VPN User Provisioning with API

gingerwon
Just browsing

VPN User Provisioning with API

Happy Friday everyone,
Boss tasked me with going through our Anyconnect authorized users on Meraki, verifying who is inactive in AD, and removing inactive users from Anyconnect.  While SCIM would be ideal, I'm not finding any SCIM availability for AnyConnect Provisioning.  So far I'm getting the information I want from the Invoke-RestMethod, and I'm able to then query those users against AD to confirm Enabled -eq True.  My final hurdle is to take the list of disabled users, get their id from the Meraki response, and send a DELETE invoke-RestMethod to delete the disabled users via the "{{baseUrl}}/networks/:networkId/merakiAuthUsers/:merakiAuthUserId" endpoint.

 

$AllUsers = @()
foreach ($NetworkID in $NetworkIDs) {
$Users = Invoke-RestMethod -Method Get -Uri "https://api.meraki.com/api/v1/networks/$NetworkID/merakiAuthUsers" -Headers $headers
$AllUsers += $Users
}
$InactiveUsers = foreach ($User in $AllUsers) {
$ADUser = Get-ADUser -Filter "mail -eq '$($User.email)'" -Properties Enabled
if ($ADUser -and !$ADUser.Enabled)
}

 Any tips or tricks would be greatly appreciated!

2 Replies 2
PhilipDAth
Kind of a big deal
Kind of a big deal

Going completely sideways; do you use Office 365/Entra ID?  Have you considered authenticating directly against that instead?

 

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_Azure_AD_SA...

 

 

gingerwon
Just browsing

Thanks for the reply Philip!

We have/are considering this, but didn't think SSO would automatically deprovision disabled users from the Meraki authenticated users list.  Maybe this is a much simpler solution, I'll try to do some testing today.  Thanks again!

Get notified when there are additional replies to this discussion.