When a data breach happens, we need to notify all affected users about the breach. The approach is that we can write a script to extract email addresses from Identify database to a CSV data file by using the User Migrator tool and use an emailing tool to send notifications out.
Download link for the tool: here
Guideline for the tool: here
How to export data
In this specific scenario, we will export necessary user data from an Identify instance.
- Install the UserMigrator tool.
- Open the configuration as mentioned on the above guideline.
- Reference to some sections related to Identify instance, they should be corrected as following:
- AppSettings section:
- identify:url: specify the Identify instance’s base url. In my sample, it’s https://identifyv55.safewhere.local/
- identify:refresh_token: specify the refresh token issued by Identify which is to exchange new access token to access the Identify REST API service. (http://docs.safewhere.com/identify-refreshtoken/ )
- identify:clientId: specify the client_id which is set at the connection: “Identify OAuth2 Token for REST APIs”.
- identify:clientSecret: specify the client_secret which is set at the connection: “Identify OAuth2 Token for REST APIs”.
- identify:filter_claimType and identify:filter_claimValue (optional): you can use these settings to only select users who have the specific claim value, e.g. all users that have the same company number.
Here is the example:
- UserAdministration section: you can define the claims that you want to export by using this section. The default list is:
In order to export more claims which are not in the default list, declare new AttributeDefinition items for them as well as add them to the –Retrieve section under the –AttributeCommandFilters section.
- Define a structure for your destination csv using Mapping file. The file needs to contain a list of each of the user attributes that will be handled by the tool. Since CSV files don’t always have columns, the Mapping file simply defines a column index and an attributeDefinition name. For example, I need to export Identify’s user id, display user name, Name claim, and Email claim to a CSV file. Mapping file that I need is:
- You can use command line to do exporting (refer to section: “Optional parameters for Export (Only applies when using -E)” at the guideline). In this example, the command line is:
Safewhere.UserMigrator.IdentifyAzureAD.Shell.exe -E -gc http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name -uf "C:\test\export\exportuserlist.csv" -mf "C:\test\export\IdentifyExportMapping-simple2.csv"
Which results in: