Hello everyone,

I'm currently working on a script that interacts with the Meraki API to manage policy object groups across multiple organizations. The script is designed to fetch the API key from Azure Key Vault and perform various operations. Here's a brief overview of the script:

-----------------------------------
import requests
import pandas as pd
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

# Initialize Azure Key Vault client
key_vault_name = "<Your-KeyVault-Name>"
KVUri = f"https://{key_vault_name}.vault.azure.net"
credential = DefaultAzureCredential()
client = SecretClient(vault_url=KVUri, credential=credential)

# Fetch the API key from Azure Key Vault
api_key = client.get_secret("<Your-Secret-Name>").value

# Define the API endpoint and headers
base_url = "https://api.meraki.com/api/v1/organizations/{organizationId}/policyObjects/groups"
headers = {
'Authorization': f'Bearer {api_key}',
'Accept': 'application/json'
}

# Read organization IDs from Excel file
excel_file = '<Path-to-Your-Excel-File>' # Replace with your Excel file path
df = pd.read_excel(excel_file)

# Prompt for user ID
user_id = input("Enter your user ID: ")

# Iterate over each organization ID
for org_id in df['organizationId']:
print(f"\nProcessing organization ID: {org_id} by user: {user_id}")
org_base_url = base_url.replace("{organizationId}", str(org_id))

# Fetch the policy object groups
response = requests.get(org_base_url, headers=headers)
if response.status_code == 200:
policy_groups = response.json()
if policy_groups:
print("Policy Object Groups:")
for idx, group in enumerate(policy_groups):
print(f"{idx + 1}. Name: {group['name']}, ID: {group['id']}")

# Ask for confirmation
to_delete = input(f"Enter the numbers of the groups you want to delete for organization ID {org_id}, separated by commas: ")
to_delete_ids = [policy_groups[int(num) - 1]['id'] for num in to_delete.split(",")]

# Delete the selected groups
for group_id in to_delete_ids:
delete_url = f"{org_base_url}/{group_id}"
delete_response = requests.delete(delete_url, headers=headers)
if delete_response.status_code == 204:
print(f"Deleted group with ID: {group_id} by user: {user_id}")
else:
print(f"Failed to delete group with ID: {group_id} by user: {user_id}")
else:
print("No policy object groups found.")
else:
print(f"Failed to fetch policy object groups for organization ID: {org_id} by user: {user_id}")

print("Script completed.")

-------------------------------------
The Issue: The script works perfectly, but since the API key is associated with my Meraki account, all actions are logged under my name in the Meraki dashboard. This makes it difficult to track which team member (we are a team of 10) executed the script.

Additional Challenge: We can only create two API keys per profile in the Meraki dashboard. Additionally, most of our team members use Single Sign-On (SSO) accounts, which do not support API key generation.

What I've Tried:

• Prompting for user ID at the start of the script to log who is running it.
• Azure CLI login at start before executing the script to authorize from azure to access keyvault. 

What I'm Looking For:

• Best practices for managing API keys and tracking script execution in a team environment.
• Accounting of script execution like script1 was executed by person1 and script 2 execute by person2

Any help or insights would be greatly appreciated!

Thank you!