Scripts

SecureMFA_SupportTools 1.0.0.1

The PowerShell scripts for managing SecureMFA OTP accounts.

Dependencies:

    • System which executes a script must have Microsoft Framework 4.6.1 and above installed.
    • SecureMFA_SupportTools.dll file must be present in script directory.
    • SecureMFA_SupportTools.json configuration file must be present in script directory.

Bellow is a sample of a valid SecureMFA_SupportTools.Json config file:

             {
             "sql_server": "asqlaol1.adatum.labnet",
             "sql_database": "SecureMfaOTP",
             "ui_input_text": "Please enter user's UPN",
             "ui_environment": "MyCompany",
             "encryption_passphrase": "d9GhT=7=Ox8-+LaZ"
             }

Logs

All provider related logs are stored in Windows Application Event logs.

Windows Application Events:

Source: Secure MFA OTP
Event ID 5551: Get user Attribute Events
Event ID 5552: OTP SoftReset Events 
Event ID 5553: OTP HardReset Events 
Event ID 5554: GET OTP List Of Codes Events 
Event ID 5555: Get OTP Time Drift Events
Event ID 5559: System Events


List of scripts

reset-otp.ps1 - The PowerShell script to Reset OTP accounts in SQL database .

.\show-otp.ps1 -upn test1@adatum.labnet -DecryptSecret
.\show-otp.ps1 -upn test1@adatum.labnet -DecryptSecret -otpcode 893117

reset-otp.ps1 - The PowerShell script to Reset SecureMFA.com OTP accounts in SQL database

.\reset-otp.ps1 -upn test1@adatum.labnet -HardReset

SecureMFA OTP maintenance script for SQL database

Scheduler bellow SQL script to run as weekly job on SQL Server. Script will delete old user records with lastlogon data older than 60 days or value equals NULL .

Delete FROM [SecureMfaOTP].[dbo].[Secrets] WHERE lastlogon < DATEADD(day, -60, GETDATE()) OR lastlogon IS NULL