voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
500e4022e7cf2a05ff7e984bf3331afbaeed061d
PowerCLI-Example-Scripts/Modules/VMware.WorkspaceOneAccess/VMware.WorkspaceOneAccess.psm1

687 lines
25 KiB
PowerShell
Raw Blame History

Function Connect-WorkspaceOneAccess {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 02/04/2020
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Log into Workspace One Access (formally VMware Identity Manager)
.DESCRIPTION
This cmdlet creates $global:workspaceOneAccessConnection object containing valid refresh token to vIDM/Workspace One Access
.EXAMPLE
Connect-WorkspaceOneAccess -Tenant $Tenant -ClientId $ClientId -ClientSecret $ClientSecret
#>
Param (
[Parameter(Mandatory=$true)][String]$Tenant,
[Parameter(Mandatory=$true)][String]$ClientId,
[Parameter(Mandatory=$true)][String]$ClientSecret,
[Switch]$Troubleshoot
)
$text = "${ClientId}:${ClientSecret}"
$base64 = [Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($text))
$headers = @{
"Authorization"="Basic $base64";
"Content-Type"="application/x-www-form-urlencoded";
}
$oauthUrl = "https://${Tenant}/SAAS/auth/oauthtoken?grant_type=client_credentials"
$method = "POST"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$oauthUrl`n"
}
$results = Invoke-WebRequest -Uri $oauthUrl -Method $method -Headers $headers
if($results.StatusCode -ne 200) {
Write-Host -ForegroundColor Red "Failed to retrieve Access Token, please ensure your ClientId and Client Secret is valid"
break
}
$accessToken = ($results.Content | ConvertFrom-Json).access_token
$authHeader = @{
"Authorization"="Bearer $accessToken";
}
$global:workspaceOneAccessConnection = new-object PSObject -Property @{
'Server' = "https://$Tenant"
'headers' = $authHeader
}
$global:workspaceOneAccessConnection
}
Function Get-WSDirectory {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 02/04/2020
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Retrieves all Directories within Workspace One Access
.DESCRIPTION
This cmdlet retrieves all Directories within Workspace One Access
.EXAMPLE
Get-WSDirectory
.EXAMPLE
Get-WSDirectory -Name <DIRECTORY>
#>
Param (
[Parameter(Mandatory=$false)][String]$Name,
[Switch]$Troubleshoot
)
$directoryHeaders = @{
"Accept"="application/vnd.vmware.horizon.manager.connector.management.directory.list+json";
"Content-Type"="application/vnd.vmware.horizon.manager.connector.management.directory.list+json";
"Authorization"=$global:workspaceOneAccessConnection.headers.Authorization;
}
$directoryUrl = $global:workspaceOneAccessConnection.Server + "/SAAS/jersey/manager/api/connectormanagement/directoryconfigs?includeJitDirectories=true"
$method = "GET"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$directoryUrl`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$results = Invoke-Webrequest -Uri $directoryUrl -Method $method -UseBasicParsing -Headers $directoryHeaders -SkipCertificateCheck
} else {
$results = Invoke-Webrequest -Uri $directoryUrl -Method $method -UseBasicParsing -Headers $directoryHeaders
}
} catch {
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
Write-Host -ForegroundColor Red "`nThe Workspace One session is no longer valid, please re-run the Connect-WorkspaceOne cmdlet to retrieve a new token`n"
break
} else {
Write-Error "Error in retrieving Directory"
Write-Error "`n($_.Exception.Message)`n"
break
}
}
if($results.StatusCode -eq 200) {
$directories = ([System.Text.Encoding]::ASCII.GetString($results.Content) | ConvertFrom-Json).items
if ($PSBoundParameters.ContainsKey("Name")){
$directories = $directories | where {$_.name -eq $Name}
}
$directories
}
}
Function Remove-WSDirectory {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 02/04/2020
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Deletes a specific Workspace One Access Directory
.DESCRIPTION
This cmdlet deletes a specific directory within Workspace One Access
.EXAMPLE
Remove-WSDirectory -Name <DIRECTORY>
#>
Param (
[Parameter(Mandatory=$false)][String]$Name,
[Switch]$Troubleshoot
)
$directory = Get-WSDirectory -Name $Name
if($directory) {
$directoryHeaders = @{
"Authorization"=$global:workspaceOneAccessConnection.headers.Authorization;
}
$directoryUrl = $global:workspaceOneAccessConnection.Server + "/SAAS/jersey/manager/api/connectormanagement/directoryconfigs/$($directory.directoryId)?asyncDelete=true"
$method = "DELETE"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$directoryUrl`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$results = Invoke-Webrequest -Uri $directoryUrl -Method $method -UseBasicParsing -Headers $directoryHeaders -SkipCertificateCheck
} else {
$results = Invoke-Webrequest -Uri $directoryUrl -Method $method -UseBasicParsing -Headers $directoryHeaders
}
} catch {
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
Write-Host -ForegroundColor Red "`nThe Workspace One session is no longer valid, please re-run the Connect-WorkspaceOne cmdlet to retrieve a new token`n"
break
} else {
Write-Error "Error in deleting new Directory"
Write-Error "`n($_.Exception.Message)`n"
break
}
}
if($results.StatusCode -eq 200) {
Write-Host "`nSuccessfully deleted Directory $Name ..."
}
} else {
Write-Host "`nUnable to find Directory $Name"
}
}
Function New-WSJitDirectory {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 02/04/2020
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Creates a Just-in-Time (Jit) Directory in Workspace One Access
.DESCRIPTION
This cmdlet creates a Just-in-Time (Jit) Directory in Workspace One Access
.EXAMPLE
New-WSJitDirectory -Name <DIRECTORY>
#>
Param (
[Parameter(Mandatory=$false)][String]$Name,
[Parameter(Mandatory=$false)][String]$Domain,
[Switch]$Troubleshoot
)
$directoryHeaders = @{
"Accept"="application/vnd.vmware.horizon.manager.connector.management.directory.jit+json";
"Content-Type"="application/vnd.vmware.horizon.manager.connector.management.directory.jit+json"
"Authorization"=$global:workspaceOneAccessConnection.headers.Authorization;
}
$directoryUrl = $global:workspaceOneAccessConnection.Server + "/SAAS/jersey/manager/api/connectormanagement/directoryconfigs"
$method = "POST"
$json = @{
name = $Name
domains = @($Domain)
}
$body = $json | ConvertTo-Json
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$directoryUrl`n"
Write-Host -ForegroundColor cyan "[DEBUG]`n$body`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$results = Invoke-Webrequest -Uri $directoryUrl -Method $method -UseBasicParsing -Headers $directoryHeaders -Body $body -SkipCertificateCheck
} else {
$results = Invoke-Webrequest -Uri $directoryUrl -Method $method -UseBasicParsing -Headers $directoryHeaders -Body $body
}
} catch {
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
Write-Host -ForegroundColor Red "`nThe Workspace One session is no longer valid, please re-run the Connect-WorkspaceOne cmdlet to retrieve a new token`n"
break
} else {
Write-Error "Error in creating new Jit Directory"
Write-Error "`n($_.Exception.Message)`n"
break
}
}
if($results.StatusCode -eq 201) {
Write-Host "`nSuccessfully created Jit Directory $Name ..."
([System.Text.Encoding]::ASCII.GetString($results.Content) | ConvertFrom-Json)
}
}
Function Get-WSOrgNetwork {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 02/04/2020
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Retreives all Org Networks within Workspace One Access
.DESCRIPTION
This cmdlet retreives all Org Networks within Workspace One Access
.EXAMPLE
Get-WSOrgNetwork
.EXAMPLE
Get-WSOrgNetwork -Name <NETWORK>
#>
Param (
[Parameter(Mandatory=$false)][String]$Name,
[Switch]$Troubleshoot
)
$listOrgNetworkHeaders = @{
"Accept"="application/vnd.vmware.horizon.manager.orgnetwork.list+json";
"Content-Type"="application/vnd.vmware.horizon.manager.orgnetwork.list+json"
"Authorization"=$global:workspaceOneAccessConnection.headers.Authorization;
}
$orgNetworkUrl = $global:workspaceOneAccessConnection.Server + "/SAAS/jersey/manager/api/orgnetworks"
$method = "GET"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$orgNetworkUrl`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$results = Invoke-Webrequest -Uri $orgNetworkUrl -Method $method -UseBasicParsing -Headers $listOrgNetworkHeaders -SkipCertificateCheck
} else {
$results = Invoke-Webrequest -Uri $orgNetworkUrl -Method $method -UseBasicParsing -Headers $listOrgNetworkHeaders
}
} catch {
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
Write-Host -ForegroundColor Red "`nThe Workspace One session is no longer valid, please re-run the Connect-WorkspaceOne cmdlet to retrieve a new token`n"
break
} else {
Write-Error "Error in creating new Directory"
Write-Error "`n($_.Exception.Message)`n"
break
}
}
if($results.StatusCode -eq 200) {
$networks = ([System.Text.Encoding]::ASCII.GetString($results.Content) | ConvertFrom-Json).items
if ($PSBoundParameters.ContainsKey("Name")){
$networks = $networks | where {$_.name -eq $Name}
}
$networks
}
}
Function Get-WSIdentityProvider {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 02/04/2020
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Retreives all Identity Providers within Workspace One Access
.DESCRIPTION
This cmdlet retreives all Identity Providers within Workspace One Access
.EXAMPLE
Get-WSIdentityProvider
.EXAMPLE
Get-WSIdentityProvider -Name <PROVIDER>
#>
Param (
[Parameter(Mandatory=$false)][String]$Name,
[Switch]$Troubleshoot
)
$listOrgNetworkHeaders = @{
"Accept"="application/vnd.vmware.horizon.manager.identityprovider.summary.list+json";
"Content-Type"="application/vnd.vmware.horizon.manager.identityprovider.summary.list+json"
"Authorization"=$global:workspaceOneAccessConnection.headers.Authorization;
}
$providerUrl = $global:workspaceOneAccessConnection.Server + "/SAAS/jersey/manager/api/identityProviders?onlyEnabledAdapters=true"
$method = "GET"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$providerUrl`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$results = Invoke-Webrequest -Uri $providerUrl -Method $method -UseBasicParsing -Headers $listOrgNetworkHeaders -SkipCertificateCheck
} else {
$results = Invoke-Webrequest -Uri $providerUrl -Method $method -UseBasicParsing -Headers $listOrgNetworkHeaders
}
} catch {
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
Write-Host -ForegroundColor Red "`nThe Workspace One session is no longer valid, please re-run the Connect-WorkspaceOne cmdlet to retrieve a new token`n"
break
} else {
Write-Error "Error in retrieving Directory"
Write-Error "`n($_.Exception.Message)`n"
break
}
}
if($results.StatusCode -eq 200) {
$providers = ([System.Text.Encoding]::ASCII.GetString($results.Content) | ConvertFrom-Json).items
if ($PSBoundParameters.ContainsKey("Name")){
$providers = $providers | where {$_.name -eq $Name}
}
$providers
}
}
Function New-WS3rdPartyIdentityProvider {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 02/04/2020
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Creates a new 3rd Party Identity Providers within Workspace One Access
.DESCRIPTION
This cmdlet creates a new 3rd party Identity Provider within Workspace One Access
.EXAMPLE
New-WS3rdPartyIdentityProvider
.EXAMPLE
New-WS3rdPartyIdentityProvider -Name "AWS Directory Service" -DirectoryName "VMware" -NetworkName "ALL RANGES" -MetadataFile FederationMetadata.xml
#>
Param (
[Parameter(Mandatory=$true)][String]$Name,
[Parameter(Mandatory=$true)][String]$DirectoryName,
[Parameter(Mandatory=$true)][String]$NetworkName,
[Parameter(Mandatory=$true)][String]$MetadataFile,
[Switch]$Troubleshoot
)
$idpDirectory = Get-WSDirectory -Name $DirectoryName
$network = Get-WSOrgNetwork -Name $NetworkName
$metadataXML = Get-Content -Raw $MetadataFile
$idpBody = [pscustomobject] @{
"authMethods" = @(
@{
"authMethodId" = 1;
"authScore" = 1;
"defaultMethod" = $false;
"authMethodOrder" = 0;
"authMethodName" = "adfsPassword";
"samlAuthnContext" = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport";
}
);
"identityProviderType" = "MANUAL";
"nameIdFormatType" = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
"identityFromSamlAttribute" = $false;
"friendlyName" = $Name;
"metaData" = "$metadataXML";
"preferredBinding" = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
"jitEnabled" = "true";
"saml2IdPSLOConfiguration" = @{
"sendSLORequest" = $true;
}
"directoryConfigurations" = @(
[pscustomobject] @{
"type" = $idpDirectory.type;
"name" = $idpDirectory.name;
"directoryId" = $idpDirectory.directoryId;
"userstoreId" = $idpDirectory.userstoreId;
"countDomains" = $idpDirectory.countDomains;
"deleteInProgress" = $false;
"migratedToEnterpriseService" = $false;
"syncConfigurationEnabled" = $false;
}
);
"nameIdFormatAttributeMappings" = [pscustomobject] @{
"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" = "emails";
"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" = "id";
"urn:oasis:names:tc:SAML:2.0:nameid-format:transient" = "userName";
};
"orgNetworks" = @(
[pscustomobject] @{
"name" = $network.name;
"ipAddressRanges" = $network.ipAddressRanges;
"uuid" = $network.uuid;
"description" = $network.description;
"defaultNetwork" = $network.defaultNetwork;
}
);
"description" = "";
"nIDPStatus" = 1;
"idpUrl" = $null;
"name" = $Name;
}
$idpHeaders = @{
"Accept"="application/vnd.vmware.horizon.manager.external.identityprovider+json";
"Content-Type"="application/vnd.vmware.horizon.manager.external.identityprovider+json";
"Authorization"=$global:workspaceOneAccessConnection.headers.Authorization;
}
$body = $idpBody | ConvertTo-Json -Depth 10
$identityProviderUrl = $global:workspaceOneAccessConnection.Server + "/SAAS/jersey/manager/api/identityProviders"
$method = "POST"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$directoryUrl`n"
Write-Host -ForegroundColor cyan "[DEBUG]`n$body`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$results = Invoke-Webrequest -Uri $identityProviderUrl -Method $method -UseBasicParsing -Headers $idpHeaders -Body $body -SkipCertificateCheck
} else {
$results = Invoke-Webrequest -Uri $identityProviderUrl -Method $method -UseBasicParsing -Headers $idpHeaders -Body $body
}
} catch {
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
Write-Host -ForegroundColor Red "`nThe Workspace One session is no longer valid, please re-run the Connect-WorkspaceOne cmdlet to retrieve a new token`n"
break
} else {
Write-Error "Error in creating new Identity Provider"
Write-Error "`n($_.Exception.Message)`n"
break
}
}
if($results.StatusCode -eq 201) {
Write-Host "`nSuccessfully created new Identity Provider $Name ..."
([System.Text.Encoding]::ASCII.GetString($results.Content) | ConvertFrom-Json) | Select Name, Id
}
}
Function Remove-WS3rdPartyIdentityProvider {
<#
.NOTES
===========================================================================
Created by: William Lam
Date: 02/04/2020
Organization: VMware
Blog: http://www.virtuallyghetto.com
Twitter: @lamw
===========================================================================
.SYNOPSIS
Deletes a specific 3rd Party Identity Provider within Workspace One Access
.DESCRIPTION
This cmdlet deletes a specific 3rd Party Identity Provider within Workspace One Access
.EXAMPLE
Remove-WS3rdPartyIdentityProvider -Name <IDP>
#>
Param (
[Parameter(Mandatory=$true)][String]$Name,
[Switch]$Troubleshoot
)
$idp = Get-WSIdentityProvider -Name $Name
if($idp) {
$identityProviderHeaders = @{
"Authorization"=$global:workspaceOneAccessConnection.headers.Authorization;
}
$identityProviderURL = $global:workspaceOneAccessConnection.Server + "/SAAS/jersey/manager/api/identityProviders/$($idp.id)"
$method = "DELETE"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$identityProviderURL`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$results = Invoke-Webrequest -Uri $identityProviderURL -Method $method -UseBasicParsing -Headers $identityProviderHeaders -SkipCertificateCheck
} else {
$results = Invoke-Webrequest -Uri $identityProviderURL -Method $method -UseBasicParsing -Headers $identityProviderHeaders
}
} catch {
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
Write-Host -ForegroundColor Red "`nThe Workspace One session is no longer valid, please re-run the Connect-WorkspaceOne cmdlet to retrieve a new token`n"
break
} else {
Write-Error "Error in deleting Identity Provider"
Write-Error "`n($_.Exception.Message)`n"
break
}
}
if($results.StatusCode -eq 200) {
Write-Host "`nSuccessfully deleted Identity Provider $Name ..."
}
} else {
Write-Host "`nUnable to find Identity Provider $Name"
}
}
Function Get-UEMConfig {
<#
.NOTES
===========================================================================
Created by: Alan Renouf
Date: 04/15/2020
Organization: VMware
Blog: http://virtu-al.net
Twitter: @alanrenouf
===========================================================================
.SYNOPSIS
Retrieves UEM Configuration from Workspace One Access
.DESCRIPTION
This cmdlet retrieves the UEM Configuration from Workspace One Access
.EXAMPLE
Get-UEMConfig
.EXAMPLE
Get-UEMConfig
#>
Param (
[Switch]$Troubleshoot
)
$directoryHeaders = @{
"Authorization"=$global:workspaceOneAccessConnection.headers.Authorization;
}
$directoryUrl = $global:workspaceOneAccessConnection.Server + "/SAAS/jersey/manager/api/tenants/tenant/airwatchoptin/config"
$method = "GET"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$directoryUrl`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$results = Invoke-Webrequest -Uri $directoryUrl -Method $method -UseBasicParsing -Headers $directoryHeaders -SkipCertificateCheck
} else {
$results = Invoke-Webrequest -Uri $directoryUrl -Method $method -UseBasicParsing -Headers $directoryHeaders
}
} catch {
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
Write-Host -ForegroundColor Red "`nThe Workspace One session is no longer valid, please re-run the Connect-WorkspaceOne cmdlet to retrieve a new token`n"
break
} else {
Write-Error "Error in retrieving UEM Configuration"
Write-Error "`n($_.Exception.Message)`n"
break
}
}
if($results.StatusCode -eq 200) {
$config = ([System.Text.Encoding]::ASCII.GetString($results.Content) | ConvertFrom-Json)
$config
}
}
Function Remove-UEMConfig {
<#
.NOTES
===========================================================================
Created by: Alan Renouf
Date: 04/15/2020
Organization: VMware
Blog: http://virtu-al.net
Twitter: @alanrenouf
===========================================================================
.SYNOPSIS
Removes the UEM Configuration from Workspace One Access
.DESCRIPTION
This cmdlet removes the UEM Configuration from Workspace One Access, there can only be one configuration.
.EXAMPLE
Remove-UEMConfig
.EXAMPLE
Remove-UEMConfig
#>
Param (
[Switch]$Troubleshoot
)
$directoryHeaders = @{
"Authorization"=$global:workspaceOneAccessConnection.headers.Authorization;
}
$directoryUrl = $global:workspaceOneAccessConnection.Server + "/SAAS/jersey/manager/api/tenants/tenant/airwatchoptin/config"
$method = "DELETE"
if($Troubleshoot) {
Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$directoryUrl`n"
}
try {
if($PSVersionTable.PSEdition -eq "Core") {
$results = Invoke-Webrequest -Uri $directoryUrl -Method $method -UseBasicParsing -Headers $directoryHeaders -SkipCertificateCheck
} else {
$results = Invoke-Webrequest -Uri $directoryUrl -Method $method -UseBasicParsing -Headers $directoryHeaders
}
} catch {
if($_.Exception.Response.StatusCode -eq "Unauthorized") {
Write-Host -ForegroundColor Red "`nThe Workspace One session is no longer valid, please re-run the Connect-WorkspaceOne cmdlet to retrieve a new token`n"
break
} else {
Write-Error "Error in deleting UEM Configuration"
Write-Error "`n($_.Exception.Message)`n"
break
}
}
if($results.StatusCode -eq 200) {
Write-Host "`nSuccessfully deleted UEM Configuration"
}
}
Reference in New Issue View Git Blame Copy Permalink