Check out the free virtual workshops on how to take your SaaS app to the next level in the enterprise-ready identity journey!

Introducing Okta's Official PowerShell Module

avatar-edunham.jpg E. Dunham
1 MIN READ
Introducing Okta's Official PowerShell Module

The Okta Workforce Identity Developer Podcast returns with an exploration of our latest new developer tool, the Okta PowerShell Module!

Watch on the OktaDev YouTube channel

You can find the source of the Okta PowerShell Module, and documentation in the README, on GitHub.

Below is the example code discussed in the podcast episode.

Example: Interactively create Okta groups and group rules with PowerShell

Install PowerShell module via PSGallery

Install-Module -Name Okta.PowerShell

Set up the OAuth 2.0 configuration

Set up an app integration following this guide to get the Client ID. Then configure PowerShell:

$Configuration = Get-OktaConfiguration
$Configuration.BaseUrl = $env:OKTA_PS_ORG_URL
$Configuration.ClientId = $env:OKTA_PS_CLIENT_ID
$Configuration.Scope = "okta.groups.manage okta.apps.manage okta.users.manage"

Get an access token

Running this command in PowerShell opens a browser so you can follow your organization’s usual login flow. Logging into Okta in your browser provides a token to the PowerShell session that opened the browser.

Invoke-OktaEstablishAccessToken

Create an Okta group using PowerShell

$GroupProfile = [PSCustomObject]@{
                name = "Sales Team"
                description = "All employees that belong to the Sales team"
            }
$NewGroup = Initialize-OktaGroup -VarProfile $GroupProfile

$CreatedGroup = New-OktaGroup -Group $NewGroup

echo $CreatedGroup

Group rules definition


# For example, a group rule may specify that users with the job title "Sales Representative" are automatically added to the "Sales Team" group.

# List all users which title is "Sales Representative"
Invoke-OktaListUsers -Search 'profile.title eq "Sales Representative"'

$NewGroupRule = @{
    name = "Assign users to the Sales Team"
    type = "group_rule"
    actions = @{
        assignUserToGroups = @{
            groupIds = @($CreatedGroup.Id)
        }
    }  
    conditions = @{
        expression = @{
            type = "urn:okta:expression:1.0"
            value = "user.title=='Sales Representative'"
        }
    }
}

$CreatedRule = New-OktaGroupRule -GroupRule $NewGroupRule -IncludeNullValues

Echo $CreatedRule

Invoke-OktaActivateGroupRule -RuleId $CreatedRule.Id    

Get-OktaGroupRule -RuleId $CreatedRule.Id

Invoke-OktaListGroupUsers -GroupId $CreatedGroup.Id

Onboarding new employees

$UserProfile = [PSCustomObject]@{
    firstName     = 'Lionel'
    lastName = 'Messi'
    login = 'lio.messi@mailinator.com'
    email = 'lio.messi@mailinator.com'
    title = 'Sales Representative'
    }

$CreateUserRequest = Initialize-OktaCreateUserRequest -VarProfile $UserProfile

New-OktaUser -Body $CreateUserRequest

Invoke-OktaListGroupUsers -GroupId $CreatedGroup.Id

Example: script to automatically sync employee data from a file to Okta

For this scenario, we imagine a custom tool that lacks OpenID Connect (OIDC) or System for Cross-Identity Management (SCIM) compatibility has emitted a CSV of users who we’ll add to our Okta organization using a PowerShell script.

The file ~/Documents/hr-export-employees.csv contains data which looks like this:

employeeNumber, name, email, department, title
1001, John Doe, johndoe@example.com, HR, Human Resources
1002, Jane Smith, janesmith@example.com, IT, Software Engineer
1003, Alex Lee, alexlee@example.com, Sales, Sales Representative
...

The following PowerShell script creates users in Okta based on the CSV data:

$filePath = Resolve-Path ~/Documents/hr-export-employees.csv
if (Test-Path $filePath) {
    # Read the CSV file
    $tableData = Import-Csv $filePath
    # Iterate over each row
    foreach ($row in $tableData) {
        $userProfile = [PSCustomObject]@{}
        # Iterate over each property in the row
        foreach ($property in $row.PSObject.Properties) {
            Add-Member -InputObject $userProfile -MemberType NoteProperty -Name $property.Name -Value $property.Value
            if ($property.Name -eq "email") {
                Add-Member -InputObject $userProfile -MemberType NoteProperty -Name "login" -Value $property.Value
            }
            Write-Host "$($property.Name): $($property.Value)"

        }
        Write-Host  $userProfile
        $createUserRequest = Initialize-OktaCreateUserRequest -VarProfile $userProfile
        $createdUser = New-OktaUser -Body $CreateUserRequest
        Write-Host $createdUser
    }  
 }

    Write-Host "-----------------------------------------"
} else {
    Write-Host "File not found: $filePath"
}

What will you automate with Okta’s PowerShell module? Let us know in the comments below!

Follow us on Twitter and subscribe to our YouTube channel. If you have any questions or you want to share what other topics you’d like to hear about on the podcast, please comment below!

avatar-edunham.jpg E. Dunham

Okta Developer Blog Comment Policy

We welcome relevant and respectful comments. Off-topic comments may be removed.