This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Disclaimer
JUMPCLOUD EXPRESSLY DISCLAIMS ALL REPRESENTATIONS, WARRANTIES, CONDITIONS, AND LIABILITIES OF ANY KIND ARISING FROM OR RELATED TO THIRD-PARTY SOFTWARE, SCRIPTS, REPOSITORIES, AND APIS. JUMPCLOUD IS NOT REQUIRED TO SUPPORT ANY SUCH THIRD-PARTY MATERIALS AND ALL RISKS RELATED TO THIRD-PARTY MATERIALS ARE YOUR RESPONSIBILITY. PLEASE ALSO REVIEW THE JUMPCLOUD TOS.

New PowerShell Function: Get-JCAdmin - Audit admins in your organization(s)

GWein
JumpCloud Employee
JumpCloud Employee

โ€Ž08-13-2024 12:20 PM

Function Overview:

Admins need to know which of their other JumpCloud admins have MFA/TOTP enabled as well as some other auditing practices such as an admin's state, or even when the last time their API key was rotated. The new, Get-JCAdmin, function will allow admins the ability to do just that, as well as some other things. We are introducing this function simply to allow admins an easier way of auditing their environment and exporting the results quickly to a CSV or any other file type.

Currently, there are no plans into implement creating/editing admins within the PowerShell module, for now that will have to be done inside the Console.

Function Parameters

  • email - A search filter parameter that accepts string wildcards to filter results based on an inputted email address
  • enableMultifactor - A search filter parameter that accepts boolean to filter for Multifactor enabled/disabled (true/false)
  • totpEnrolled - A search filter parameter that accepts boolean to filter for totp enrolled/disabled (true/false)
  • roleName - A search filter parameter that accepts an enum ('Administrator With Billing', 'Administrator', 'Manager', 'Command Runner With Billing', 'Command Runner', 'Help Desk', 'Billing Only', 'Read Only') to filter for an admin's role
  • organization - A search filter parameter that accepts a string for an organization ID. This is only used for those on an MTP/MSP tenant

Return Object

 

apiKeyUpdatedAt   : 7/5/2023 11:17:29 PM
created           : 5/11/2022 4:12:00 PM
email             : geoffrey.wein+readonly@jumpcloud.com
enableMultiFactor : False
firstname         : Geoffrey
lastname          : Wein
organization      : organizationID
roleName          : Read Only
suspended         : False
totpEnrolled      : False
totpUpdatedAt     :

 

Use Examples:

General Use

Example 1: Find all admins in your organization

 

Get-JCAdmin

 

If you are in an MTP/MSP tenant, this will return all admins across all of your organizations

Example 2: Find admins by email address in your organization

 

Get-JCAdmin -email 'john.doe@example.com'

 

The email parameter accepts wildcards for filtering so if you don't know the exact admin's email address you can do the following:

 

Get-JCAdmin -email 'john*'

 

Example 3: Find all admins that have multifactor enabled

 

Get-JCAdmin -enableMultifactor $true

 

Example 4: Find all admins that are totpEnrolled

 

 

Get-JCAdmin -totpEnrolled $true

 

Example 5: Find all admins that have a specific role

 

Get-JCAdmin -roleName "Administrator With Billing"

 

Example 6: Putting it all together - Finding admins from a specific domain, have multifactor disabled and are a specific role

 

Get-JCAdmin -email "*@example.com" -enableMultiFactor $false -roleName "Administrator With Billing"

 

 

 

 

Labels:
0 REPLIES 0
You Might Like

New to the site? Take a look at these additional resources:

Community created scripts:

Our new Radical Admin blog:

Keep up with Product News:

Read our community guidelines

Ready to join us? You can register here.