Posted November 16, 2024Nov 16 Just wanted to share that I made available a Unofficial Powershell module for managing Workspace ONE Access users. It is still a work in progress, but I hope it is useful. The Current version is available in the Powershell Gallery: https://www.powershellgallery.com/packages/PSWorkspaceOneAccess/1.0.0 Or keep an eye on my GitHub for updates the coming period. A special thanks to @Akito Ogushi for helping me with the Directory Sync.
November 18, 2024Nov 18 That's awesome @Stefaan Dewulf! Thanks for sharing! Ivan de Mes EUC Architect @ Orange Business (The Netherlands ) EUC Expert | vExpert | Blogger | Public Speaker | Part of the EUC TechCon leadership team Blog: https://ivandemes.com | X: @ivandemes | Bluesky: @ivandemes.com | LinkedIn: ivandemes
November 18, 2024Nov 18 Employee Let me know if you want to explore other functions. I personally do not do Powershell but I know our APIs pretty well.
December 3, 2024Dec 3 Great to see this. I'm looking at the APIs to see how i can add a new Directory into WS1 and sync/manage users, I'm mostly coming from Ansible so might pull this powershell apart and re-work into my future modules (i'll share once its in a shareable form)
January 2Jan 2 Awesome module! @Sascha Warno @Stefaan Dewulf please tell me a way to create via API user record in directory with type "Active Diirectory". Now I have to do it through synchronization. With a large number of users it is very inconvenient. There must be some way, please guide me)!
January 3Jan 3 Author What I did was set up the connector, but rather then wait for the synchronization to happen I force it using the powershell module every time a change occurs in AD. That way you get the added benefits from the connector also: group synchronization, attribute mapping like manager and so on, but the synchronization is nearly instant.
January 3Jan 3 my AD is about 1500+ users(((( and changes occurs often(... sync (and via API too) takes very long time((( so i want to create users via API..... or by MSSQL operators (insert)..... via API i got error((
January 10Jan 10 Author Added a new command to the module: Get-WS1AuditInformation: Retrieves a detailed audit report for Workspace ONE Access events and replaces Get-WS1LoginAuditForUser, WS1LoginAuditForDateRange and Get-WS1AuditReport. It allows filtering by object type, date range and username. The object returned is no longer json but is now a PowerShell object. Updated version available on GitHub.
January 10Jan 10 Author I have never tried to update a AD directory user before. Will try and test this in a lab environment but the command Update-WS1User would need a lot of extra variables based on the user attributes that are configured for your environment.
January 11Jan 11 Hi Stefaan! Thank you for answers! I want to create AD directory user first, not only edit). Please check this: POST https://WS1_FQDN//SAAS/jersey/manager/api/scim/Users RAW BODY: { "schemas": [ "urn:scim:schemas:core:1.0", "urn:scim:schemas:extension:workspace:tenant:sva:1.0", "urn:scim:schemas:extension:workspace:1.0", "urn:scim:schemas:extension:enterprise:1.0" ], "externalId": "{{$guid}}", "userName": "[email protected]", "name": { "givenName": "test6", "familyName": "last6" }, "emails": [ { "value": "[email protected]" } ], "urn:scim:schemas:extension:workspace:1.0": { "internalUserType": "PROVISIONED", "domain": "mydomain.active.directory", "userPrincipalName": "[email protected]" } } Also please check this: https://theidentityguy.ca/2020/11/10/using-postman-to-manage-workspace-one-identities/comment-page-1/#respond thiidentityguy says that create active directory user is possible Edited January 11Jan 11 by smile2008
January 13Jan 13 Employee Where does he state that? He only shows examples for local, system and other directory. All of those behave different than Active Directory.
January 13Jan 13 Employee If you want to handle all of it programmatically, you can just create an Other Directory and do all of your user lifecycle using SCIM.
January 13Jan 13 1 hour ago, Sascha Warno said: Where does he state that? He only shows examples for local, system and other directory. All of those behave different than Active Directory. Thanks for the answer. I need the ability to create AD Directory-type users in granularity. Because synchronizing the entire directory for just one newly created user takes a lot of time and puts a heavy load on the infrastructure. Or I need the ability to specify a specific user during synchronization (via filters) via API. Maybe I need to deploy AD Directory as JIT? As far as I understand, groups (their synchronization and membership) are also supported in this mode at the moment, I saw somewhere that this is enabled via API.
January 13Jan 13 Employee The sync should not be as taxing as it is only doing delta syncs. So for all existing users it would just query if the user object changed from the last time it was synced and only for the delta it would request the user details. JIT only works if you leverage an 3rd party IDP and Other Directory.
_community.png.fc103fd33135c37173c833e0668f98ef_8b6b64.png)
_community.png.fc103fd33135c37173c833e0668f98ef_852a12.png)
Create an account or sign in to comment