Light

johnduprey / duosecurity Goto Github PK

View Code? Open in Web Editor NEW

11.0 2.0 3.0 265 KB

PowerShell module for Duo Security REST APIs

License: MIT License

PowerShell 100.00%

duosecurity's Introduction

DuoSecurity Module

This module interacts with the Duo APIs.

Instructions

Prerequisites

PowerShell 7 or later
Duo MFA license or higher

Module Installation (PowerShell Gallery)

Install-Module DuoSecurity

Supported Duo APIs

Examples

Accounts API

Import-Module DuoSecurity

# Accounts API Credentials (MSP only)
$Auth = @{
    Type           = 'Accounts'
    IntegrationKey = 'DUO_INTEGRATION_KEY'
    SecretKey      = 'DUO_SECRET_KEY'
    ApiHost        = 'api-xxxxxxxx.duosecurity.com'
}
Set-DuoApiAuth @Auth

# Retrieve list of Duo child accounts
Get-DuoAccounts

# Select account to use for Admin API queries
Select-DuoAccount -Name 'Your child account name'

# Retrieve user list
Get-DuoUsers

Admin API

Import-Module DuoSecurity

# Admin API credentials
$Auth = @{
    Type           = 'Admin'
    IntegrationKey = 'DUO_INTEGRATION_KEY'
    SecretKey      = 'DUO_SECRET_KEY'
    ApiHost        = 'api-xxxxxxxx.duosecurity.com'
}
Set-DuoApiAuth @Auth

# Retrieve user list
Get-DuoUsers

Cmdlet Help

Accounts API

Admin API

Administrative Units
Administrators
Bypass Codes
- Get-DuoBypassCodes
- Remove-DuoBypassCode
Custom Branding
Endpoints
- Get-DuoEndpoints
Groups
Info
Integrations
Logs
Phones
Settings
- Get-DuoSetting
- Update-DuoSetting
Tokens
Trust Monitor
- Get-DuoTrustMonitorEvents
Users
WebAuthn
- Get-DuoWebAuthnCredentials
- Remove-DuoWebAuthnCredential

Apps

Authentication Proxy
- Get-DuoAuthProxyLogs
Install & Upgrade
- Get-DuoInstallFileInfo
- Install-DuoAuthProxy

Auth API

Authentication

Set-DuoApiAuth

Misc

duosecurity's People

Contributors

Stargazers

Watchers

Forkers

christaylorcodes cbtodd cgegg-dude

duosecurity's Issues

Something is wrong with the Headers

Since a few days I get the

code message stat
40104 Missing request timestamp FAIL

on pretty much every function I run against the Admin API. After some digging I found out that you have to set the regional format to English (United States) for your invoke-request function to work.
Maybe you consider to update your XDuoDate Get function to also convert days and so on to English if possible.

My regional format was set to German where Wednesday is Mittwoch and therefore $XDuoDate contained Mi, 14...

Authentication Fails

I'm not able to authenticate to the Duo service. I run Set-DuoApiAuth, but no matter what I try I'm not able to get information.

What application in Duo is required? I have the Auth API and Duo API applications both setup and neither seem to work as expected. When you run the Set-DuoApiAuth the "Type" what's the difference between Accounts, Auth, and Admin. Does it matter which one you use since it appears you can run any command with any type. Does the type correspond to different applications in Duo?

Depending on the Duo app and type I get a variety of error messages either Access forbidden or Invalid identity in request credentials.

Suggested method to encrypt integration key for module?

Happen to have a suggestion on how to encrypt the integration key?

New-DuoUser Error

When attempting to get a create new user with New-DuoUser in the admin API, it seems to return an error referencing aliases. I was able to use Get-DuoUsers just fine. Specifying my own aliases for the user didn't seem to matter either.

code : 40002 message : Invalid request parameters message_detail : aliases stat : FAIL

Here is what I was running:

Set-DuoApiAuth @Auth

$username = "lukeskywalker"
$fullname = "Luke Skywalker"
$emaill = "[email protected]"
$aliases = @{alias1='goldleader'; alias2='redleader'}

New-DuoUser -Username $username -FullName $fullname -Email $email

Device Identifier

Hi.

Is it possible to add the functionality to upload Device Identifiers for Trusted EndPoints? This would be an epic addition to this script.

v2 API support

Do you have plans to finish implementing v2 API support? For example, we were able to get Get-DuoIntegrations to work by simply changing the Path and SignatureVersion

Is this something you could implement so that we don't have to modify it on our end?

Great module by the way!

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.