MFA_OKTA_Reset.ps1
|
function Okta-ResetUser2FA { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string]$Username ) $OktaOrgUrl = "https://YOUR_OKTA_ORG_URL/api/v1" $Headers = @{ "Authorization" = "SSWS YOUR_API_TOKEN" "Content-Type" = "application/json" } $UserUrl = "$OktaOrgUrl/users?q=$Username" $UserIdResponse = Invoke-RestMethod -Uri $UserUrl -Headers $Headers -Method Get $User = $UserIdResponse | Where-Object { $_.profile.login -eq $Username } if (-not $User) { Write-Error "User '$Username' not found in Okta." return } $UserId = $User.id $FactorsUrl = "$OktaOrgUrl/users/$UserId/factors" $FactorsResponse = Invoke-RestMethod -Uri $FactorsUrl -Headers $Headers -Method Get $UserFactors = $FactorsResponse | Where-Object { $_.status -eq "ACTIVE" } foreach ($Factor in $UserFactors) { $FactorId = $Factor.id $FactorType = $Factor.factorType if ($FactorType -eq "question") { $ResetFactorUrl = "$OktaOrgUrl/users/$UserId/factors/$FactorId/lifecycle/reset" Invoke-RestMethod -Uri $ResetFactorUrl -Headers $Headers -Method Post Write-Host "Reset 2FA for user '$Username'." } } } |