Reset-OktaMFA.ps1

PowerShell Script to reset Okta MFAs for users with last used MFAs older than a certain age or never used.

Author : Cary GARVIN
Contact : cary(at)garvin.tech
LinkedIn : https://www.linkedin.com/in/cary-garvin
GitHub : https://github.com/carygarvin/

Script Name : Reset-OktaMFA.ps1
Script Link : https://carygarvin.github.io/Reset-OktaMFA.ps1/
Version : 1.0
Release date : 26/11/2018 (CET)

Script usage

Script takes either none or one argument when launched.

This Script will first list CSV files stored in the current user’s ‘Downloads’ folder. Prior to that, the user needs to download from the Okta Admin portal (Admin>Reports>Reports>Multifactor Authentication>MFA Usage/Download CSV) the latest MFA Usage report which serves as input for the present script. Upon launching the script, the user will be prompted to choose the CSV file with last MFA usage information. The Script will then parse the CSV file and keep only unique entries with the most recent ‘Last Used MFA’ for each user. Then it filters out entries which are more recent than the specified number of days in variable $MFAResetThresholdAge. From the remaining entries (older than age threshold or blank), it will reset the MFA for each one and finally output in the current user’s ‘My Documents’ folder the result in a CSV file titled with the execution time stamp followed by “MFAResetReport.csv”.

Script configuration

There are 3 configurable variables (see lines 91 to 94 within the script) which need to be set by IT Administrator prior to using the present Script: