Export active Okta users to CSV file

okta-export.sh

#!/bin/bash

# Add your Okta API key and domain here:
OKTA_API_KEY=xxxxxxxxxxxxxxx
OKTA_DOMAIN=mydomain.okta.com
OUTPUT_FILE=okta-users.csv

# Write CSV headers
echo '"userType","department","firstName","lastName","nickName","displayName","email","title","division","postalAddress","streetAddress","city","state","zipCode","primaryPhone","secondEmail","mobilePhone"' \
> $OUTPUT_FILE

# Fetch all active Okta users, convert from JSON to CSV, sort
curl -s -S -X GET -H "Accept: application/json" \
  -H "Content-Type: application/json" \
  -H "Authorization: SSWS ${OKTA_API_KEY}" \
  --data-urlencode "filter=status eq \"ACTIVE\"" \
  "https://${OKTA_DOMAIN}/api/v1/users" \
| jq -r '.[].profile|[.userType, .department, .firstName, .lastName, .nickName, .displayName, .email, .title, .division, .postalAddress, .streetAddress, .city, .state, .zipCode, .primaryPhone, .secondEmail, .mobilePhone]|@csv' \
| sort \
>> $OUTPUT_FILE

The only dependencies are curl and jq: https://stedolan.github.io/jq.

Hi @dismantl

This is great! Thanks for sharing. Will it paginate? And observe rate limits?

Keep in mind my PowerShell module can also work on Mac and Linux. Open source ftw.

Here's a version that paginates.

Running curl with the -i or --include option includes the response headers.

#!/usr/bin/env bash

# Set these:
url='https://COMPANY.okta.com/api/v1/users'
token='...'

# Pagination code based on https://michaelheap.com/follow-github-link-header-bash
while [ "$url" ]; do
    r=$(curl -i --compressed -Ss -H "authorization: SSWS $token" "$url" | tr -d '\r')
    headers=$(echo "$r" | sed '/^$/q')
    body=$(echo "$r" | sed '1,/^$/d')
    echo "$body" | jq -r '.[].profile.login'
    url=$(echo "$headers" | sed -n -E 's/link: <(.*)>; rel="next"/\1/pi')
done