0 votes

My role as a developer require a form submission with Adaxes to get JIT (just in time) access to an client environment, I want to need guidance to form submission with the Adaxes PowerShell module.

Here's the screen we fill out and submit for JIT access to an environment, which simply adds my credentials to some JIT AD group for a time window.

Here's my attempt of interacting with the Adaxes PowerShell SDK module with no luck.

by (250 points)
0

Hello Spencer,

Sorry fort the confusion, but we are not sure we understand what the Web Interface form is intended for and what the desired result is. Could you, please, provide all the possible details regarding the desired workflow with live examples?

0

Here's my workflow:

  1. Log into our adaxes site using my hosting credentials while connected to our hosted VPN
  2. Select one of our hosting clients from a list which comes from this endpoint: /Adaxes/api/SelfService/activeConfiguration/actions)
  3. A modal pops up and has be select from the list of AD groups. This endpoint looks something like this /Adaxes/api/SelfService/listView/dataSources/[GUID]/items
  4. Upon choosing the AD group that I would like to temporarily added to (which I believe does a POST to this /Adaxes/api/SelfService/directoryObjects/valueReferences/resolve), another popup form has me fill out the business purpose of the request, an incident number, and confirm a little check box.
  5. Clicking the submit button runs a PATCH request with something like this /Adaxes/api/SelfService/directoryObjects?key=CN=JIT+Local+Administrator,OU=Just-In-Time+%28JIT%29+Groups,OU=Groups,OU=Hosting,DC=hosting,DC=local and body for this request looks something like this
    {
    "properties":[
       {
          "propertyName":"adm-customattributetext1",
          "propertyType":3,
          "values":[
             "Apply idea hotfix to hcut"
          ]
       },
       {
          "propertyName":"adm-customattributetext3",
          "propertyType":3,
          "values":[
             "Task-251524"
          ]
       },
       {
          "propertyName":"adm-customattributeboolean2",
          "propertyType":6,
          "values":[
             true
          ]
       },
       {
          "propertyName":"adm-customattributetext2",
          "propertyType":3,
          "values":[
             "CN=My Name,OU=Users,OU=Hosting,DC=hosting,DC=local"
          ]
       }
    ]
    }
  6. I then receive an e-mail confirming that my user has been added to the selected AD group

This is the workflow that I'm trying to automate. So I would love some insight on how I might go about this. Are there way for me to authenticate and get a token and hit some of these same endpoints? Or would that be best suited for the powershell module?

1 Answer

0 votes
by (189k points)

Hello Spencer,

Thank you for clarifying. Unfortunately, there is no such possibility except for using the Web Interface itself. As an option, you can use a PowerShell script. In the script, you will need to manually enter all the property values same as the distinguished name of the group. For examples, you can check section Sample scripts in our SDK: http://adaxes.com/sdk.

Related questions

0 votes
1 answer

I'm seeing this error when I run a user deprovision. It still executes the script but nobody likes errors! Run PowerShell Script 'DuoDeprovisionExport' For the user. The term ' ... running an export script in the first place for my Duo user info. ) Thanks.

asked Feb 19 by rainamaina (290 points)
0 votes
1 answer

Are PowerShell commands supposed to show up in the programming interface after adding the module to the Adaxes server? I've installed modules and they don't show.

asked Aug 18 by ComputerHabit (5.6k points)
0 votes
1 answer

is it possible to register new domain with Active Directory Module Cmdlets ? and is it possible to modify/configure password policies with Active Directory Module Cmdlet ? Thx.

asked Apr 22, 2013 by mmichard (3.7k points)
0 votes
1 answer

Hello, we want to setup a scheduled report with all our teams (security groups) and their respective team-leader (specified in "managedBy" of security group). I get the name of ... the team-leader. And this is my problem... Can you help me with this problem?

asked Oct 9 by lohnag (1.1k points)
0 votes
0 answers

I'm trying to set up a termination form that will kick off emails. However, the users that will be getting terminated won't have an AD object to select. I'm ... automatically delete the created contact? If not, do you have a better way of accomplishing this?

asked Jan 17 by dhuffman (470 points)
2,352 questions
2,107 answers
5,746 comments
131,052 users