
+    "streamlit>=1.42.0",
+]

session_28e04043-15a7-4e6b-8dd9-eeddbee5428b.zip ADDED Viewed

	@@ -0,0 +1,3 @@

+version https://git-lfs.github.com/spec/v1
+oid sha256:e6c541638a8ffe93b319ba2254c384b464ee41a58bf110596b776fee40b8ba92
+size 42401

sessions/28e04043-15a7-4e6b-8dd9-eeddbee5428b/IdentityNow/sod-policies (2025-02-19_10-32-26)/data.jsonl ADDED Viewed

	@@ -0,0 +1,8 @@

+{"description": "Admin Accountants", "ownerRef": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "creatorRef": null, "externalPolicyReference": "https://my.sharepointonline.com/references/myurl", "policyQuery": "attributes.department:\"Accounting\" AND @access(\"WindowsAdministration\")", "compensatingControls": "Accountants with Administrative rights must have MFA and be a part of a regular review of access (certification). Additionally, privileged credentials must be accessed through our PAM provider.", "correctionAdvice": "When no longer appropriate, please revoke the administrative credentials from the individual.", "tags": ["INTERNALCONTROLS", "CUSTOM123", "SOX"], "state": "ENFORCED", "scheduled": false, "creatorId": "95a9b731946541a5b95728d054f880ca", "modifierId": null, "violationOwnerAssignmentConfig": {"assignmentRule": "MANAGER", "ownerRef": null}, "type": "GENERAL", "conflictingAccessCriteria": null, "id": "e166fae0-2252-4f8f-8a54-9e6e5a2963b7", "name": "Admin Accountants", "created": "2024-09-09T15:33:37Z", "modified": "2024-09-09T15:33:37Z"}
+{"description": "Contractors with a CyberArk Account", "ownerRef": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "creatorRef": null, "externalPolicyReference": "https://my.sharepointonline.com/somecompany/policies/contractors", "policyQuery": "@accounts(source.name:\"CyberArk\") AND identityProfile.name:\"Contractors\"", "compensatingControls": "ACME Corp does not allow for contractors to have CyberArk access. In accordance, this individual must go through additional screening for ABCXYZ.", "correctionAdvice": "Remove access when no longer appropriate.", "tags": ["NIST", "CONTROLX"], "state": "ENFORCED", "scheduled": false, "creatorId": "95a9b731946541a5b95728d054f880ca", "modifierId": null, "violationOwnerAssignmentConfig": {"assignmentRule": "MANAGER", "ownerRef": null}, "type": "GENERAL", "conflictingAccessCriteria": null, "id": "91b5db2b-ea4b-42fe-a80b-ca2076b5a210", "name": "Contractors with a CyberArk Account", "created": "2024-09-09T15:33:37Z", "modified": "2024-09-09T15:33:37Z"}
+{"description": "Non-IT Users with Privileged System Access", "ownerRef": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "creatorRef": null, "externalPolicyReference": "https://my.sharepointonline.com/policies/abcxyz", "policyQuery": "@access(name:WindowsAdministration) AND NOT attributes.Department:IT", "compensatingControls": "Users with SOD violations are subject to ...", "correctionAdvice": "Choose one", "tags": ["INTERNALCONTROL237", "SOX"], "state": "ENFORCED", "scheduled": false, "creatorId": "95a9b731946541a5b95728d054f880ca", "modifierId": null, "violationOwnerAssignmentConfig": {"assignmentRule": "MANAGER", "ownerRef": null}, "type": "GENERAL", "conflictingAccessCriteria": null, "id": "6891ca33-816a-4f73-a808-c129754dc8bf", "name": "Non-IT Users with Privileged System Access", "created": "2024-09-09T15:33:37Z", "modified": "2024-09-09T15:33:37Z"}
+{"description": "Former contractors who have converted to regular employees should not retain contractor access.", "ownerRef": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "creatorRef": null, "externalPolicyReference": null, "policyQuery": "@access(name:\"Contractor Base Access\") AND NOT identityProfile.name:Contractors", "compensatingControls": "Review conversion date, determine whether Contractor access is still required", "correctionAdvice": "Revoke contractor access as soon as no longer required", "tags": [], "state": "ENFORCED", "scheduled": false, "creatorId": "95a9b731946541a5b95728d054f880ca", "modifierId": null, "violationOwnerAssignmentConfig": {"assignmentRule": "MANAGER", "ownerRef": null}, "type": "GENERAL", "conflictingAccessCriteria": null, "id": "3d34ebdc-7cf6-4144-ad23-9be21ba61c8c", "name": "Regular Employees with Contractor Access", "created": "2024-09-09T15:33:36Z", "modified": "2024-09-09T15:33:36Z"}
+{"description": "This policy looks across multiple applications for Accounts Receivable and Payable conflicts in accordance with SOX 2.0 compliance controls.", "ownerRef": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "creatorRef": null, "externalPolicyReference": "https://www.sec.gov/info/smallbus/404guide/intro.shtml", "policyQuery": "@access(id:058f458ade634bcd9bf90db13e0d55c8) AND @access(id:acdcb0f71b4842f1807a19446ea0c3bf)", "compensatingControls": "Manager daily review - check for unauthorized supplier creation and review of daily transactions.", "correctionAdvice": "Remove one of the Cash In or Cash Out conflicts or get VP approval.", "tags": ["ACCOUNTING", "VIOLATION_SOD", "SOX"], "state": "ENFORCED", "scheduled": false, "creatorId": "95a9b731946541a5b95728d054f880ca", "modifierId": null, "violationOwnerAssignmentConfig": {"assignmentRule": "MANAGER", "ownerRef": null}, "type": "CONFLICTING_ACCESS_BASED", "conflictingAccessCriteria": {"leftCriteria": {"name": "Money_In", "criteriaList": [{"type": "ENTITLEMENT", "id": "058f458ade634bcd9bf90db13e0d55c8", "name": "AccountsPayable"}]}, "rightCriteria": {"name": "Money_Out", "criteriaList": [{"type": "ENTITLEMENT", "id": "acdcb0f71b4842f1807a19446ea0c3bf", "name": "AccountsReceivable"}]}}, "id": "af6e6b9d-de33-4369-9f4d-d07f9569a7a6", "name": "Money In & Money Out", "created": "2024-09-09T15:33:32Z", "modified": "2024-09-09T15:33:32Z"}
+{"description": "Policy to enforce that an Invoice Creator does not also have the ability to pay invoices", "ownerRef": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "creatorRef": null, "externalPolicyReference": " http://acme.policies/sod", "policyQuery": "@access(id:72fdb961abbe443ba9834b82c2fa1ecc) AND @access(id:4d60180b14f841d6b22cb368dc1e5599)", "compensatingControls": "No employee will have sole authority of or responsibility for control to create and approve invoices.\n\n An employee cannot serve as both the creator and approver for the same invoice review under a contract or order.", "correctionAdvice": "Deny or remove access upon discovery of conflicting access unless VP approved or time limited access not to exceed 24 hours", "tags": ["SOD", "VIOLATION_SOD", "SOX"], "state": "ENFORCED", "scheduled": false, "creatorId": "95a9b731946541a5b95728d054f880ca", "modifierId": null, "violationOwnerAssignmentConfig": {"assignmentRule": null, "ownerRef": null}, "type": "CONFLICTING_ACCESS_BASED", "conflictingAccessCriteria": {"leftCriteria": {"name": "Invoice Create", "criteriaList": [{"type": "ENTITLEMENT", "id": "72fdb961abbe443ba9834b82c2fa1ecc", "name": "CreateInvoices"}]}, "rightCriteria": {"name": "Invoice Approve", "criteriaList": [{"type": "ENTITLEMENT", "id": "4d60180b14f841d6b22cb368dc1e5599", "name": "ProcessInvoices"}]}}, "id": "73c0fc38-4a22-45b7-a67a-1979c8f2fb6c", "name": "Invoice Creation and Approval Control", "created": "2024-09-09T15:33:32Z", "modified": "2024-09-09T15:33:32Z"}
+{"description": "Developer Administrator Violation", "ownerRef": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "creatorRef": null, "externalPolicyReference": "See section 23 of Employee Handbook on Data Handling", "policyQuery": "@access(id:0a6e00f2dda84f258391df8e9d4b6b8e OR id:b7f0ea8ec1d3436a9d430d8f6f686905) AND @access(id:5e5529b158404b68995ec909d92653f1)", "compensatingControls": "Controls go here", "correctionAdvice": "Advice goes here", "tags": ["CUSTOM123"], "state": "ENFORCED", "scheduled": false, "creatorId": "95a9b731946541a5b95728d054f880ca", "modifierId": null, "violationOwnerAssignmentConfig": {"assignmentRule": "MANAGER", "ownerRef": null}, "type": "CONFLICTING_ACCESS_BASED", "conflictingAccessCriteria": {"leftCriteria": {"name": "Administrator", "criteriaList": [{"type": "ENTITLEMENT", "id": "0a6e00f2dda84f258391df8e9d4b6b8e", "name": "SysAdministration"}, {"type": "ENTITLEMENT", "id": "b7f0ea8ec1d3436a9d430d8f6f686905", "name": "Admins"}]}, "rightCriteria": {"name": "Developer", "criteriaList": [{"type": "ENTITLEMENT", "id": "5e5529b158404b68995ec909d92653f1", "name": "Development"}]}}, "id": "0188b34e-e273-4efd-87ee-a42ae49d3c1a", "name": "Developer Administrator Violation", "created": "2024-09-09T15:33:32Z", "modified": "2024-09-09T15:33:32Z"}
+{"description": "No Manager Assigned", "ownerRef": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "creatorRef": null, "externalPolicyReference": null, "policyQuery": "NOT _exists_:manager.id", "compensatingControls": "Assign a manager", "correctionAdvice": "Assign a manager", "tags": [], "state": "ENFORCED", "scheduled": false, "creatorId": "95a9b731946541a5b95728d054f880ca", "modifierId": null, "violationOwnerAssignmentConfig": {"assignmentRule": null, "ownerRef": null}, "type": "GENERAL", "conflictingAccessCriteria": null, "id": "944735dd-abe8-4bd3-a840-e6bcc65ffddc", "name": "No Manager Assigned", "created": "2024-09-09T15:33:31Z", "modified": "2024-09-09T15:33:31Z"}

sessions/28e04043-15a7-4e6b-8dd9-eeddbee5428b/IdentityNow/transforms (2025-02-19_10-32-27)/data.jsonl ADDED Viewed

	@@ -0,0 +1,14 @@

+{"id": "06353c92-7427-4db2-ae02-eff43a95cfe2", "name": "Determine Lifecycle State", "type": "dateCompare", "attributes": {"requiresPeriodicRefresh": "true", "firstDate": {"attributes": {"name": "startDate"}, "type": "identityAttribute"}, "negativeCondition": {"attributes": {"firstDate": {"attributes": {"name": "endDate"}, "type": "identityAttribute"}, "negativeCondition": "inactive", "operator": "gt", "positiveCondition": "active", "secondDate": "now"}, "type": "dateCompare"}, "operator": "gt", "positiveCondition": "prehire", "secondDate": "now"}, "internal": false}
+{"id": "18516076-7ad5-4cc7-b610-765fa8e7f769", "name": "Determine License", "type": "lookup", "attributes": {"input": {"attributes": {"input": {"attributes": {"values": [{"attributes": {"name": "cloudLifecycleState"}, "type": "identityAttribute"}, "-", {"attributes": {"name": "accountType"}, "type": "identityAttribute"}]}, "type": "concat"}}, "type": "lower"}, "table": {"active-": "licensed", "prehire-": "licensed", "loa-": "licensed", "inactive-": "unlicensed", "active-bot": "light", "active-serviceAccount": "light", "default": "unlicensed"}}, "internal": false}
+{"id": "1bfd74db-4ef8-4aab-b1ff-585ffd33c4ff", "name": "Remove Diacritical Marks", "type": "decomposeDiacriticalMarks", "attributes": null, "internal": true}
+{"id": "2d3a1b7d-db1e-482e-bab2-3720b2c523b5", "name": "ISO8601EndDateFormat", "type": "firstValid", "attributes": {"values": [{"attributes": {"attributeName": "endDate", "inputFormat": "MM/dd/yyyy", "outputFormat": "ISO8601", "sourceName": "Employee"}, "type": "dateFormat"}, {"attributes": {"value": "2199-01-01T00:00:00.000Z"}, "type": "static"}]}, "internal": false}
+{"id": "4a73a15b-0b1f-4701-8cb0-a11c204ed66e", "name": "RFC5646 Language Format", "type": "rfc5646", "attributes": null, "internal": true}
+{"id": "8c177084-6194-4a6e-8fe7-9741507afa2e", "name": "Derive FirstInitial+LastName In Upper", "type": "upper", "attributes": {"input": {"attributes": {"values": [{"attributes": {"begin": 0, "end": 1, "input": {"attributes": {"name": "firstname"}, "type": "identityAttribute"}}, "type": "substring"}, {"attributes": {"name": "lastname"}, "type": "identityAttribute"}]}, "type": "concat"}}, "internal": false}
+{"id": "9fb4b2f0-1172-492d-9444-7338e6c97c68", "name": "ISO8601DateFormat", "type": "dateFormat", "attributes": {"inputFormat": "MM/dd/yyyy", "outputFormat": "ISO8601"}, "internal": false}
+{"id": "af81a719-4c7e-44f6-8310-266a7fdbb404", "name": "ToLower", "type": "lower", "attributes": null, "internal": true}
+{"id": "b634a7bd-a45b-4286-a663-1e50aabec2f6", "name": "E.164 Phone Format", "type": "e164phone", "attributes": null, "internal": true}
+{"id": "c0be8f35-2ed1-4dda-ae11-660a0dfd582b", "name": "Use Preferred Name", "type": "displayName", "attributes": null, "internal": true}
+{"id": "c4790c8c-b6e1-4431-af8d-d86180259516", "name": "NoEmail", "type": "firstValid", "attributes": {"values": [{"attributes": {"attributeName": "EMAIL_ADDRESS_WORK", "sourceName": "Workday"}, "type": "accountAttribute"}, {"attributes": {"value": "(none)"}, "type": "static"}]}, "internal": false}
+{"id": "ce88eafe-948c-4877-a18b-da3646c5ab25", "name": "ToUpper", "type": "upper", "attributes": null, "internal": true}
+{"id": "df80db36-0191-4e64-a112-409faa223ca0", "name": "ISO3166 Country Format", "type": "iso3166", "attributes": null, "internal": true}
+{"id": "ffc01973-c5f4-4af9-bae7-57d03317e0f7", "name": "Format GCP Email", "type": "concat", "attributes": {"values": [{"attributes": {"input": {"attributes": {"name": "uid"}, "type": "identityAttribute"}}, "type": "lower"}, "@se-gcp.sailpointtechnologies.com"]}, "internal": false}

sessions/28e04043-15a7-4e6b-8dd9-eeddbee5428b/IdentityNow/workflow-library (2025-02-19_10-32-32)/data.jsonl ADDED Viewed

The diff for this file is too large to render. See raw diff

sessions/28e04043-15a7-4e6b-8dd9-eeddbee5428b/IdentityNow/workflows (2025-02-19_10-32-29)/data.jsonl ADDED Viewed

	@@ -0,0 +1,23 @@

+{"id": "032887bb-1955-47af-9b83-62e37508c166", "name": "Don Test Workflow2", "description": "test workflow", "created": "2024-09-26T13:58:58.679574344Z", "modified": "2024-10-11T19:08:12.389426195Z", "modifiedBy": {"type": "IDENTITY", "id": "a5c91ed8e54b4d8b8feab1ece875f710", "name": "dcoltrain"}, "definition": {"start": "Get Identity", "steps": {"End Step - Success": {"displayName": "", "type": "success"}, "Get Identity": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.trigger.identity.id"}, "description": "", "displayName": "", "nextStep": "Send Email", "type": "action", "versionNumber": 2}, "HTTP Request": {"actionId": "sp:http", "attributes": {"authenticationType": "basic", "basicAuthPassword": "$.secrets.25476482-6c7c-40c1-bf9f-de980c498792", "basicAuthUserName": "dcoltrain", "method": "post", "requestContentType": "json", "requestHeaders": {}, "url": "https://008b0219-5038-4bb8-bb55-587fc7ff78db.mock.pstmn.io/philosophers"}, "displayName": "", "nextStep": "End Step - Success", "type": "action", "versionNumber": 2}, "Send Email": {"actionId": "sp:send-email", "attributes": {"body": "<p>email triggered by attribute change in RL SailPoint ISC</p>\n<p>&nbsp;</p>\n<p>Identity ID for affected record is $.trigger.identity.id</p>", "context": {}, "from": "", "recipientEmailList": ["dcoltrain@radiantlogic.com"], "replyTo": "", "subject": "triggered workflow in RL ISC"}, "displayName": "", "nextStep": "HTTP Request", "type": "action", "versionNumber": 2}}}, "enabled": true, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "a5c91ed8e54b4d8b8feab1ece875f710", "name": "dcoltrain"}, "owner": {"type": "IDENTITY", "id": "a5c91ed8e54b4d8b8feab1ece875f710", "name": "dcoltrain"}, "trigger": {"type": "EVENT", "attributes": {"attributeToFilter": "title", "filter.$": "$.changes[?(@.attribute == \"firstname\")]", "id": "idn:identity-attributes-changed"}}}
+{"id": "42843aa9-296f-4771-b464-3b56d640e3d9", "name": "Don Test Workflow", "description": "", "created": "2024-09-16T17:07:04.423191338Z", "modified": "2024-09-18T13:24:33.505127467Z", "modifiedBy": {"type": "IDENTITY", "id": "a5c91ed8e54b4d8b8feab1ece875f710", "name": "dcoltrain"}, "definition": {"start": "Get Identity", "steps": {"End Step - Success": {"displayName": "", "type": "success"}, "Get Identity": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.trigger.identity.id"}, "description": "", "displayName": "", "nextStep": "Send Email", "type": "action", "versionNumber": 2}, "Send Email": {"actionId": "sp:send-email", "attributes": {"body": "<p>email triggered by attribute change in RL SailPoint ISC</p>\n<p>&nbsp;</p>\n<p>Identity ID for affected record is $.trigger.identity.id</p>", "context": {}, "from": "", "recipientEmailList": ["dcoltrain@radiantlogic.com"], "replyTo": "", "subject": "triggered workflow in RL ISC"}, "displayName": "", "nextStep": "End Step - Success", "type": "action", "versionNumber": 2}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "a5c91ed8e54b4d8b8feab1ece875f710", "name": "dcoltrain"}, "owner": {"type": "IDENTITY", "id": "a5c91ed8e54b4d8b8feab1ece875f710", "name": "dcoltrain"}, "trigger": {"type": "EVENT", "attributes": {"attributeToFilter": "title", "filter.$": "$.changes[?(@.attribute == \"firstname\")]", "id": "idn:identity-attributes-changed"}}}
+{"id": "6fdb1ed5-f179-477b-ab25-6d433971fd44", "name": "New Employee Update Emergency Contact info v5 multi-value form", "description": "This fires for each new employee and requests (using a form) emergency contact information.  This information is saved into the Identity Profile using an API call.   Note that this info could be saved into a database or some other system.  Also, if the person is in the Engineering Dept, then a confirmation email will not be sent.", "created": "2024-09-09T15:32:59.080786731Z", "modified": "2024-09-09T15:32:59.080786731Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Form", "steps": {"Compare Strings": {"choiceList": [{"comparator": "StringEquals", "nextStep": "HTTP Request", "variableA.$": "$.trigger.attributes.department", "variableB": "Engineering"}], "defaultStep": "Send Email", "description": "If the employee is in Engineering department, do not send a confirmation email.   This seems to annoy the engineers...", "displayName": "Is Dept = Engineering?", "type": "choice"}, "End Step - Success": {"displayName": "", "type": "success"}, "Form": {"actionId": "sp:forms", "attributes": {"deadline": "1h", "formDefinitionId": "a1a929df-3336-43a2-85f5-c57a1bcf9ab1", "inputForForm_formEmployeeName.$": "$.trigger.attributes.displayName", "notificationBody": "Hello {{$.trigger.attributes.displayName}},\n<br><br>\nPlease add your emergency contact information ASAP. Select the link below to enter your information. \n<br><br>\nThank you.\n<br>", "notificationSubject": "Please Update Your Emergency Contact Info", "recipient.$": "$.trigger.identity.id", "reminder": "1h", "reminderBody": "This is a reminder - Please add your emergency contact information ASAP."}, "description": "Request that the new employee add his/her  emergency contact information.", "displayName": "Form - Requests Emergency Info from new employee", "nextStep": "Compare Strings", "type": "action", "versionNumber": 1}, "HTTP Request": {"actionId": "sp:http", "attributes": {"authenticationType": null, "jsonRequestBody": {"Contact Name.$": "$.form.formData.contactName", "Contact Relationship.$": "$.form.formData.relationshipField", "Contact Telephone Number.$": "$.form.formData.telephoneNumber", "Employee Info.$": "$.form.formData.InputFormEmployeeInfo", "Full Info Dump.$": "$.trigger", "Insurance Policy Number.$": "$.form.formData.insurancePolicyNumber", "LifeInsuranc (yes/no).$": "$.form.formData.toggleLifeInsurance", "New Employee Email.$": "$.trigger.attributes.email", "New Employee Name.$": "$.trigger.attributes.displayName"}, "method": "get", "requestContentType": "json", "url": "<<PUT YOUR WebHook.site URL HERE>>", "urlParams": null}, "description": "Call an API and send the info to a system.", "displayName": "Update the System using HTTP Request", "nextStep": "End Step - Success", "type": "action", "versionNumber": 2}, "Send Email": {"actionId": "sp:send-email", "attributes": {"body": "This is a confirmation email with your updated contact information:\n<br><br>\nEmployee = ${newemployee}<br>\nEmail = ${email}<br><br>\n\n\nContact Name = ${contactName}<br>\nRelationship = ${contactRelationship}<br>\nContact Phone Number = ${contactTelephoneNumber}<br><br>\n\nContact Info = ${contactInfo}<br><br>\n\nThank you for providing this important information.", "context": {"contactInfo.$": "$.form.formData.InputFormEmployeeInfo", "contactName.$": "$.form.formData.contactName", "contactRelationship.$": "$.form.formData.relationshipField", "contactTelephoneNumber.$": "$.form.formData.telephoneNumber", "email.$": "$.trigger.attributes.email", "newemployee.$": "$.trigger.attributes.displayName"}, "from": "noreply@sailpoint.com", "recipientEmailList.$": "$.trigger.attributes.email", "replyTo": "noreply@sailpoint.com", "subject": "${newemployee}, Thank you for Updating your Emergency Contact Information "}, "description": "Confirmation Message", "displayName": "Send Email Confirmation to Recipient ", "nextStep": "HTTP Request", "type": "action", "versionNumber": 2}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"attributeToFilter": "uid", "description": "A new employee was just added to the system.", "id": "idn:identity-created", "operatorToFilter": "operatorUid", "operatorUid": "StringContains", "operatorValue": "StringContains"}}}
+{"id": "0ad23132-335b-48e7-adbd-aafea56b426a", "name": "Workflow Mover Access History", "description": "Workflow when an identity moves within an organization to another team, changing managers, etc.\n\nSend access history to new manager.", "created": "2024-09-09T15:32:58.883479256Z", "modified": "2024-09-09T15:32:58.883479256Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "IsJobTitleChange", "steps": {"Get Identity History": {"actionId": "sp:get-identity-history", "attributes": {"eventTypes": null, "from.$": null, "id.$": "$.trigger.identity.id"}, "description": null, "nextStep": "Send Email", "type": "action"}, "IsJobTitleChange": {"choiceList": [{"comparator": "StringEquals", "nextStep": "Get Identity History", "variableA.$": "$.changes[?(@.attribute=='jobTitle')].attribute", "variableB": "jobTitle"}], "defaultStep": "success", "type": "choice"}, "Send Email": {"actionId": "sp:send-email", "attributes": {"body": null, "recipientId.$": null}, "type": "action"}, "success": {"type": "success"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"id": "idn:identity-attributes-changed"}}}
+{"id": "7cafa32a-7b54-41b1-8e60-c5bbe1733c78", "name": "Update and Certify Access When an Identity Changes Departments", "description": "Workflow to update a user's access during a mover scenario, such as when a user changes departments or teams.", "created": "2024-09-09T15:32:58.697159627Z", "modified": "2024-09-09T15:32:58.697159627Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Wait", "steps": {"Activate Certification Campaign": {"actionId": "sp:activate-campaign", "attributes": {"id.$": "$.createCertificationCampaign.id"}, "description": "Activates the certification campaign created in the previous step.", "nextStep": "success", "type": "action", "versionNumber": 1}, "Compare Strings": {"choiceList": [{"comparator": "StringEquals", "nextStep": "Get Identity", "variableA.$": "$.trigger.changes[?(@.attribute=='department')].newValue", "variableB": "Sales"}], "defaultStep": "success", "description": "Determines whether the identity's department attribute was updated to Sales. If so, the workflow proceeds. Otherwise, the workflow ends.\n\nNOTE: This template makes an assumption in later actions/nodes about the identity's former department. You could use an additional operator with branching steps for different departments for more flexibility.", "type": "choice"}, "Create Certification Campaign": {"actionId": "sp:create-campaign", "attributes": {"description": "Department Change", "duration": "1w", "emailNotificationEnabled": true, "identityId.$": "$.trigger.identity.id", "name.$": "$.trigger.identity.name", "reviewerId.$": "$.getIdentity.manager.id"}, "description": "Creates a certification campaign so that the identity's new manager can review their access, to ensure they have the access they need and don't have access they don't need.", "nextStep": "Activate Certification Campaign", "type": "action", "versionNumber": 1}, "Get Access": {"actionId": "sp:access:get", "attributes": {"accessprofiles": false, "entitlements": false, "getAccessBy": "searchQuery", "query": "name: \"Product Role\"", "roles": true}, "description": "Gets all roles with \"Product Role\" in their name.\n\nIn this example, the identity needs to retain this access despite their department move. If the access gets removed because they no longer meet the role criteria, it must be put back by this workflow. This step retrieves the access for the Manage Access step to add.", "nextStep": "Manage Access", "type": "action", "versionNumber": 1}, "Get Identity": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.trigger.identity.id"}, "description": "Retrieves available details about the identity.", "nextStep": "Get Access", "type": "action", "versionNumber": 1}, "Get Identity 1": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.getIdentity.manager.id"}, "description": "This node is used to gather information about the user's manager to populate their email.", "nextStep": "Send Email", "type": "action", "versionNumber": 1}, "Manage Access": {"actionId": "sp:access:manage", "attributes": {"addIdentities.$": "$.trigger.identity.id", "comments": "Automatically requested as transitory access by workflows", "removeDuration": "2w", "requestType": "GRANT_ACCESS", "requestedItems.$": "$.getAccess.accessItems"}, "description": "Adds the access from the Get Access step to the identity.", "nextStep": "Get Identity 1", "type": "action", "versionNumber": 1}, "Send Email": {"actionId": "sp:send-email", "attributes": {"body": "Attention, \n\nUser ${name} has recently changed departments and is now a member of the ${newDepartment}.", "context": {"name.$": "$.trigger.identityId", "newDepartment.$": "$.trigger.changes[?(@.attribute=='department')].newValue"}, "recipientEmailList.$": "$.getIdentity1.attributes.email", "recipientId.$": "$.getIdentity.manager.id", "subject": "Department Change"}, "description": "Sends an email to the identity's manager. Configure details about this email below.", "nextStep": "Create Certification Campaign", "type": "action", "versionNumber": 2}, "Wait": {"actionId": "sp:sleep", "attributes": {"duration": "1h", "type": "waitFor"}, "description": "Pauses to wait for all other provisioning activities to complete, such as automated role or access profile removals.", "nextStep": "Compare Strings", "type": "action", "versionNumber": 1}, "success": {"description": "Ends the workflow and marks it as a success.", "type": "success"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"filter.$": "$.changes[?(@.attribute == \"department\")]", "id": "idn:identity-attributes-changed"}}}
+{"id": "1c4fc2f5-f2a0-489f-a8cf-a319483e8bd7", "name": "Service Now ticket-Initiate Onboarding Process ", "description": "Workflow to begin the process of onboarding a new identity.", "created": "2024-09-09T15:32:58.505074994Z", "modified": "2024-09-09T15:32:58.505074994Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Manage ServiceNow Ticket", "steps": {"Comparar cadenas": {"choiceList": [{"comparator": "StringEquals", "nextStep": "Send Email 2"}], "defaultStep": "Send Email 4", "type": "choice"}, "Compare Strings": {"choiceList": [{"comparator": "StringEquals", "nextStep": "Send Email", "variableA.$": "$.httpRequest.statusCode", "variableB": "200"}], "defaultStep": "Send Email 1", "description": "Determines whether the HTTP Request step was successful.", "type": "choice"}, "Get Identity": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.trigger.attributes.manager.id"}, "description": "This node is used to gather information about the user's manager to populate their email.", "nextStep": "Compare Strings", "type": "action", "versionNumber": 2}, "Manage ServiceNow Ticket": {"actionId": "sp:snow", "attributes": {"action": "create"}, "nextStep": "Get Identity", "type": "action", "versionNumber": 1}, "Manage ServiceNow Ticket 1": {"actionId": "sp:snow", "attributes": {"action": "get"}, "nextStep": "Comparar cadenas", "type": "action", "versionNumber": 1}, "Send Email": {"actionId": "sp:send-email", "attributes": {"body": "Dear ${manager},<br><p>An ITSM request has been submitted for a new employee named <b style=\"\">${employee}</b> Here are the details of the request:<br>${body}</p><br><p>Thank you,<br> Your Access Team</p>", "context": {"body.$": "$.httpRequest", "employee.$": "$.trigger.identity.name", "manager.$": "$.getIdentity.attributes.firstname"}, "recipientEmailList.$": "$.getIdentity.attributes.email", "replyTo": null, "subject": "New Employee"}, "description": "Sends an email to the new-hire's manager informing them of the service desk ticket creation.", "nextStep": "Wait", "type": "action", "versionNumber": 2}, "Send Email 1": {"actionId": "sp:send-email", "attributes": {"body": "The creation of the service desk ticket for physical assets failed. Please create this ticket manually and verify all other onboarding tasks for the following new identity:\n\nAttributes:\n- Email: ${email}\n- Name: ${displayName}", "context": {"email.$": "$.trigger.attributes.email", "name.$": "$.trigger.attributes.displayName"}, "recipientEmailList.$": "$.getIdentity.attributes.email", "replyTo.$": "", "subject": "Service Desk Ticket Creation Failed"}, "description": "Notifies the new identity's manager that the HTTP request failed.", "nextStep": "failure 1", "type": "action", "versionNumber": 2}, "Send Email 2": {"actionId": "sp:send-email", "attributes": {"context": {}}, "nextStep": "success", "type": "action", "versionNumber": 2}, "Send Email 4": {"actionId": "sp:send-email", "attributes": {"context": {}}, "nextStep": "failure 2", "type": "action", "versionNumber": 2}, "Wait": {"actionId": "sp:sleep", "attributes": {"duration": "2d", "type": "waitFor"}, "nextStep": "Manage ServiceNow Ticket 1", "type": "action", "versionNumber": 1}, "failure 1": {"description": "Ends the workflow in a failure state.", "failureDetails": "The automated joiner workflow failed to create a service desk ticket for physical assets.", "failureName": "Failed service desk ticket", "type": "failure"}, "failure 2": {"description": "Ends the workflow in a failure state.", "failureDetails": "The automated joiner workflow failed to create a service desk ticket for physical assets.", "failureName": "Failed service desk ticket", "type": "failure"}, "success": {"description": "Ends the workflow after all access has been requested and the certification has been activated.", "type": "success"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"filter.$": "$[?($.attributes.department == \"sales\")]", "id": "idn:identity-created"}}}
+{"id": "e3fcd4f8-a119-420b-9ed9-7e1f4d1abbe2", "name": "Service Now- ticket generation Example", "description": "Creates a ticket on every access request", "created": "2024-09-09T15:32:58.314958308Z", "modified": "2024-09-09T15:32:58.314958308Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Manage ServiceNow Ticket", "steps": {"Manage ServiceNow Ticket": {"actionId": "sp:snow", "attributes": {"action": "create"}, "nextStep": "Wait", "type": "action", "versionNumber": 1}, "Manage ServiceNow Ticket 1": {"actionId": "sp:snow", "attributes": {"action": "update", "stateUpdate": "6"}, "nextStep": "failure", "type": "action", "versionNumber": 1}, "Wait": {"actionId": "sp:sleep", "attributes": {"duration": "20m", "type": "waitFor"}, "nextStep": "Manage ServiceNow Ticket 1", "type": "action", "versionNumber": 1}, "failure": {"type": "failure"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"id": "idn:access-request-post-approval"}}}
+{"id": "879e5652-ba09-4c4f-84a2-817e927d8c89", "name": "Service Now Sign Off Ticket", "description": "", "created": "2024-09-09T15:32:58.104037397Z", "modified": "2024-09-09T15:32:58.104037397Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Manage ServiceNow Ticket", "steps": {"Manage ServiceNow Ticket": {"actionId": "sp:snow", "attributes": {"action": "create"}, "nextStep": "Wait", "type": "action", "versionNumber": 1}, "Manage ServiceNow Ticket 1": {"actionId": "sp:snow", "attributes": {"action": "update", "stateUpdate": "7"}, "type": "action", "versionNumber": 1}, "Wait": {"actionId": "sp:sleep", "attributes": {"duration": "10m", "type": "waitFor"}, "nextStep": "Manage ServiceNow Ticket 1", "type": "action", "versionNumber": 1}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"id": "idn:certification-signed-off"}}}
+{"id": "0f653143-eb86-4f56-9c64-c57e9f4ec19e", "name": "Separation of Duties 2023 Workflow", "description": "This workflow creates a certification campaign each time identities are found in violation. This will ensure access is always reviewed and any inappropriate items are revoked.", "created": "2024-09-09T15:32:57.905829825Z", "modified": "2024-09-09T15:32:57.905829825Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Get List of Identities", "steps": {"Activate Certification Campaign": {"actionId": "sp:activate-campaign", "attributes": {"id.$": "$.getListOfIdentities.identities"}, "nextStep": "Send Slack Message", "type": "action", "versionNumber": 1}, "Compare Strings": {"choiceList": [{"comparator": "StringMatches", "nextStep": "Activate Certification Campaign", "variableA.$": "$.getListOfIdentities.identities", "variableB.$": "$.getListOfIdentities.identities"}], "defaultStep": "success", "type": "choice"}, "Get List of Identities": {"actionId": "sp:get-identities", "attributes": {"inputQuery": null, "inputSavedSearch": "ade6188f-1743-4913-b43a-e5e8e82c7a04", "searchBy": "savedSearch"}, "description": null, "nextStep": "Compare Strings", "type": "action", "versionNumber": 2}, "Send Slack Message": {"actionId": "sp:send-slack-message", "attributes": {"id": "2c91808978ff6f2201790b33559f1d5a"}, "nextStep": "success", "type": "action", "versionNumber": 1}, "success": {"type": "success"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "SCHEDULED", "attributes": {"cronString": "0 2 * * *", "dailyTimes": ["02:00"], "frequency": "daily", "timeZone": "America/New_York"}}}
+{"id": "3a71f51d-b8d3-455b-b6d6-f7c08f73d270", "name": "Remove Access When an Identity Becomes Inactive", "description": "Workflow to disable the accounts of identities that move into an \"inactive\" lifecycle state.", "created": "2024-09-09T15:32:57.336980032Z", "modified": "2024-09-09T15:32:57.336980032Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Compare Strings", "steps": {"Compare Strings": {"choiceList": [{"comparator": "StringEquals", "nextStep": "Get Identity", "variableA.$": "$.trigger.changes[?(@.attribute == \"cloudLifecycleState\")].newValue", "variableB": "Inactive"}], "defaultStep": "success", "description": "Verifies that the change in cloudLifecycleState is to \"Inactive\".", "type": "choice"}, "Get Accounts": {"actionId": "sp:get-accounts", "attributes": {"getAccountsBy": "specificIdentity", "identity.$": "$.trigger.identity.id"}, "description": "Retrieves the identity's current list of accounts.", "nextStep": "Manage Accounts", "type": "action", "versionNumber": 1}, "Get Identity": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.trigger.identity.id"}, "description": "Retrieves available details about the identity.", "nextStep": "Get Identity 1", "type": "action", "versionNumber": 2}, "Get Identity 1": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.getIdentity.managerRef.id"}, "description": "This node is used to gather information about the user's manager to populate their email in the recipient field.", "nextStep": "Send Email 1", "type": "action", "versionNumber": 2}, "HTTP Request": {"actionId": "sp:http", "attributes": {}, "description": "Initiates a service desk ticket to ensure that physical assets are returned to the organization. This step submits the ticket to your service desk tool and returns the status of that request.\n\nEdit the details of this step to match your ITSM tool and environment.", "nextStep": "Get Accounts", "type": "action", "versionNumber": 2}, "Manage Accounts": {"actionId": "sp:manage-account", "attributes": {"accountIds.$": "$.getAccounts.accounts", "operation": "disable"}, "description": "Disables all accounts returned by the Get Accounts step.", "nextStep": "success 1", "type": "action", "versionNumber": 1}, "Send Email 1": {"actionId": "sp:send-email", "attributes": {"body": "Dear ${manager}<br><p>This email is to notify you that employee <b style=\"\">${displayName}</b> is no longer active.</p><br>Thank you,<br>Your Access Team", "context": {"displayName.$": "$.getIdentity.attributes.displayName", "manager.$": "$.getIdentity1.attributes.firstname"}, "recipientEmailList.$": "$.getIdentity1.attributes.email", "subject": "Employee Leaving"}, "description": "Notifies the users manager that the user is now inactive. This step can also be configured to notify security admins using a distribution list.", "nextStep": "HTTP Request", "type": "action", "versionNumber": 2}, "success": {"description": "Terminates the workflow when the comparison operator indicates the user was changed to any lifecycle state other than \"Inactive.\"", "type": "success"}, "success 1": {"description": "Finishes the workflow in a Success state. Some organizations may want to add a step to create a certification campaign prior to ending the workflow.", "type": "success"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"filter.$": "$.changes[?(@.attribute == \"cloudLifecycleState\")]", "id": "idn:identity-attributes-changed"}}}
+{"id": "569a4c9f-d75c-41d7-bf3f-c400d2227415", "name": "OnBoarding New Contractor", "description": "", "created": "2024-09-09T15:32:56.747840294Z", "modified": "2024-09-09T15:32:56.747840294Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Compare Strings", "steps": {"Compare Strings": {"choiceList": [{"nextStep": "Send Email", "variableA.$": "$.trigger.attributes.userType", "variableB": "Employee"}], "type": "choice"}, "HTTP Request": {"actionId": "sp:http", "attributes": {"url": null}, "type": "action", "versionNumber": 1}, "Send Email": {"actionId": "sp:send-email", "attributes": {"recipientId": null}, "nextStep": "Send Email 1", "type": "action", "versionNumber": 1}, "Send Email 1": {"actionId": "sp:send-email", "attributes": {"body": "Hey, you have a new employee in your team!", "recipientId.$": "$.trigger.attributes.manager.id"}, "nextStep": "HTTP Request", "type": "action", "versionNumber": 1}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"id": "idn:identity-created"}}}
+{"id": "1296ebd2-41e2-4299-a465-f5192738d8e7", "name": "Initiate Onboarding Process When a New Identity is Created", "description": "Workflow to begin the process of onboarding a new identity.", "created": "2024-09-09T15:32:55.922293871Z", "modified": "2024-09-09T15:32:55.922293871Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "HTTP Request", "steps": {"Compare Strings": {"choiceList": [{"comparator": "StringEquals", "nextStep": "Send Email", "variableA.$": "$.httpRequest.statusCode", "variableB": "200"}], "defaultStep": "Send Email 1", "description": "Determines whether the HTTP Request step was successful.", "type": "choice"}, "Create Certification Campaign": {"actionId": "sp:create-campaign", "attributes": {"description": "New Hire certification - This campaign is to verify access for new hires.", "duration": "1w", "emailNotificationEnabled": true, "identityId.$": "$.trigger.identity.id", "name.$": "$.trigger.identity.name", "reviewerId.$": "$.trigger.attributes.manager.id"}, "description": "Creates a new-hire certification campaign so that the new hire's manager can review their access.", "nextStep": "success", "type": "action", "versionNumber": 1}, "Get Access": {"actionId": "sp:access:get", "attributes": {"accessprofiles": false, "entitlements": true, "getAccessBy": "searchQuery", "query": "name: \"Travel Booking\"", "roles": false}, "description": "Finds entitlements this user needs that are not currently provisioned as part of an access profile or role.\n\nThis example finds entitlements related to \"Travel Booking\". Although these entitlements are not part of an existing role or access profile, the new sales team member will need this access, so the workflow gets those entitlements for use in the Manage Access step.", "nextStep": "Manage Access", "type": "action", "versionNumber": 1}, "Get Identity": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.trigger.attributes.manager.id"}, "description": "This node is used to gather information about the user's manager to populate their email.", "nextStep": "Compare Strings", "type": "action", "versionNumber": 2}, "HTTP Request": {"actionId": "sp:http", "attributes": {"authenticationType": "OAuth"}, "nextStep": "Get Identity", "type": "action", "versionNumber": 2}, "Manage Access": {"actionId": "sp:access:manage", "attributes": {"addIdentities.$": "$.trigger.identity.id", "comments": "Automatically granted by workflows", "removeDuration": "2w", "requestType": "GRANT_ACCESS", "requestedItems.$": "$.getAccess.accessItems"}, "description": "Takes the results from the Get Access step for Travel Booking entitlements and submit it as an access request for the new identity.", "nextStep": "Create Certification Campaign", "type": "action", "versionNumber": 1}, "Send Email": {"actionId": "sp:send-email", "attributes": {"body": "Dear ${manager},<br><p>An ITSM request has been submitted for a new employee named <b style=\"\">${employee}</b> Here are the details of the request:<br>${body}</p><br><p>Thank you,<br> Your Access Team</p>", "context": {"body.$": "$.httpRequest", "employee.$": "$.trigger.identity.name", "manager.$": "$.getIdentity.attributes.firstname"}, "recipientEmailList.$": "$.getIdentity.attributes.email", "replyTo": null, "subject": "New Employee"}, "description": "Sends an email to the new-hire's manager informing them of the service desk ticket creation.", "nextStep": "Get Access", "type": "action", "versionNumber": 2}, "Send Email 1": {"actionId": "sp:send-email", "attributes": {"body": "The creation of the service desk ticket for physical assets failed. Please create this ticket manually and verify all other onboarding tasks for the following new identity:\n\nAttributes:\n- Email: ${email}\n- Name: ${displayName}", "context": {"email.$": "$.trigger.attributes.email", "name.$": "$.trigger.attributes.displayName"}, "recipientEmailList.$": "$.getIdentity.attributes.email", "replyTo.$": "", "subject": "Service Desk Ticket Creation Failed"}, "description": "Notifies the new identity's manager that the HTTP request failed.", "nextStep": "failure 1", "type": "action", "versionNumber": 2}, "failure 1": {"description": "Ends the workflow in a failure state.", "failureDetails": "The automated joiner workflow failed to create a service desk ticket for physical assets.", "failureName": "Failed service desk ticket", "type": "failure"}, "success": {"description": "Ends the workflow after all access has been requested and the certification has been activated.", "type": "success"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"filter.$": "$[?($.attributes.department == \"sales\")]", "id": "idn:identity-created"}}}
+{"id": "2533cd7a-4c53-4d7c-97d0-314a0c9582d8", "name": "Workflow Mover Campaign", "description": "Workflow when an identity moves within an organization to another team, changing managers, etc.", "created": "2024-09-09T15:32:55.163458041Z", "modified": "2024-09-09T15:32:55.163458041Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "IsJobTitleChange", "steps": {"ActivateCampaign": {"actionId": "sp:activate-campaign", "attributes": {"id.$": "$.id"}, "description": "Activates a campaign.", "nextStep": "EndState", "type": "action", "versionNumber": 1}, "CreateCampaign": {"actionId": "sp:create-campaign", "attributes": {"description": "This is a test campaign generated by a workflow", "duration": "24h", "emailNotificationEnabled": true, "identityId.$": "$.identity.id", "name": "Workflow Generated Campaign", "recommendationsEnabled": true}, "description": "Creates a campaign.", "nextStep": "IsCampaignGeneratedComplete", "type": "action", "versionNumber": 1}, "EndState": {"description": "This is the final state.", "type": "success"}, "IsCampaignGeneratedComplete": {"choiceList": [{"comparator": "StringEquals", "nextStep": "EndState", "variableA.$": "$.status", "variableB": "COMPLETED"}], "defaultStep": "ActivateCampaign", "description": "Checks to see if the status of the campaign is COMPLETED or STAGED. STAGED will go to activate campaign before ending.", "type": "choice"}, "IsJobTitleChange": {"choiceList": [{"comparator": "StringEquals", "nextStep": "CreateCampaign", "variableA.$": "$.changes[?(@.attribute=='jobTitle')].attribute", "variableB": "jobTitle"}], "defaultStep": "Send Email", "type": "choice"}, "Send Email": {"actionId": "sp:send-email", "attributes": {"body": "The workflow Failed", "recipientId": "2c91808978ff6f2201790b33559f1d5a", "subject": "Failure"}, "description": "Send email", "nextStep": "EndState", "type": "action", "versionNumber": 1}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"id": "idn:identity-attributes-changed"}}}
+{"id": "c629255e-93ee-4f52-801d-aa020c8890f1", "name": "Workflow Mover Campaign Test", "description": "Workflow when identities move between teams - create certification", "created": "2024-09-09T15:32:54.95461501Z", "modified": "2024-09-09T15:32:54.95461501Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Compare Strings", "steps": {"Activate Certification Campaign": {"actionId": "sp:activate-campaign", "attributes": {"id.$": "$.createCertificationCampaign.id"}, "description": "Activate the Campaign", "nextStep": "success", "type": "action"}, "Compare Strings": {"choiceList": [{"comparator": "StringEquals", "nextStep": "success", "variableA.$": "$.trigger.changes[?(@.attribute == 'jobTitle')].oldValue", "variableB.$": "$.trigger.changes[?(@.attribute == 'jobTitle')].newValue"}], "defaultStep": "Create Certification Campaign", "type": "choice"}, "Create Certification Campaign": {"actionId": "sp:create-campaign", "attributes": {"description": "Workflows-Generated Campaign for job title changes", "duration": "24h", "identityId.$": "$.trigger.identity.id", "name": "Workflows-Generated Campaign"}, "description": "This will create the campaign", "nextStep": "Activate Certification Campaign", "type": "action"}, "success": {"type": "success"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"id": "idn:identity-attributes-changed"}}}
+{"id": "f9d24f0e-cc25-49af-a704-4d3287351c74", "name": "Movement", "description": "", "created": "2024-09-09T15:32:54.49261567Z", "modified": "2024-09-09T15:32:54.49261567Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Get Accounts", "steps": {"Get Accounts": {"actionId": "sp:get-accounts", "attributes": {}, "nextStep": "Manage Access", "type": "action", "versionNumber": 1}, "Manage Access": {"actionId": "sp:access:manage", "attributes": {"requestType": "REVOKE_ACCESS"}, "nextStep": "Manage ServiceNow Ticket", "type": "action", "versionNumber": 1}, "Manage ServiceNow Ticket": {"actionId": "sp:snow", "attributes": {}, "type": "action", "versionNumber": 1}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EXTERNAL", "attributes": {}}}
+{"id": "9e3b2d6f-5577-488c-8aa2-5bda909a6e6c", "name": "Leaver Workflow", "description": "Workflow to disable the accounts of identities that move into an \"inactive\" lifecycle state.", "created": "2024-09-09T15:32:53.791670279Z", "modified": "2024-09-09T15:32:53.791670279Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Compare Strings", "steps": {"Compare Strings": {"choiceList": [{"comparator": "StringEquals", "nextStep": "Get Identity", "variableA.$": "$.trigger.changes[?(@.attribute == \"cloudLifecycleState\")].newValue", "variableB": "Inactive"}], "defaultStep": "success", "description": "Verifies that the change in cloudLifecycleState is to \"Inactive\".", "type": "choice"}, "Get Accounts": {"actionId": "sp:get-accounts", "attributes": {"getAccountsBy": "specificIdentity", "identity.$": "$.trigger.identity.id"}, "description": "Retrieves the identity's current list of accounts.", "nextStep": "Manage Accounts", "type": "action", "versionNumber": 1}, "Get Identity": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.trigger.identity.id"}, "description": "Retrieves available details about the identity.", "nextStep": "Get Identity 1", "type": "action", "versionNumber": 2}, "Get Identity 1": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.getIdentity.managerRef.id"}, "description": "This node is used to gather information about the user's manager to populate their email in the recipient field.", "nextStep": "Send Email 1", "type": "action", "versionNumber": 2}, "HTTP Request": {"actionId": "sp:http", "attributes": {}, "description": "Initiates a service desk ticket to ensure that physical assets are returned to the organization. This step submits the ticket to your service desk tool and returns the status of that request.\n\nEdit the details of this step to match your ITSM tool and environment.", "nextStep": "Get Accounts", "type": "action", "versionNumber": 2}, "Manage Accounts": {"actionId": "sp:manage-account", "attributes": {"accountIds.$": "$.getAccounts.accounts", "operation": "disable"}, "description": "Disables all accounts returned by the Get Accounts step.", "nextStep": "success 1", "type": "action", "versionNumber": 1}, "Send Email 1": {"actionId": "sp:send-email", "attributes": {"body": "Dear ${manager}<br><p>This email is to notify you that employee <b style=\"\">${displayName}</b> is no longer active.</p><br>Thank you,<br>Your Access Team", "context": {"displayName.$": "$.getIdentity.attributes.displayName", "manager.$": "$.getIdentity1.attributes.firstname"}, "recipientEmailList.$": "$.getIdentity1.attributes.email", "subject": "Employee Leaving"}, "description": "Notifies the users manager that the user is now inactive. This step can also be configured to notify security admins using a distribution list.", "nextStep": "HTTP Request", "type": "action", "versionNumber": 2}, "success": {"description": "Terminates the workflow when the comparison operator indicates the user was changed to any lifecycle state other than \"Inactive.\"", "type": "success"}, "success 1": {"description": "Finishes the workflow in a Success state. Some organizations may want to add a step to create a certification campaign prior to ending the workflow.", "type": "success"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"filter.$": "$.changes[?(@.attribute == \"cloudLifecycleState\")]", "id": "idn:identity-attributes-changed"}}}
+{"id": "2124d6dd-7fc1-42ec-8451-918f456814e1", "name": "Incomplete Campaign Escalation", "description": "", "created": "2024-09-09T15:32:53.490741235Z", "modified": "2024-09-09T15:32:53.490741235Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Compare Strings", "steps": {"Compare Strings": {"choiceList": [{"comparator": "StringEquals", "nextStep": "Create Certification Campaign", "variableA.$": "$.trigger.campaign.status", "variableB": "INCOMPLETE"}], "defaultStep": "failure", "type": "choice"}, "Create Certification Campaign": {"actionId": "sp:create-campaign", "attributes": {"activateUponCreation": true, "description": "Automatically triggered campaign due to uncertified items", "duration": "1w", "emailNotificationEnabled": true, "name": "Escalation for Incomplete Campaign", "recommendationsEnabled": true, "reviewerCertificationType": "IDENTITY", "reviewerId.$": "$.trigger.campaign.campaignOwner.id.manager", "reviewerIdentitiesToCertify.$": "$.trigger.campaign.id", "type": "REVIEWER_IDENTITY", "undecidedAccess": true}, "description": null, "nextStep": "success", "type": "action", "versionNumber": 2}, "failure": {"failureName": "Failure", "type": "failure"}, "success": {"type": "success"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"id": "idn:campaign-ended"}}}
+{"id": "9fcb441b-52f6-40f8-9b1f-342acf94068e", "name": "Disable Outliers", "description": "A nine-step workflow triggered when an outlier is detected with a score above 0.9. When the score is this high, all accounts for the identity are disabled and an email notification is sent to their manager to review access and investigate the exceptions.", "created": "2024-09-09T15:32:52.53344359Z", "modified": "2024-09-09T15:32:52.53344359Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Compare Numbers", "steps": {"Compare Numbers": {"choiceList": [{"comparator": "NumericGreaterThanEquals", "nextStep": "Get Identity", "variableA.$": "$.trigger.score", "variableB": 0.9}], "defaultStep": "success", "description": "The workflow triggers at or above 0.9. This comparator checks the value to ensure it is at or above 0.9.", "type": "choice"}, "Get Access": {"actionId": "sp:access:get", "attributes": {"accessprofiles": true, "entitlements": true, "getAccessBy": "specificIdentity", "identityToReturn.$": "$.trigger.identity.id", "roles": true}, "description": "This action returns all access associated with the outlier identity.", "nextStep": "Get Identity 1", "type": "action", "versionNumber": 1}, "Get Accounts": {"actionId": "sp:get-accounts", "attributes": {"getAccountsBy": "specificIdentity", "identity.$": "$.trigger.identity.id"}, "description": "This action is used to gather all the accounts associated with the identity. In this workflow, the accounts will be disabled until a review can be conducted.", "nextStep": "Send Email", "type": "action", "versionNumber": 1}, "Get Identity": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.trigger.identity.id"}, "description": "This action returns attributes associated with the identity that triggered the outlier score.", "nextStep": "Get Access", "type": "action", "versionNumber": 2}, "Get Identity 1": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.getIdentity.managerRef.id"}, "description": "This action returns the outlier identity's manager's name and attributes.", "nextStep": "Get Accounts", "type": "action", "versionNumber": 2}, "Manage Accounts": {"actionId": "sp:manage-account", "attributes": {"accountIds.$": "$.getAccounts.accounts", "operation": "disable"}, "description": "This action disables all account found in the prior action \"Get Accounts\".", "nextStep": "success 1", "type": "action", "versionNumber": 1}, "Send Email": {"actionId": "sp:send-email", "attributes": {"body": "Dear ${manager},<br><p> The SailPoint AI Engine has detected a user that has outlier access resulting in excessive risk. This identity, <b style=\"\"><u style=\"\">${user}</b> </u>, is your direct report and has an outlier score of <b style=\"\"><font color=\"#993300\">${score}</b></font>.<br><br>Please note that <font color=\"#993300\"><b style=\"\"><i style=\"\">all accounts</font></b></i> for <b style=\"\">${user}</b> have been disabled until a full forensic audit can be completed. A complete listing of all access can be found below.<br></p><br>Thank you,<br>Your Security & Compliance Team.<br><p><b style=\"\"><i style=\"\">Access:<br>${access}</b></i></p>", "context": {"access.$": "$.getAccess.accessItems", "manager.$": "$.getIdentity1.attributes.displayName", "score.$": "$.trigger.score", "user.$": "$.getIdentity.attributes.displayName"}, "recipientEmailList.$": "$.getIdentity1.attributes.email", "subject": "Outlier - Excessive Risk notification"}, "description": "This action sends an email notification to the outlier identity's manager. The email informs the manager that the identity had an outlier score that was deemed \"Excessive Risk\" and action has been taken to disable all accounts until a full security review can be completed.", "nextStep": "Manage Accounts", "type": "action", "versionNumber": 2}, "success": {"description": "The outlier score was not at or above 0.9. No further action is required.", "type": "success"}, "success 1": {"description": "This workflow has completed successfully.", "type": "success"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"filter.$": "$[?(@.score >= 0.9)]", "id": "iai:outlier-detected"}}}
+{"id": "0a3fe427-61ef-4aca-b962-cab42d1876ab", "name": "Disable Accounts for Detected Outlier Identities (0.9+)a", "description": "A nine-step workflow to trigger when a detected outlier score is at or above 0.9. When the score is this high, all accounts for the identity are disabled and an email notification is sent to their manager to review access and investigate the exceptions.", "created": "2024-09-09T15:32:51.816659986Z", "modified": "2024-09-09T15:32:51.816659986Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Compare Numbers", "steps": {"Compare Numbers": {"choiceList": [{"comparator": "NumericGreaterThanEquals", "nextStep": "Get Identity", "variableA.$": "$.trigger.score", "variableB": 0.9}], "defaultStep": "success", "description": "The workflow triggers at or above 0.9. This comparator checks the value to ensure it is at or above 0.9.", "type": "choice"}, "Get Access": {"actionId": "sp:access:get", "attributes": {"accessprofiles": true, "entitlements": true, "getAccessBy": "specificIdentity", "identityToReturn.$": "$.trigger.identity.id", "roles": true}, "description": "This action returns all access associated with the outlier identity.", "nextStep": "Get Identity 1", "type": "action", "versionNumber": 1}, "Get Accounts": {"actionId": "sp:get-accounts", "attributes": {"getAccountsBy": "specificIdentity", "identity.$": "$.trigger.identity.id"}, "description": "This action is used to gather all the accounts associated with the identity. In this workflow, the accounts will be disabled until a review can be conducted.", "nextStep": "Send Email", "type": "action", "versionNumber": 1}, "Get Identity": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.trigger.identity.id"}, "description": "This action returns attributes associated with the identity that triggered the outlier score.", "nextStep": "Get Access", "type": "action", "versionNumber": 2}, "Get Identity 1": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.getIdentity.managerRef.id"}, "description": "This action returns the outlier identity's manager's name and attributes.", "nextStep": "Get Accounts", "type": "action", "versionNumber": 2}, "Manage Accounts": {"actionId": "sp:manage-account", "attributes": {"accountIds.$": "$.getAccounts.accounts", "operation": "disable"}, "description": "This action disables all account found in the prior action \"Get Accounts\".", "nextStep": "success 1", "type": "action", "versionNumber": 1}, "Send Email": {"actionId": "sp:send-email", "attributes": {"body": "Dear ${manager},<br><p> The SailPoint AI Engine has detected a user that has outlier access resulting in excessive risk. This identity, <b style=\"\"><u style=\"\">${user}</b> </u>, is your direct report and has an outlier score of <b style=\"\"><font color=\"#993300\">${score}</b></font>.<br><br>Please note that <font color=\"#993300\"><b style=\"\"><i style=\"\">all accounts</font></b></i> for <b style=\"\">${user}</b> have been disabled until a full forensic audit can be completed. A complete listing of all access can be found below.<br></p><br>Thank you,<br>Your Security & Compliance Team.<br><p><b style=\"\"><i style=\"\">Access:<br>${access}</b></i></p>", "context": {"access.$": "$.getAccess.accessItems", "manager.$": "$.getIdentity1.attributes.displayName", "score.$": "$.trigger.score", "user.$": "$.getIdentity.attributes.displayName"}, "recipientEmailList.$": "$.getIdentity1.attributes.email", "subject": "Outlier - Excessive Risk notification"}, "description": "This action sends an email notification to the outlier identity's manager. The email informs the manager that the identity had an outlier score that was deemed \"Excessive Risk\" and action has been taken to disable all accounts until a full security review can be completed.", "nextStep": "Manage Accounts", "type": "action", "versionNumber": 2}, "success": {"description": "The outlier score was not at or above 0.9. No further action is required.", "type": "success"}, "success 1": {"description": "This workflow has completed successfully.", "type": "success"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"filter.$": "$[?(@.score >= 0.9)]", "id": "iai:outlier-detected"}}}
+{"id": "320fb2fa-6343-4a5d-8e18-9ef97331d9ba", "name": "Template: Create and Activate a Certification Campaign", "description": "Create and activate a certification campaign for every identity that has changed departments.", "created": "2024-09-09T15:32:51.162553615Z", "modified": "2024-09-09T15:32:51.162553615Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Compare Strings", "steps": {"Compare Strings": {"choiceList": [{"comparator": "StringMatches", "nextStep": "Create Certification Campaign", "variableA.$": "$.trigger.changes[?(@.attribute == \"department\")].attribute", "variableB": "department"}], "defaultStep": "success", "description": "Only create the campaign for identities who change departments.  This doesn't look for a specific department.", "type": "choice"}, "Create Certification Campaign": {"actionId": "sp:create-campaign", "attributes": {"duration": "2w", "identityId.$": "$.trigger.identity.id", "name.$": "$.trigger.identity.name"}, "description": "Create an identity certification campaign any identity that changed departments.  Name it after the identity so we know who is being certified.", "nextStep": "Get Identity", "type": "action", "versionNumber": 1}, "Get Identity": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.trigger.identity.id"}, "description": "Get the identity's attributes so we can look up their manager.", "nextStep": "Get Identity 2", "type": "action", "versionNumber": 2}, "Get Identity 2": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.getIdentity.managerRef.id"}, "description": "This node is used to gather information about the user's manager to populate their email.", "nextStep": "Send Email 1", "type": "action", "versionNumber": 2}, "Send Email 1": {"actionId": "sp:send-email", "attributes": {"body": "Dear ${recipName}, <br><p>This notification is to inform you that <b style=\"\">${displayName}</b> has recently changed departments. </p> <br><p>A Certification campaign named <b style=\"\">${campaignName} </b>has been generated for your review. </p> <br><p> Thank you <br>Security & Compliance</p>", "context": {"campaignName.$": "$.createCertificationCampaign.attributes.name", "displayName.$": "$.getIdentity.attributes.displayName", "recipName.$": "$.getIdentity2.attributes.displayName"}, "recipientEmailList.$": "$.getIdentity2.attributes.email", "replyTo": null, "subject": "Direct Report department change"}, "description": "Send an email to the identity's manager so they know there is a certification campaign pending for their employee that they need to complete.", "nextStep": "success 1", "type": "action", "versionNumber": 2}, "success": {"description": "Don't do anything else, since the identity didn't change departments.", "type": "success"}, "success 1": {"type": "success"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"filter.$": "$.changes[?(@.attribute == \"department\")]", "id": "idn:identity-attributes-changed"}}}
+{"id": "8c2900a9-19d6-4c2d-8a47-2c78b8b6373a", "name": "Template: Create and Activate a Certification Campaign time bound", "description": "Create and activate a certification campaign for every identity that has changed departments.", "created": "2024-09-09T15:32:50.538299618Z", "modified": "2024-09-09T15:32:50.538299618Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Compare Strings", "steps": {"Activate Certification Campaign": {"actionId": "sp:activate-campaign", "attributes": {"id.$": "$.createCertificationCampaign.id"}, "description": "Activate the campaign we created.", "nextStep": "Get Identity", "type": "action", "versionNumber": 1}, "Compare Strings": {"choiceList": [{"comparator": "StringMatches", "nextStep": "Create Certification Campaign", "variableA.$": "$.trigger.changes[?(@.attribute == \"department\")].attribute", "variableB": "department"}], "defaultStep": "success", "description": "Only create the campaign for identities who change departments.  This doesn't look for a specific department.", "type": "choice"}, "Create Certification Campaign": {"actionId": "sp:create-campaign", "attributes": {"duration": "2w", "identityId.$": "$.trigger.identity.id", "name.$": "$.trigger.identity.name"}, "description": "Create an identity certification campaign any identity that changed departments.  Name it after the identity so we know who is being certified.", "nextStep": "Activate Certification Campaign", "type": "action", "versionNumber": 1}, "Get Identity": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.trigger.identity.id"}, "description": "Get the identity's attributes so we can look up their manager.", "nextStep": "Get Identity 1", "type": "action", "versionNumber": 1}, "Get Identity 1": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.getIdentity.manager.id"}, "description": "This node is used to gather information about the user's manager to populate their email.", "nextStep": "Send Email 1", "type": "action", "versionNumber": 1}, "Send Email 1": {"actionId": "sp:send-email", "attributes": {"body.$": "$.trigger.identity.name", "context": {}, "recipientEmailList.$": "$.getIdentity1.attributes.email", "subject": "New certification campaign generated for your employee"}, "description": "Send an email to the identity's manager so they know there is a certification campaign pending for their employee that they need to complete.", "nextStep": "success 1", "type": "action", "versionNumber": 2}, "success": {"description": "Don't do anything else, since the identity didn't change departments.", "type": "success"}, "success 1": {"type": "success"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"id": "idn:identity-attributes-changed"}}}
+{"id": "73fbba11-0d85-4e69-8b77-a675a357edde", "name": "Campaign reminder v2", "description": "This campaign reminder will send a notification to outstanding reviewers every day at 6am.  This covers up to the first 10 reviewers.  This workflow can be duplicated to support as many reviewers as needed.", "created": "2024-09-09T15:32:50.133462163Z", "modified": "2024-09-09T15:32:50.133462163Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "HTTP Request", "steps": {"HTTP Request": {"actionId": "sp:http", "attributes": {"authenticationType": "OAuth", "method": "get", "oAuthClientId": "f4a69d2d1f874bce8aabf72c84644614", "oAuthClientSecret": "", "oAuthTokenUrl": "https://company1072-poc.api.identitynow-demo.com/oauth/token", "requestContentType": "json", "url": "https://company1072-poc.api.identitynow-demo.com/v3/certifications", "urlParams": "filters:phase eq \"ACTIVE\" and completed eq false"}, "description": "Get current certification reviewers for any certifications that are still active.", "nextStep": "Send Email", "type": "action", "versionNumber": 2}, "Send Email": {"actionId": "sp:send-email", "attributes": {"body": "Please log into SailPoint IdentityNow and review your pending certification decisions.", "context": {}, "from": "", "recipientEmailList.$": "$.hTTPRequest.body[1,2,3,4,5,6,7,8,9].reviewer.email", "replyTo": "no-reply@sailpoint.com", "subject": "Campaign decision reminder"}, "description": "Send Notification email to handle certification decisions that are outstanding.  Supports sending to 10 people.", "nextStep": "success", "type": "action", "versionNumber": 2}, "success": {"type": "success"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "SCHEDULED", "attributes": {"cronString": "0 * * * *", "frequency": "cronSchedule", "timeZone": "US/Eastern"}}}
+{"id": "2c0b484f-a33e-4faf-8694-2c24cd5f490c", "name": "Bills Update and certify mover scenario", "description": "Workflow to update a user's access during a mover scenario, such as when a user changes departments or teams.", "created": "2024-09-09T15:32:48.918613102Z", "modified": "2024-09-09T15:32:48.918613102Z", "modifiedBy": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "definition": {"start": "Wait", "steps": {"Compare Strings": {"choiceList": [{"comparator": "StringEquals", "nextStep": "Get Identity", "variableA.$": "$.trigger.changes[?(@.attribute=='department')].newValue", "variableB": "Sales"}], "defaultStep": "success", "description": "Determines whether the identity's department attribute was updated to Sales. If so, the workflow proceeds. Otherwise, the workflow ends.\n\nNOTE: This template makes an assumption in later actions/nodes about the identity's former department. You could use an additional operator with branching steps for different departments for more flexibility.", "type": "choice"}, "Create Certification Campaign": {"actionId": "sp:create-campaign", "attributes": {"description": "Department Change", "duration": "1w", "emailNotificationEnabled": true, "identityId.$": "$.trigger.identity.id", "name.$": "$.trigger.identity.name", "reviewerId.$": "$.getIdentity.managerRef.id"}, "description": "Creates a certification campaign so that the identity's new manager can review their access, to ensure they have the access they need and don't have access they don't need.", "nextStep": "success", "type": "action", "versionNumber": 1}, "Get Access": {"actionId": "sp:access:get", "attributes": {"accessprofiles": false, "entitlements": false, "getAccessBy": "searchQuery", "query": "name: \"Product Role\"", "roles": true}, "description": "Gets all roles with \"Product Role\" in their name.\n\nIn this example, the identity needs to retain this access despite their department move. If the access gets removed because they no longer meet the role criteria, it must be put back by this workflow. This step retrieves the access for the Manage Access step to add.", "nextStep": "Manage Access", "type": "action", "versionNumber": 1}, "Get Identity": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.trigger.identity.id"}, "description": "Retrieves available details about the identity.", "nextStep": "Get Access", "type": "action", "versionNumber": 2}, "Get Identity 1": {"actionId": "sp:get-identity", "attributes": {"id.$": "$.getIdentity.managerRef.id"}, "description": "This node is used to gather information about the user's manager to populate their email in \"Recipient\"", "nextStep": "Send Email", "type": "action", "versionNumber": 2}, "Manage Access": {"actionId": "sp:access:manage", "attributes": {"addIdentities.$": "$.trigger.identity.id", "comments": "Automatically requested as transitory access by workflows", "removeDuration": "2w", "requestType": "GRANT_ACCESS", "requestedItems.$": "$.getAccess.accessItems"}, "description": "Adds the access from the Get Access step to the identity.", "nextStep": "Get Identity 1", "type": "action", "versionNumber": 1}, "Send Email": {"actionId": "sp:send-email", "attributes": {"body": "Attention, <br><p>User <b style=\"\">${name} </b>has recently changed departments </p><br>Thank you,<br>Your Access Team", "context": {"name.$": "$.getIdentity.attributes.displayName"}, "recipientEmailList.$": "$.getIdentity1.attributes.email", "recipientId.$": "$.getIdentity.managerRef.id", "subject": "Department Change"}, "description": "Sends an email to the identity's manager. Configure details about this email below.", "nextStep": "Create Certification Campaign", "type": "action", "versionNumber": 2}, "Wait": {"actionId": "sp:sleep", "attributes": {"duration": "1h", "type": "waitFor"}, "description": "Pauses to wait for all other provisioning activities to complete, such as automated role or access profile removals.", "nextStep": "Compare Strings", "type": "action", "versionNumber": 1}, "success": {"description": "Ends the workflow and marks it as a success.", "type": "success"}}}, "enabled": false, "executionCount": 0, "failureCount": 0, "creator": {"type": "IDENTITY", "id": "95a9b731946541a5b95728d054f880ca", "name": "slpt.support"}, "owner": {"type": "IDENTITY", "id": "9ed56b09b0f548ff888d2f73783dbd3b", "name": "adam.creaney"}, "trigger": {"type": "EVENT", "attributes": {"filter.$": "$.changes[?(@.attribute == \"department\")]", "id": "idn:identity-attributes-changed"}}}

utils.py ADDED Viewed

	@@ -0,0 +1,74 @@

+import os
+import io
+import zipfile
+import json
+import datetime
+def zip_session_folder(folder_path):
+    """Create a ZIP file from a session folder"""
+    zip_buffer = io.BytesIO()
+    with zipfile.ZipFile(zip_buffer, "w", zipfile.ZIP_DEFLATED) as zf:
+        for root, dirs, files in os.walk(folder_path):
+            for file in files:
+                full_path = os.path.join(root, file)
+                arcname = os.path.relpath(full_path, folder_path)
+                zf.write(full_path, arcname)
+    zip_buffer.seek(0)
+    return zip_buffer
+def handle_path_parameters(endpoint, api_base_url, param_values):
+    """Process path parameters for any endpoint"""
+    params = extract_path_params(endpoint)
+    if not params:
+        return api_base_url.rstrip("/") + endpoint, None
+    # Validate parameters
+    missing_params = [p for p in params if p not in param_values or not param_values[p]]
+    if missing_params:
+        return None, f"Error: Missing required parameters: {', '.join(missing_params)}"
+    # Replace parameters in URL
+    full_url = api_base_url.rstrip("/") + endpoint
+    for param in params:
+        full_url = full_url.replace(f"{{{param}}}", param_values[param])
+    return full_url, None
+def extract_path_params(endpoint):
+    """Extract path parameters from an endpoint URL"""
+    params = []
+    parts = endpoint.split('/')
+    for part in parts:
+        if part.startswith('{') and part.endswith('}'):
+            param_name = part[1:-1]
+            params.append(param_name)
+    return params
+def extract_query_params(endpoint_spec):
+    """Extract query parameters from endpoint specification"""
+    query_params = []
+    parameters = endpoint_spec.get('parameters', [])
+    for param in parameters:
+        if param.get('in') == 'query':
+            name = param.get('name')
+            required = param.get('required', False)
+            description = param.get('description', 'No description')
+            query_params.append(('query', name, required, description))
+    return query_params
+def save_response_data(data, endpoint, base_save_folder):
+    """Save API response data to file"""
+    safe_endpoint_name = endpoint.strip("/").replace("/", "_") or "root"
+    timestamp = datetime.datetime.now().strftime("%Y-%m-%d_%H-%M-%S")
+    save_folder = os.path.join(base_save_folder, f"{safe_endpoint_name} ({timestamp})")
+    os.makedirs(save_folder, exist_ok=True)
+    filename = os.path.join(save_folder, "data.jsonl")
+    with open(filename, "w", encoding="utf-8") as f:
+        if isinstance(data, list):
+            for item in data:
+                f.write(json.dumps(item) + "\n")
+        elif isinstance(data, dict):
+            f.write(json.dumps(data) + "\n")
+        else:
+            f.write(str(data))

uv.lock ADDED Viewed

The diff for this file is too large to render. See raw diff