PSDuo
https://github.com/jyates2006/PSDuo
PSDuo - A Duo module for PowerShell
I have started creating a PowerShell module for Duo administration. I want to add full functionality to it, and follow the proper verb-noun format.
Current Features
Duo Global Functions
New-DuoConfig
Sets the default configuration for PSDUO with and option to save it.Add-DuoDirectoryKeys
Sets the key values and names in configuration for later use.Import-DuoConfig
Imports a previously saved Duo ConfigurationGet-DuoConfig
Gets the default configuration for PowerDuo
Duo User Functions
Sync-DuoUser
Syncs a user from Duo to from directoryGet-DuoUser
Returns a list of Duo users or an individual userNew-DuoUser
Creates a new user within Duo with Duo as the sourceSet-DuoUser
Sets fields on a Duo user account.Remove-DuoUser
This function removes a specified Duo user by UserID. It includes an optional confirmation prompt unless the Force switch is used.New-DuoUserEnrollment
This function enrolls a new Duo user by specifying the username and email. It also allows setting an expiration time for the enrollment.New-DuoUserBypassCode
This function creates new bypass codes for a specified Duo user. It allows for defining the number of codes, specific codes, number of uses, and expiration time.Get-DuoUserBypassCode
This function retrieves bypass codes associated with a Duo user based on the provided parameters. It can fetch bypass codes by Username or UserID.Get-DuoUserGroup
This function retrieves groups associated with a Duo user based on the provided parameters. It can fetch groups by Username or UserID.Add-DuoGroupMember
This function adds a user to a specified Duo group based on the provided parameters. It can add users by Username or UserID.Remove-DuoGroupMember
This function removes a user from a specified Duo group based on the provided parameters. It can remove users by Username or UserID.Get-DuoUserPhone
This function retrieves phones associated with a Duo user based on the provided parameters. It can fetch phones by Username or UserID.Add-DuoPhoneMember
This function adds a phone to a Duo user based on the provided parameters. It can add phones by Username or UserID and PhoneNumber or PhoneID.Remove-DuoPhoneMember
This function removes a phone associated with a Duo user based on the provided parameters. It can remove phones by Username or UserID and PhoneNumber or PhoneID.Get-DuoUserToken
Get all tokens associated with a user.Add-DuoTokenMember
Adds a token from a Duo user.Remove-DuoTokenMember
Disassociates a token token from a user.Get-DuoUserWebAuthN
Returns all WebAuthN keys assocaited with an individual userGet-DuoUserDesktop
Returns all desktops associated with an individual userSend-DuoPush
Can send a Dup Push Verification to a specific user and returns the PushID for use with Get-DuoVerificationResponseGet-DuoVerificationResponse
Returns the user's response to the verifictaion request.
Duo Group Functions
Get-DuoGroup
This function retrieves details of Duo groups based on the provided parameters. It can fetch groups by Name or GroupID.Get-DuoGroupMember
This function retrieves members of a specified Duo group. It can fetch group members by Group Name or Group ID.New-DuoGroup
This function creates a new group in Duo with the specified name, description, and status.Update-DuoGroup
This function updates the details of a specified Duo group. It allows modifying the group's name, description, and status.Remove-DuoGroup
This function removes a specified group from Duo by GroupID.
Duo Phone Functions
Get-DuoPhone
This function retrieves phone details from Duo based on the provided parameters. It can fetch phones by Name, PhoneID, Number, or Extension.New-DuoPhone
This function creates a new phone entry in Duo with the specified details. It allows setting the phone's name, number, extension, type, platform, and delay settings.Set-DuoPhone
This function updates the details of a specified Duo phone. It allows modifying the phone's name, number, extension, type, platform, and delay settings.Remove-DuoPhone
This function removes a specified phone from Duo by PhoneID.New-DuoMobileActivationCode
This function generates a new mobile activation code for a specified Duo phone. It allows setting an expiration time and optionally sends the activation code via SMS.
Duo Device Functions
Get-DuoDestktop
This function sends a GET request to the Duo Admin API to retrieve details of desktop authenticators. It supports retrieving a specific desktop authenticator by DesktopKey or all desktop authenticators with pagination.Remove-DuoDestktop
This function sends a DELETE request to the Duo Admin API to remove a desktop authenticator specified by its DesktopKey.Get-DuoEndpoint
This function sends a GET request to the Duo Admin API to retrieve details of endpoints. It supports retrieving a specific endpoint by EndpointKey or all endpoints with pagination.Get-DuoRegisteredDevices
This function sends a GET request to the Duo Admin API to retrieve registered devices. It supports retrieving a specific device by DeviceID or all devices with pagination.Remove-DuoRegisteredDevice
This function sends a DELETE request to the Duo Admin API to remove a registered device specified by its DeviceID.
Duo Token Functions
Get-DuoToken
This function retrieves information about Duo tokens based on the provided parameters. It can fetch tokens by TokenID or by Serial and Type.New-DuoToken
This function creates a new Duo token using the specified parameters.Sync-DuoToken
This function sends a POST request to the Duo Admin API to synchronize a token specified by its TokenID or Serial and Type. It requires three codes generated by the token for synchronization.Remove-DuoToken
This function sends a DELETE request to the Duo Admin API to remove a token specified by its TokenID or Serial and Type.Get-DuoWebAuthnCredential
This function sends a GET request to the Duo Admin API to retrieve details of WebAuthn credentials. It supports retrieving a specific WebAuthn credential by WebAuthnKey or all WebAuthn credentials with pagination.Remove-DuoWebAuthnCredential
This function sends a DELETE request to the Duo Admin API to remove a WebAuthn credential specified by its WebAuthnKey.
Duo Integration Functions
Get-DuoIntegration
Return all Duo integrated application or an individual applicationSet-DuoIntegration
Set settings for existing Duo integrations
Duo Administrator Functions
Get-DuoAdminUnit
This function sends a GET request to the Duo Admin API to retrieve details of administrative units. It supports filtering by AdminUnitID, AdminID, GroupID, or IntegrationKey.New-DuoAdminUnit
This function sends a POST request to the Duo Admin API to create a new administrative unit. It allows you to specify various parameters such as name, description, and restrictions by groups or integrations.Set-DuoAdminUnit
This function sends a POST request to the Duo Admin API to set or update an administrative unit. It allows you to specify various parameters such as name, description, and restrictions by groups or integrations.Add-DuoAdminUnitMember
This function sends a POST request to the Duo Admin API to add a member to an administrative unit. The member can be specified by AdminID, GroupID, or IntegrationKey.Remove-DuoAdminUnitMember
This function sends a DELETE request to the Duo Admin API to remove a member from an administrative unit. The member can be specified by AdminID, GroupID, or IntegrationKey.Remove-DuoAdminUnit
This function sends a DELETE request to the Duo Admin API to remove an administrative unit specified by its ID.Get-DuoTrustMonitor
This function sends a GET request to the Duo Admin API to retrieve trust monitor events within the specified Unix time range. It supports pagination to handle the API's limit of 200 events per request.Get-DuoSetting
This function sends a GET request to the Duo Admin API to retrieve the current settings.Set-DuoSetting
This function sends a POST request to the Duo Admin API to set various settings such as Caller ID, Mobile OTP type, email notifications, and more.Get-DuoLogo
This function sends a GET request to the Duo Admin API to retrieve the current logo used in the branding settings.Remove-DuoLogo
This function sends a DELETE request to the Duo Admin API to remove the logo from the branding settings.Get-DuoBranding
This function sends a GET request to the Duo Admin API to retrieve the current branding settings. You can specify whether to retrieve the settings for the live or draft environment.Set-DuoBranding
This function allows you to set various branding options for Duo, such as background images, colors, logos, and custom labels. You can specify whether the settings are for live or draft environments.Add-DuoDraftMember
This function sends a POST request to the Duo Admin API to add a user to the draft members list based on the provided UserID.Remove-DuoDraftMember
This function sends a GET request to the Duo Admin API to retrieve the current custom messaging settings.Get-DuoCustomMessaging
This script allows you to get custom messaging for Duo using the Admin API. You can specify help links, help text, and locale.Set-DuoCustomMessaging
This script allows you to set custom messaging for Duo using the Admin API. You can specify help links, help text, and locale.Get-DuoAccount
Return organization's Duo account informationGet-DuoReport
Return Duo reports
PSDuo Examples
To install
Install-Module -Name PowerDuo
Start by creating a config
New-DUOConfig -IntergrationKey SDFJASKLDFJASLKDJ -SecretKey ASDKLFJSMNVCIWJRFKSDMSMVNFNSKLF -apiHost api-###XXX###.duosecurity.com
Optionally save the config for use with the same user later on
New-DUOConfig -IntergrationKey SDFJASKLDFJASLKDJ -SecretKey ASDKLFJSMNVCIWJRFKSDMSMVNFNSKLF -apiHost api-###XXX###.duosecurity.com -SaveConfig -Path C:\Duo\DuoConfig.clixml
You can load a saved config. Useful for automation scripting.
Import-DuoConfig -Path C:\Duo\DuoConfig.clixml
The Duo API doesn't support pulling the Directories and their names, so I have added the option to add it to the config for later use.
Add-DuoDirectoryKeys -KeyName DuoDirectory -KeyValue 7908DDFD890