This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
" class="nav-category">Career
This widget could not be displayed.
  • IT Topics
    • This widget could not be displayed.
  • Repo
    • This widget could not be displayed.
  • This widget could not be displayed.
    • ">MSPs
    This widget could not be displayed.
  • Community News
    • cancel
    Turn on suggestions
    Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
    Showing results forย 
    Search instead forย 
    Did you mean:ย 
    Disclaimer
    JUMPCLOUD EXPRESSLY DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, CONDITIONS, AND LIABILITIES OF ANY KIND ARISING FROM OR RELATED TO THIRD-PARTY SOFTWARE, SCRIPTS, REPOSITORIES, AND APIS. JUMPCLOUD IS NOT REQUIRED TO SUPPORT ANY SUCH THIRD-PARTY MATERIALS AND ALL RISKS RELATED TO THIRD-PARTY MATERIALS ARE YOUR RESPONSIBILITY. PLEASE ALSO REVIEW THE JUMPCLOUD TOS.

    New PowerShell Function: Get-JCAdmin - Audit admins in your organization(s)

    GWein
    JumpCloud Employee
    JumpCloud Employee

    โ€Ž08-13-2024 12:20 PM

    Function Overview:

    Admins need to know which of their other JumpCloud admins have MFA/TOTP enabled as well as some other auditing practices such as an admin's state, or even when the last time their API key was rotated. The new, Get-JCAdmin, function will allow admins the ability to do just that, as well as some other things. We are introducing this function simply to allow admins an easier way of auditing their environment and exporting the results quickly to a CSV or any other file type.

    Currently, there are no plans into implement creating/editing admins within the PowerShell module, for now that will have to be done inside the Console.

    Function Parameters

    • email - A search filter parameter that accepts string wildcards to filter results based on an inputted email address
    • enableMultifactor - A search filter parameter that accepts boolean to filter for Multifactor enabled/disabled (true/false)
    • totpEnrolled - A search filter parameter that accepts boolean to filter for totp enrolled/disabled (true/false)
    • roleName - A search filter parameter that accepts an enum ('Administrator With Billing', 'Administrator', 'Manager', 'Command Runner With Billing', 'Command Runner', 'Help Desk', 'Billing Only', 'Read Only') to filter for an admin's role
    • organization - A search filter parameter that accepts a string for an organization ID. This is only used for those on an MTP/MSP tenant

    Return Object

     

    apiKeyUpdatedAt   : 7/5/2023 11:17:29 PM
created           : 5/11/2022 4:12:00 PM
email             : geoffrey.wein+readonly@jumpcloud.com
enableMultiFactor : False
firstname         : Geoffrey
lastname          : Wein
organization      : organizationID
roleName          : Read Only
suspended         : False
totpEnrolled      : False
totpUpdatedAt     :

     

    Use Examples:

    General Use

    Example 1: Find all admins in your organization

     

    Get-JCAdmin

     

    If you are in an MTP/MSP tenant, this will return all admins across all of your organizations

    Example 2: Find admins by email address in your organization

     

    Get-JCAdmin -email 'john.doe@example.com'

     

    The email parameter accepts wildcards for filtering so if you don't know the exact admin's email address you can do the following:

     

    Get-JCAdmin -email 'john*'

     

    Example 3: Find all admins that have multifactor enabled

     

    Get-JCAdmin -enableMultifactor $true

     

    Example 4: Find all admins that are totpEnrolled

     

     

    Get-JCAdmin -totpEnrolled $true

     

    Example 5: Find all admins that have a specific role

     

    Get-JCAdmin -roleName "Administrator With Billing"

     

    Example 6: Putting it all together - Finding admins from a specific domain, have multifactor disabled and are a specific role

     

    Get-JCAdmin -email "*@example.com" -enableMultiFactor $false -roleName "Administrator With Billing"

     

     

     

     

    Labels:
    0 REPLIES 0
    You Might Like

    New to the site? Take a look at these additional resources:

    Community created scripts:

    Our new Radical Admin blog:

    Keep up with Product News:

    Read our community guidelines

    Ready to join us? You can register here.