Script to get Disabled users in IICS

on

 Script to get Disabled users in IICS 

In Informatica Intelligent Cloud Services (IICS), managing users effectively is a critical part of maintaining security and compliance within an organization. One of the common administrative tasks is identifying disabled users — accounts that no longer have access but still exist in your system. Doing this manually can be tedious, especially for large organizations, but with IICS’s REST API and a bit of Python scripting, you can automate this process and ensure your environment remains clean and up-to-date.

Before starting, make sure you have access to an IICS organization with admin privileges, a valid API user or service account, and Python installed with the requests library. Also, you will need your IICS base URL, for example, https://dm-us.informaticacloud.com. Once these prerequisites are in place, you can begin by authenticating to the API. Using Python, you send your IICS username and password to the login endpoint and receive a session token. This token will allow you to securely interact with other API endpoints without repeatedly entering credentials. For security purposes, it is best to store credentials in environment variables or a configuration file rather than hardcoding them into your script.

With authentication complete, you can call the Users API to retrieve a list of all users in your organization. The API will return user details in JSON format, including each user’s status, email, and role. Once you have the data, filtering for disabled users is straightforward — you can iterate through the user list and check the enabled property. Any user where this property is false is a disabled account. This simple filter allows you to quickly see who is no longer active, which is especially useful for auditing or preparing reports for compliance purposes.

To make your script robust, it is important to handle errors gracefully. Network issues, authentication failures, or API downtime can occur, so your Python code should include exception handling to manage HTTP errors and request exceptions. This ensures that the script won’t crash unexpectedly and can provide meaningful error messages to help troubleshoot any problems. For organizations with large numbers of users, consider implementing pagination to retrieve users in batches rather than all at once, which can prevent API timeouts and improve performance.

Once you have identified the disabled users, it can be useful to export this data for reporting or archival purposes. Writing the results to a CSV file allows for easy sharing with your HR or compliance teams. You can include fields like name, email, and role to create a clear and professional audit log. Scheduling this script to run weekly or integrating it into an automated workflow with tools like Airflow can further reduce manual effort and keep your environment consistently monitored.

Using the IICS REST API in this way not only streamlines administrative tasks but also adds a layer of security and accountability. By automating user audits, you ensure that inactive accounts are identified and can be handled promptly, reducing the risk of unauthorized access. Additionally, this approach allows data teams to maintain cleaner, more organized environments and provides clear, documented evidence of user management practices.

Following best practices such as not hardcoding credentials, handling errors, logging activity, and scheduling automated checks will make your solution both reliable and maintainable. For anyone working in a data engineering or cloud administration role, mastering the ability to automate tasks like this is a valuable skill that saves time and improves the integrity of your environment. By leveraging Python and IICS’s API capabilities, you can turn a repetitive administrative task into a streamlined, automated process that delivers real operational value.

 This script user Informatica Cloud APIs to get user details and pulls disabled and locked users even if SAML is integrated. You need to replace username, password, send email, receiver email and SMPT server so that it generated disabled users list for that org in the same path from where you are running the script. 


import requests
import json
import sys
import datetime
import smtplib, ssl
from email.mime.base import MIMEBase
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart

filename="userslist.txt"

username = "username"
password = "Password"

current_timestamp = datetime.datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')
with open(filename, 'w') as f:
  f.write(current_timestamp+'\n')

username = username
password = password

url = "https://dm-us.informaticacloud.com/saas/public/core/v3/login"

payload = json.dumps({
  "username": username,
  "password": password
})
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json'
}

response = requests.request("POST", url, headers=headers, data=payload)
login=json.loads(response.text)
for i in login:
    if i=='userInfo':
        #print(i, ":", login[i])
        for a in login[i]:
            if a=="sessionId":
                sid=login[i][a]
import requests

url = "https://dm-us.informaticacloud.com/saas/public/core/v3/users?limit=200"

payload = {}
headers = {
  'INFA-SESSION-ID': sid,
  'Accept': 'application/json'
}
response = requests.request("GET", url, headers=headers, data=payload)
#print(response.text)
data=response.json()
for u in data:
  if (u["state"]not in ["Enabled", "Provisioned"]):
    user=u["userName"]
    state=u["state"]
    email=u["email"]
    if u["authentication"]=="SAML":
      print(user, state)
      with open(filename, 'a') as f:
        f.write(user+" "+ state+" "+ email+"\n")
url = "https://dm-us.informaticacloud.com/saas/public/core/v3/users?limit=200&skip=200"
response = requests.request("GET", url, headers=headers, data=payload)
#print(response.text)
data=response.json()
for u in data:
  if (u["state"] not in ["Enabled", "Provisioned"]):
    user=u["userName"]
    state=u["state"]
    email = u["email"]
    if u["authentication"]=="SAML":
      print(user, state)
      with open(filename, 'a') as f:
        f.writelines(user+" "+ state+" "+ email+"\n" )
url = "https://dm-us.informaticacloud.com/saas/public/core/v3/users?limit=200&skip=400"
response = requests.request("GET", url, headers=headers, data=payload)
#print(response.text)
data=response.json()
for u in data:
  if (u["state"] not in ["Enabled", "Provisioned"]):
    user=u["userName"]
    state=u["state"]
    email = u["email"]
    if u["authentication"]=="SAML":
      print(user, state)
      with open(filename, 'a') as f:
        f.writelines(user+" "+ state+" "+ email+"\n")
url = "https://dm-us.informaticacloud.com/saas/public/core/v3/users?limit=200&skip=600"
response = requests.request("GET", url, headers=headers, data=payload)
#print(response.text)
data=response.json()
for u in data:
  if (u["state"] not in ["Enabled", "Provisioned"]):
    user=u["userName"]
    state=u["state"]
    email = u["email"]
    if u["authentication"]=="SAML":
      print(user, state)
      with open(filename, 'a') as f:
        f.writelines(user+" "+ state+" "+ email+"\n" )
url = "https://dm-us.informaticacloud.com/saas/public/core/v3/users?limit=200&skip=800"
response = requests.request("GET", url, headers=headers, data=payload)
#print(response.text)
data=response.json()
for u in data:
  if (u["state"] not in ["Enabled", "Provisioned"]):
    user=u["userName"]
    state=u["state"]
    email = u["email"]
    if u["authentication"]=="SAML":
      print(user, state )
      with open(filename, 'a') as f:
        f.writelines(user+" "+ state+" "+ email+"\n")
url = "https://dm-us.informaticacloud.com/saas/public/core/v3/users?limit=200&skip=1000"
response = requests.request("GET", url, headers=headers, data=payload)
#print(response.text)
data=response.json()
for u in data:
  if (u["state"] not in ["Enabled", "Provisioned"]):
    user=u["userName"]
    state=u["state"]
    email = u["email"]
    if u["authentication"]=="SAML":
      print(user, state)
      with open(filename, 'a') as f:
        f.writelines(user+" "+ state+" "+ email+"\n")
url = "https://dm-us.informaticacloud.com/saas/public/core/v3/users?limit=200&skip=1200"
response = requests.request("GET", url, headers=headers, data=payload)
#print(response.text)
data=response.json()
for u in data:
  if (u["state"] not in ["Enabled", "Provisioned"]):
    user=u["userName"]
    state=u["state"]
    email = u["email"]
    if u["authentication"]=="SAML":
      print(user, state)
      with open(filename, 'a') as f:
        f.writelines(user+" "+ state+" "+ email+"\n")

with open(filename, 'r') as f:
  file_content=f.read()


port = 25
smtp_server = "smtpserver.com"
sender_email = "senderemail"
receiver_email = "reciever email"
subject="locked users in Informatica"
message = MIMEMultipart()
message["From"] = sender_email
message["To"] = receiver_email
message["Subject"] = subject
body=f"{file_content}"
message.attach(MIMEText(body, "plain"))
# context = ssl.create_default_context()
with smtplib.SMTP(smtp_server, port) as server:
    server.sendmail(sender_email, receiver_email, message.as_string())

Comments

Post a Comment