Skip to content

Instantly share code, notes, and snippets.

@varunchandak

varunchandak/fetch-deprovisioned-okta-users.md

Created August 12, 2024 09:54
Show Gist options
  • Save varunchandak/3d84414d450975a76904649fcd9e20cc to your computer and use it in GitHub Desktop.
Save varunchandak/3d84414d450975a76904649fcd9e20cc to your computer and use it in GitHub Desktop.
Download ZIP
Python script to fetch deprovisioned users from Okta and export their email addresses to a CSV file. Handles pagination and uses Okta API tokens for authentication.
Raw
fetch-deprovisioned-okta-users.md

Fetch Deprovisioned Okta Users

This Python script fetches deprovisioned users from an Okta organization and exports their email addresses to a CSV file. The script handles pagination to ensure all deprovisioned users are retrieved, even if the data spans multiple pages.

Requirements

  • Python 3.7+
  • requests library

You can install the requests library using pip:

pip install requests

Setup

Ensure that you have the following environment variables set up:

  • OKTA_TOKEN: The Okta API token for authentication.
  • OKTA_DOMAIN: Your Okta domain (e.g., yourcompany.okta.com).

You can set these environment variables in your terminal before running the script:

export OKTA_TOKEN="your_okta_token"
export OKTA_DOMAIN="your_okta_domain"

Usage

  1. Save the script:

    Save the script to a file named fetch-deprovisioned-okta-users.py.

  2. Run the script:

    Execute the script using Python:

    python fetch-deprovisioned-okta-users.py

  3. Output:

    The script will create a CSV file named deprovisioned_users_emails.csv in the /tmp/ directory, containing the email addresses of all deprovisioned users.

Script Details

Pagination Handling

The script uses Okta's pagination mechanism to retrieve all deprovisioned users. If there are more users than the specified limit (default is 200), the script will continue to fetch the next set of users until all are retrieved.

Error Handling

The script raises an error if any HTTP request fails, ensuring that you are alerted to issues such as invalid API tokens, incorrect domain names, or connectivity issues.

License

This project is licensed under the MIT License. See the LICENSE file for details.

Raw
fetch-deprovisioned-okta-users.py
import os
import csv
import requests
# Environment variables
OKTA_TOKEN = os.getenv('OKTA_TOKEN')
OKTA_DOMAIN = os.getenv('OKTA_DOMAIN')
# API base URL
base_url = f"https://{OKTA_DOMAIN}/api/v1/users"
# Headers for the API request
headers = {
'Authorization': f'SSWS {OKTA_TOKEN}',
'Accept': 'application/json'
}
# Parameters for the API request
params = {
'filter': 'status eq "DEPROVISIONED"',
'limit': 200 # Adjust as needed, default is 200
}
# Initialize an empty list to hold email addresses
email_addresses = []
# Pagination handling
while True:
response = requests.get(base_url, headers=headers, params=params)
response.raise_for_status() # Raise an error for bad status codes
# Add the email addresses of the current page's users to the list
for user in response.json():
email = user.get('profile', {}).get('email')
if email:
email_addresses.append(email)
# Check if there's a next page
if 'next' in response.links:
# Extract the cursor for the next page and update the params
next_url = response.links['next']['url']
next_cursor = next_url.split('after=')[1].split('&')[0]
params['after'] = next_cursor
else:
break
# Define CSV file path
csv_file_path = "/tmp/deprovisioned_users_emails.csv"
# Ensure /tmp/ directory exists
os.makedirs(os.path.dirname(csv_file_path), exist_ok=True)
# Write the email addresses to a CSV file
with open(csv_file_path, mode='w', newline='') as file:
writer = csv.writer(file)
for email in email_addresses:
writer.writerow([email])
# Print a summary of emails written
print(f"Number of deprovisioned users' emails written: {len(email_addresses)}")
print(f"CSV file of deprovisioned users' emails has been created at: {csv_file_path}")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment