MFA_DUO_Reset.ps1
|
function DUO-ResetUser2FA { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$Username ) $DuoApiHost = "https://YOUR_DUO_API_HOST" $IntegrationKey = "YOUR_IKEY" $SecretKey = "YOUR_SKEY" $Timestamp = [math]::Round((Get-Date -UFormat %s) * 1000) $Method = "POST" $Endpoint = "/admin/v1/users" $Signature = [System.Web.HttpUtility]::UrlEncode($Endpoint) + "`n" + $Timestamp + "`n" + $Method + "`n" + $IntegrationKey $Hmac = [System.Security.Cryptography.HMACSHA1]::new([Text.Encoding]::UTF8.GetBytes($SecretKey)) $SignatureBytes = $Hmac.ComputeHash([Text.Encoding]::UTF8.GetBytes($Signature)) $SignatureBase64 = [Convert]::ToBase64String($SignatureBytes) $Headers = @{ "Authorization" = "Basic $($IntegrationKey):$($SignatureBase64)" "Content-Type" = "application/x-www-form-urlencoded" } $RequestBody = @{ username = $Username } try { $Response = Invoke-RestMethod -Uri "$DuoApiHost$Endpoint" -Headers $Headers -Method $Method -Body $RequestBody Write-Host "Reset 2FA for user '$Username'." } catch { Write-Error "Error resetting 2FA for user '$Username': $($_.Exception.Message)" } } |