Manage OTP tokens used by the Citrix ADC
For more details, view my blog article
Just execute "OTP4ADC.ps1" and you will be presented with a GUI.
You can run and set option via the commandline, without using the GUI. You need to specify multiple options
# CLI: Edit one user
C:\OTP4ADC\OTP4ADC.ps1 -GatewayURI <String> -Attribute <String> -Username <String> -DeviceName <String> -ExportPath <String> [-QRSize <Int32>] [-TokenText <String>] [-ReplaceTokens] [-Thumbprint <String>]
# CLI: Edit one user with specifying your own secret
C:\OTP4ADC\OTP4ADC.ps1 -GatewayURI <String> -Attribute <String> -Username <String> -DeviceName <String> -Secret <String> [-QRSize <Int32>] [-TokenText <String>] [-ReplaceTokens] [-Thumbprint <String>]
#CLI: Bulk import a CSV (with or without specifying your own secret)
C:\OTP4ADC\OTP4ADC.ps1 -GatewayURI <String> -Attribute <String> -CsvPath <FileInfo> [-Delimiter <String>] [-ExportPath <String>] [-QRSize <Int32>] [-TokenText <String>] [-ReplaceTokens] [-Thumbprint <String>]EXAMPLE: add edit a user
Optional parameters are:
- "-Secret" => Specify your own BASE32 secret
- "-QRSize" => option to change the default image resolution
- "-TokenText" => 1, 2 or 3. How the text is being presented in the Authenticator
- "-ReplaceTokens" => to "overwrite" the current specified secrets for the given user (default will be added to the list)
- "-Thumbprint" => Only usable when Powershell Core (v7 or higner) is used Option to specify the thumbprint of a certificate used to encrypt the secrets in AD
C:\OTP4ADC\OTP4ADC.ps1 -attribute userParameters -GatewayURI portal.domain.com -username john.doe@domain.com -DeviceName Mobile -ExportPath C:\exportEXPLANATION: Edit a user named "[email protected]" and add a newly generated secret for device "Mobile" to the attribute "userParameters". When done export the QR PNG to the directory "C:\export"
You can also bulk import a csv (with or without specifying your own secrets)
EXAMPLE: Import a CSV
CSV file (users.csv) without Secrets
"Username","DeviceName"
"[email protected]","Mobile"
"[email protected]","Mobile"
CSV file (users.csv) with Secrets
"Username","DeviceName","Secret"
"[email protected]","Mobile","BASE32SECRET"
"[email protected]","Mobile","BASE32SECRET"
Optional parameters are:
- "-Delimiter" => Specifying a different delimiter for your CSV than the "default" comma ","
- "-ExportPath" => where the QR-images of the generated secrets are being stored
- "-QRSize" => option to change the default image resolution
- "-TokenText" => 1, 2 or 3. How the text is being presented in the Authenticator
- "-ReplaceTokens" => to "overwrite" the current specified secrets for the given user (default will be added to the list)
- "-Thumbprint" => Only usable when Powershell v7 or higner is used) Option to specify the thumbprint of a certificate used to encrypt the secrets in AD
You can "import" the CSV by using the "-FileImport" parameter.
NOTE: When not defining your own secret, please don't forget to specify an "ExportPath" by specifying the "-ExportPath" parameter!
NOTE: If secrets are detected the QR-image won't be generated!
C:\OTP4ADC\OTP4ADC.ps1 -attribute userParameters -GatewayURI portal.domain.com -ExportPath C:\export -FileImportEXPLANATION: Edit all users specified tin the CSV-file (add a newly generated secret if omitted for device specified in the CSV) to the attribute "userParameters".
The GatewayURI is specified as portal.domain.com.
When done export the QR PNG to the directory "C:\export", if a new secret was generated and not specified in the CSV.