Last active
April 10, 2021 07:10
-
-
Save obsti8383/a5086aac833a14b49b69b7e6afc32811 to your computer and use it in GitHub Desktop.
Okta REST API Script to get a CSV that show the MFA factors that are assigned to all users (requires powershell core 7.0)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Requires -Version 7.0 | |
| $ErrorActionPreference = "Stop" | |
| ########## helper functions ###### | |
| function iterateActiveUsers($users){ | |
| foreach($user in $users){ | |
| $userId = $user.id # 00u4rruv8mIU5CvRz4234 | |
| if(!$userId){ | |
| # something is wrong. exit. | |
| Write-Host "No field 'id' found - exiting." | |
| exit | |
| } | |
| $userLogin = $user.profile.login | |
| $factorUri = "https://$oktaTenant/api/v1/users/"+ [string]$userId + "/factors" | |
| $factorUri | |
| $response = Invoke-RestMethod -Uri $factorUri -Method Get -Headers $headers | |
| #$response | |
| if($response){ | |
| foreach( $factor in $response){ | |
| $factorType = $factor.factorType | |
| $provider = $factor.provider | |
| $status = $factor.status | |
| #"loginname;factorType;provider;status" >>$logfileName | |
| Write-Output "${userLogin};$factorType;$provider;$status" | |
| "${userLogin};$factorType;$provider;$status" >>$logfileName | |
| } | |
| } | |
| else{ | |
| Write-Output "${userLogin};none;;" | |
| "${userLogin};none;;" >>$logfileName | |
| } | |
| } | |
| } | |
| # get parameters | |
| $oktaTenant = read-host -Prompt "Please enter okta tenant URI" | |
| $apitoken = read-host -AsSecureString "Please enter API Authorization Token" | |
| $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($apitoken) | |
| $apitoken = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR) | |
| # prepare http headers | |
| $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" | |
| $headers.Add("Authorization", "SSWS $apitoken") | |
| $headers.Add("Content-Type", "application/json") | |
| # init log output to file | |
| $dateString = Get-Date -UFormat "%Y-%m-%d_%R" | ForEach-Object { $_ -replace ":", "_" } | |
| $logfileName = "list_users_factors_$dateString.csv" | |
| "loginname;factorType;provider;status" >>$logfileName | |
| $url="https://$oktaTenant/api/v1/users" | |
| $users = (Invoke-RestMethod $url -FollowRelLink -Headers $headers | ForEach-Object { $_ }) | |
| #$users | ConvertTo-Csv -Delimiter ";" | Out-File -FilePath results.csv -Encoding utf8 | |
| "Nr. of results: "+$users.Count | |
| iterateActiveUsers($users) | |
| return | |
| ########### | |
| #$url = "https://$oktaTenant/api/v1/users?filter=status%20eq%20%22DEPROVISIONED%22" | |
| #$users = (Invoke-RestMethod $url -FollowRelLink -Headers $headers | ForEach-Object { $_ }) | |
| #"Nr. of results (deprov): "+$users.Count |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment