In this blog I am discussing how to create an Automation Connector for Ivanti’s Identity Director. Check out our blog post titled “Introduction to Connectors for Ivanti Identity Director” in order to get a deeper introduction. Let’s dive in.
As part of our Onboarding solution for Pre-sales Architects, I provide a subdomain to allow them to customize Identity Director demos for each customer. This makes it necessary to dynamically add and remove DNS entries. Since I am using GoDaddy, I need to use their API in order to accomplish this as I do not want to give everyone access to the GoDaddy site. This blog will walk you through the concept of creating an Automation Connector using this GoDaddy scenario as an example.
One of the hardest challenges in creating an Automation Connector is getting the right information and obtaining a test system. GoDaddy has good documentation and processes that make it easy to get access and a test system. All of the information on the API can be found here: https://developer.godaddy.com/ . After reading the documentation, you will need to get the following information: API Key, API Secret and domain name. You will also need to decide how you want to “code” your connector. In the examples below, we are using PowerShell but other coding languages, such as CURL or Bash, can be leveraged.
CREATING THE “CODE” for the connector
Since I am using PowerShell, I will use the PowerShell ISE which is part of Windows. It should look something like this:
I currently have all the values hardcoded in variables at the top. This is so that they are easy to replace in the future. You will notice I have a section for Headers, Body and then the actual “code”. You should be able to test this and verify it works before moving onto the next step.
ADDING TO AUTOMATION
The first thing you want to do is create a task in Automation. A task is an action that does one thing and nothing more. This allows other people to take tasks and combine them into larger actions without the knowledge of how that task was created. Since I am using PowerShell, I will start with the PowerShell Task (if I was using CURL or an executable, you could use the Execute Command task).
Select the “Use Windows PowerShell script from the ‘Script’ tab” and paste your script into the Script tab. The next step is to take all of the hard coded parameters that can change and make Automation Parameters. It should look like this:
And the parameter tab should look like this:
I added variables for API Key, API Secret and Domain Name so that they can be controlled globally. This isn’t necessary but helps with portability. You should also modify the individual parameter to either ask or not ask for a value during scheduling as appropriate. You will also notice that I have added defaults. This is optional as well but helps. Make sure to test out the module to make sure it works correctly.
MAKE THE CONNECTOR USEABLE IN IDENTITY DIRECTOR
In order to use Automation Connectors in Identity Director Workflows, it must be a Run Book. The reason for this is because a Run Book contains the “Who” – i.e. where should this run. Go to the Run Book tab under Library and create a new one. Add the module under the “What” and then the “Who”. I used a Team for the Who so that it can run on any of the appropriate servers that are available. It should look something like this:
Click OK and then go over to the Run Book Parameters tab and click on the AutoCreate… button and Yes to AutoLink (not needed in this example as we only have one module). Delete the API Key, API Secret and Domain Name parameters as they are being taken care of by the Variables. Test out the Run Book and validate that it works. This Run Book can now be used in Identity Director Invoke Run Book Workflow Actions.
Hopefully this illustrated how easy it is to create an Automation Connector. While I used PowerShell for this example, you could use anything that you feel comfortable with using. I decided to use GoDaddy as an example because I wanted to show how a connector can really be anything and because they have excellent documentation that is available without an account. You can find more information regarding Ivanti’s Identity Director at https://www.ivanti.com/products/identity-director
Dave Bryant is the VP of Technology at McGlaun Consulting.