This PowerShell module is a lightweight wrapper around the Okta API (https://developer.okta.com/docs/reference/api).
Tested on:
- PowerShell 5.1
- PowerShell 7+
The cmdlets are conform the PowerShell Approved Verbs. The operations are prefixed with "UOkta" (= Unofficial Okta cmdlets) to not clash with potential official "Okta" PowerShell modules.
Set the current Okta organization connection context.
Connect-UOktaAccount
-OktaInstanceUri <String>
-ApiKey <String>
[<CommonParameters>]Example:
Connect-UOktaAccount -OktaInstanceUri "myoktainstance.oktapreview.com" -ApiKey "ABCDEFGHIJKLMN"Removes the current Okta organization connection context.
Disconnect-UOktaAccount
[<CommonParameters>]Example:
Disconnect-UOktaAccountRetrieves an Okta user object.
!NOTE Logins with a / character can only be fetched by id due to URL issues with escaping the / character.
Get-UOktaUser
-Current
[<CommonParameters>]Get-UOktaUser
-Id <String>
[<CommonParameters>]Get-UOktaUser
-Login <String>
[<CommonParameters>]Example:
# Retrieve the current user
Get-UOktaUser -Current
# Retrieve a user based on the Okta (technical) ID
Get-UOktaUser -Id "00b1abcd1fGHIJk3L0n7"
# Retrieve a user based on the Okta login name
Get-UOktaUser -Login user@example.comCreates a new user in your Okta organization with or without credentials. Refer to the Okta API documentation for the object structure that have to be passed as Profile or Credentials object.
New-UOktaUser
-UserProfile <PSCustomObject>
[-Crentials <PSCustomObject>]
[-Activate]
[<CommonParameters>]Updates a user's profile and/or credentials using partial update semantics (POST operation per documentation). Refer to the Okta API documentation for the object structure that have to be passed as Profile or Credentials object.
Specify "me" as ID for updating the Current user.
Update-UOktaUser
-Id <String>
[-UserProfile <PSCustomObject>]
[-Crentials <PSCustomObject>]
[<CommonParameters>]Fetches the groups of which the user is a member.
Specify the user's id, login, or login shortname (as long as it is unambiguous) of the user as the Id parameter.
Get-UOktaUserGroups
-Id <String>
[<CommonParameters>]Lifecycle operations are non-idempotent operations that initiate a state transition for a user's status. Some operations are asynchronous while others are synchronous. The user's current status limits what operations are allowed.
Update-UOktaUserLifecycle
-Id <String>
-Activate
[-SendEmail]
[<CommonParameters>]Update-UOktaUserLifecycle
-Id <String>
-Deactivate
[-SendEmail]
[<CommonParameters>]Update-UOktaUserLifecycle
-Id <String>
-Reactivate
[-SendEmail]
[<CommonParameters>]Update-UOktaUserLifecycle
-Id <String>
-Suspend
[<CommonParameters>]Update-UOktaUserLifecycle
-Id <String>
-Unsuspend
[<CommonParameters>]This operation transitions the user status to PASSWORD_EXPIRED so that the user is required to change their password at their next login. If tempPassword is included in the request, the user's password is reset to a temporary password that is returned, and then the temporary password is expired.
Set-UOktaUserPasswordExpired
-Id <String>
[-TempPassword]
[<CommonParameters>]Removes all active identity provider sessions. This forces the user to authenticate on the next operation. Optionally revokes OpenID Connect and OAuth refresh and access tokens issued to the user.
Remove-UOktaUserSessions
-Id <String>
[-OauthTokens]
[<CommonParameters>]Enumerates Groups in your organization. Currently pagination is not supported in this cmdlet.
Get-UOktaGroups
[-Limit <Int>]
[<CommonParameters>]Enumerates all users that are a member of a Group. Currently pagination is not supported in this cmdlet.
Get-UOktaGroupMembers
-GroupId <String>
[-Limit <Int>]
[<CommonParameters>]Adds a user to a group of OKTA_GROUP type.
Add-UOktaGroupMember
-GroupId <String>
-UserId <String>
[<CommonParameters>]Removes a user from a group of OKTA_GROUP type
Remove-UOktaGroupMember
-GroupId <String>
-UserId <String>
[<CommonParameters>]