Generate Two-step verification report

  • 1
  • Question
  • Updated 7 months ago
Hello

I would like to generate a report which users have the 2 step Verification activated and which not.
Can i do that via Powershell? if so how?

Thanks a lot!!!

Cheers David
Photo of David Birrer

David Birrer

  • 11 Posts
  • 0 Reply Likes

Posted 7 months ago

  • 1
Photo of Eliezer Encarnacion

Eliezer Encarnacion, Official Rep

  • 695 Posts
  • 98 Reply Likes
Hi David,

I'm looking into this one, will have an answer soon :)

Thanks,
Eli
Photo of David Birrer

David Birrer

  • 11 Posts
  • 0 Reply Likes
That would be amazing!
Photo of Eliezer Encarnacion

Eliezer Encarnacion, Official Rep

  • 695 Posts
  • 98 Reply Likes
David,

Here's a script with a function that will output all user emails with TFA authentication : https://eliezeren.sharefile.com/d-s29e98ebb09849a6a
You can run it like this to view the results in the console:
Get-TfaUsers
Or you can pipe the results to a file
Get-TfaUsers | Out-File "tfaUsers.txt"
Let me know if that works.

Thanks!
Eli
Photo of David Birrer

David Birrer

  • 11 Posts
  • 0 Reply Likes
Hi.. i guess it works thanks...

Some question arise looking at the output.
  • Are those internal and/or external users?
With "internal" i mean native full-sharefile users with a licensed company sharefile Account.
With "external" i mean non-company users i allow access to a file (for example by sending a file to them)

it looks like its both...(are external users having the possibility 2 factor authentication?)
In the output i have some gmail/yahoo accounts in there.

Wath would be to modify to get the whole (internal+external) list of users with authentication Type colum? Also i would like to see if these accounts are "internal" oder "external"

Can you help me with that.

thanks a lot.
Cheers David
Photo of Eliezer Encarnacion

Eliezer Encarnacion, Official Rep

  • 695 Posts
  • 98 Reply Likes
David,

Easiest way to do it is to delete the call to get all users in the script, and fetch each group of users separately

$externalUsers = Send-SfRequest -Client $sfc -Entity Accounts -Navigation Clients
$internalUsers = Send-SfRequest -Client $sfc -Entity Accounts -Navigation Employees

You can then loop over each of these lists like the script does for the $users list, get the $userSecurity object for each user, and output the information you need.

Let me know if that helps
Eli
Photo of David Birrer

David Birrer

  • 11 Posts
  • 0 Reply Likes
Hello again

It seams to work for the first part.

The second part (where i ask only for Employees) seam to fail.

Here is the changes script only to get the employees.


----------------------------------------------------------------------------------------------------------------------

function Get-TfaEmployees {
  
    $internalUsers = Send-SfRequest -Client $sfc -Entity Accounts -Navigation Employees -Parameters @{"type"="all"}

    Write-Host "Searching from $($internalUsers.Count) users"
   
    Foreach ($contact in $internalUsers)
    {

        $userSecurity = Send-SfRequest -Client $sfc -Accounts Users -Navigation Security -Id $contact.Id

        if ($userSecurity.UserAuthenticationType -eq [ShareFile.Api.Models.UserAuthenticationType]::TwoFactor)
        {
            Write-Output "$($contact.Email)"
        }
    } 
}

Write-Output "$($contact.Email)"

----------------------------------------------------------------------------------------------------------------------


Thanks a lot....
Photo of Eliezer Encarnacion

Eliezer Encarnacion, Official Rep

  • 695 Posts
  • 98 Reply Likes
David,

1. The request to get the internal users does not need the -Parameters flag
2. The request to get the $userSecurity record is malformed. Instead of "-Accounts Users", write "-Entity Users"

Let me know how it goes.If you run into another error, do include any error messages you got.

Thanks!
Eli
Photo of David Birrer

David Birrer

  • 11 Posts
  • 0 Reply Likes
it worked thanks