<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7VS5SANOkta Classic EngineIntegrationsAnswered2024-04-30T09:18:25.000Z2015-09-29T16:31:56.000Z2018-05-16T17:17:10.000Z

gciii (gciii) asked a question.

Edited by varun.kavoori1.5210444522562532E12 September 5, 2018 at 1:20 AM
Utilizing Powershell for user reporting and modification
Hello

I would like to export all user data, including all attributes, to a .csv

Specifically, I need the employeeNumber field in OKTA.

Any way to accomplish that via the GUI / PowerShell / API?

Any method is acceptable as long as I can get some guidance on how to achieve that (I'm not an API / Powershell guru...)

 

Also,

Is there any way i can modify the employeenumber in bulk? i'm thinking about exporting all users with their current login & employeenumber, change the employeenumber and then import it back, using the current login as the anchor

 

Thank you,

 

Omer
  • 8 answers
  • 3.7K views
hmka1 and ArtC.12602 like this.

  • svcV.75126 (Customer)

    Hi Omer,

     

    If you are comfortable with powershell this is certainly feasible through the API. This (and things like it) are one of the reasons i ended up writing a powershell wrapper for the API. The number of ways i've needed to be able to perform bulk updates and transformations on users are diverse.

     

    To accomplish this start by installing and configuring my powershell module: https://github.com/mbegan/Okta-PSModule (https://github.com/mbegan/Okta-PSModule)

     

    their are instructions for configuration in the github but feel free to ask for clarification here.

     

    Once configured you can retrieve a full list of your users, dump it out to a csv, update the csv and then read the file back in and update the okta users based on the data in the csv.

     

    Step1 retrieve a list of users, export relevant information to CSV.

      
    1.  $users = oktaListUsers -oOrg prod  $toexport = New-Object System.Collections.ArrayList  foreach ($u in $users)  {   $line = @{   oktaid = $u.id   login = $u.profile.login   employeeNumber = $u.profile.employeeNumber  newEmployeeNumber = $null  }   $obj = New-Object psobject -Property $line   $_c = $toexport.Add($obj)  }  $toexport | Export-Csv -Path path\to\export.csv -NoTypeInformation
     

    Step2 Update export.csv (it should have a blank column for newEmployeeNumber

     

    Step3 import the updated csv file and perform an update on the okta user.

    *for the sake of simplicity remove rows from the csv that don't require an update. It saves us from having to write logic to handle it.

      
    1.  $updates = Import-Csv -Path path\to\export.csv foreach ($update in $updates)  {   try   {   $oktauser = oktaGetUserbyID -oOrg prod -userName $update.oktaid   }   catch   {   Write-Host Get resulted in $_.Exception.Message -BackgroundColor Red   continue   }   $oktauser.profile.employeeNumber = $update.newemployeeNumber   try   {   $updated = oktaUpdateUserProfilebyID -oOrg prod -uid $oktauser.id -Profile $oktauser.profile   }   catch   {   Write-Host update resulted in $_.Exception.Message -BackgroundColor Red   continue   }   Write-Host $updated.profile.login employeeNumber updated to $updated.profile.employeeNumber  }
     

    Hopefully that helps

    -Matt
    Expand Post

  • gciii (gciii)

    Hi Matt

    I tried to run the update script on my OKTA test instance and I got the following error:

     

     update resulted in E0000023 : Operation failed because user profile is mastered under another system

  • svcV.75126 (Customer)

    Hi Omer,

     

    Are these accounts AD Mastered, if so do you have write privileges to the associated AD Accounts?

     

    A similar process would accomplish this using the ActiveDirectory powershell module and the updates to Active Directory would propogate to Okta based on the sync schedule.

     

    -Matt
    Expand Post

  • gciii (gciii)

    Hi

     

    the accounts are ad-mastered. the OKTA Service account we use has write priviligies to AD

    I will update via AD and propegate to OKTA, but i wanted to test both scenarios. 

    Any idea why it might fail via OKTA?

     

    Thanks,

     

    Omer
    Expand Post

  • svcV.75126 (Customer)

    Hi Omer,

     

    the reason Okta rejects the updates to the Okta user profile is becasue it views AD as the profile master and okta is entirely subordinate to AD.

     

    I tend to forget that I have a bit of a deviation in my setup from most people. In my org AD is subordinate to Okta as I have my HR system provisioning accounts in Okta and pushing the accounts and all profile updates downstream.

     

    -Matt

     

    Expand Post

  • j5v7c (j5v7c)

    Hi Matt

    I'm trying to export out a list of users which includes a custom field. This field is a String Array which when exported advises System.Object[] rather than the contents.

     

    If I run ListUsers via PostMan I can see the String Array contents?

    My preference is to have PowerScript to export to file as enduser admins could run.

    Any help here appreciated.

     

    Nic
    Expand Post

  • elnsf (elnsf)

    I tried running the same powershell module but I am getting http response exception:

     

    PS C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Okta-PSModule-master> oktaListUsers -oOrg prev

    VERBOSE: GET https://dev-2130-admin.oktapreview.com/api/v1/users?limit=500 with 0-byte payload

    WARNING: Unable to find type [Microsoft.PowerShell.Commands.HttpResponseException].

    WARNING: Encountered error, returning limited or empty set

     

    Please help
    Expand Post

  • LuisO.89038 (24 Hour Fitness)

    If anyone is curious how to export an array to csv here is what helped me

     

    $toexport | select oktaid,login,employeeNumber,@{name=”JobCode”;expression={$_.JobCode -join “;”}} | Export-Csv -Path .\desktop\AllPRDUsers.csv

     

    This would be your final line of the code in Step 1 above.  In this example "JobCode" is an array.

     

    Here is what the ps script looks like.  

     

    $users = oktaListUsers -oOrg prod

    $toexport = New-Object System.Collections.ArrayList

    foreach ($u in $users)

    {

    $line = @{

                    oktaid = $u.id

                    login = $u.profile.login

                    employeeNumber = $u.profile.employeeNumber

                    JobCode= $u.profile.jobCode

                    }

    $obj = New-Object psobject -Property $line $_c = $toexport.Add($obj)

    }

    $toexport | select oktaid,login,employeeNumber,@{name=”JobCode”;expression={$_.JobCode -join “;”}} | Export-Csv -Path .\desktop\AllUsers.csv

     

    You can also add extra attributes by including them in the $line portion off the code (Example below)

     

    $line = @{

                    oktaid = $u.id

                    login = $u.profile.login

                    employeeNumber = $u.profile.employeeNumber

                    JobCode= $u.profile.jobCode

                    fn = $u.profile.firstName

                    ln = $u.profile.lastName

                    }
    Expand Post
This question is closed.
Loading
Utilizing Powershell for user reporting and modification