PowerShell Script for auditing Okta App Assignments and Revocations.
Author : Cary GARVIN
Contact : cary(at)garvin.tech
LinkedIn : https://www.linkedin.com/in/cary-garvin
GitHub : https://github.com/carygarvin/
Script Name : Audit-OktaAppPermissions.ps1
Version : 1.0
Release date : 07/01/2019 (CET)
History : The present script has been developed as an auditing tool to gather Okta App Assignments and Revocations made by a particular Organization in the Okta authentication Cloud platform.
Purpose : The present script can be used for auditing Okta App Assignments and Revocations for an organization using Okta authentication services. The computer running this present script requires Microsoft Excel to be installed as Excel is used to build the report using COM Objects.
The present PowerShell Script cannot be run with a locked computer or System account (as a Scheduled Task for instance) since COM Objects operations using Excel perform Copy/Paste operations which take place interactively within the context of a logged user. This is for performance considerations since pasting entire Worksheets in one shot is way faster than filling cells one by one using COM Objects, thus ensuring the computer running this script remains unlocked throughout the entire Script's operation.
There are 2 configurable variables (see lines 29 and 30 in the actual script) which need to be set by your IT Administrator prior to using the present Script:
- Variable $OktaOrgName which is the name, in the Okta Portal URL, corresponding to your Organization.
- Variable $OktaAPIToken which is the temporary token Okta issued for you upon request. This token can be issued and taken from Admin>Security>API>Token once you are logged into the Okta Admin Portal.