Powershell script for TOTP token enrolment

Please let me know any feedback for improvements:

https://help.okta.com/en/prod/Content/Topics/Security/mfa-totp-seed.htm

1 Like

Not bad. I don’t actually know that much about TOTP but just some helpful PowerShell tips.

Your variables are objects, use them as such. Rather than distilling the user ID out through 4 different variables just use one.

$User = Invoke-WebRequest -Uri $Uri .... | select -ExpandProperty Content | ConvertFrom-JSON

Then when you need the users ID just use $User.id
If you have a complete object representing the user you can use other info about the user for things like logging or error messages $User.profile.email

and if you need to force the output of a JSON to be a string, you can either cast it to a string variable

[string]$Factor = Invoke-WebRequets -Uri $Uri ..... | select -ExpandProperty Content | ConvertFrom-Json

or do the above and add one more pipe to Out-String

I only create an actual $Webrequest variable if I might be interested in other content of the webrequest like statuscode or headers when I need the next link.

Also since you use the authorization header several times, you might just want to set the whole headers up as a variable

$Headers = @{
     'Authorization' = "SSWS [Api Key here]" ;
     'Accept' = "application/json" ;
     'Content-Type' = "application/json"
     }

That way you can just call the webrequest like this

Invoke-WebRequest -Uri $Uri -Headers $Headers -Method [get | post | etc...] -TimeoutSec 300

hope that helps.

Good feedback, I will test and update