Authenticator Token Delivery Method Bulk Change

Korozo · ‎11-29-2022

Hello,

On Forti Authenticator we are sending vpn token through sms to our users, we have 1.100 users on the system, sometimes sms provider goes down and we have to change "Deliver token code by" setting to email manually for all users, as you can imagine it takes long time, i was wondering is there any CLI or API method to change "Deliver token code by" setting for all user at once?

funkylicious · ‎12-04-2022

Nice, you managed to brake the first barrier.

Next, you would have to loop through all the users either in Postman or with a Python script.

The URL should be something like below (if Postman is used) where the variable is passed from a list/array with all the users in question, which you got from the previous command, GET.

https://10.0.0.112/api/v1/ldapusers/{{user}}/

L.E. sorry I cant give you more exact examples of what should be done, i'm struggling to get any results returned on my end

"jack of all trades, master of none"

View solution in original post

funkylicious · ‎11-30-2022

Hi,

You could try and reiterate through the API to change/UPDATE the token type for the users.

Here's the doc for LDAP users, assuming they are imported from it.

Did not tried this myself, but it's worth a try.

"jack of all trades, master of none"

Korozo · ‎11-30-2022

Thanks i'll take a look

Korozo · ‎12-01-2022

the problem is it returns 403 forbidden no matter what i do, i've followed instructions and enabled webservices for specific user, created and received secret key, tried with postman and curl but result is the same, what am i missing here?

funkylicious · ‎12-02-2022

What URL and it which params are you running it ?

"jack of all trades, master of none"

Korozo · ‎12-02-2022

My authenticator's ip address is : 10.0.0.112 / guest.mydomain.com

i've tried with below commands ;

curl -k -v -u "myuser:mysecret" https://10.0.0.112/api/v1/?access_token=mysecret&format=json : returns 403
curl -k -H -- "Authorization: Bearer mysecret" "https://10.0.0.112/api/v1/?format=json?access_token=mysecret" : returns 403

Web service access is enabled (please see attached screenshots)

Domain,Username & secret blured and hidden due to security concerns.

funkylicious · ‎12-02-2022

I get

{"meta": {"limit": 20, "next": null, "offset": 0, "previous": null, "total_count": 0}, "objects": []}

Something is not working, but I'm too tired to dig rn, in the next days.

"jack of all trades, master of none"

Korozo · ‎12-02-2022

I hope you rest well man :) Thanks for your time, looking forward to hearing from you

Korozo · ‎12-02-2022

i've progress :)

This settings were disabled so i assume this was causing to forbidden error;

Now enabled it and 403 is gone, but now getting "An error has occured error"

Korozo · ‎12-04-2022

Update : made it worked on postman :)

Using basic auth instead of Oauth2 make the trick, now i can get data from authenticator.

https://10.0.0.112/api/v1/ldapusers/7325425/

{
"token_type": "sms"
}

With above combination(PATCH) i can update user's token delivery method, what i couldn't be able to find is how i can apply this to all 1.100 users at once, i've tried;

https://10.0.0.112/api/v1/ldapusers/

https://10.0.0.112/api/v1/ldapusers/*/

https://10.0.0.112/api/v1/ldapusers/%/

didn't worked, and couldn't find related information in manual, what is the joker character for all users?

Authenticator Token Delivery Method Bulk Change

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website