Reference MFA implementation using Rest API in PowerShell

Introduction

This PowerShell script is a reference implementation for using REST API  to implement UPSSO authentication/MFA in custom applications.

Capabilities

  • Login using default UPSSO authentication
  • Login using LDAP authentication.
  • Select the type of MFA delivery (SMS, Email, or Google Authenticator)
  • Validate OTP

Usage

Register API application.

Update API credentials in the script.

  • Download the PowerShell script package below and unzip it.
  • Right-click the PowerShell script and click edit.
  • Under the global variables, find $Client_ID and replace the value with the previous step's generated value.
  • Under the global variables, find $token and replace the value with the previous step's generated value.
  • Save the file and exit.

Running the script

  • Right-click on the PowerShell script and click run.
  • In the address, enter the IP address or domain name. (Example:192.168.3.70 or sso.upsso.net)
  • In the username prompt, enter UPSSO/LDAP user.
  • In the password prompt, enter the password of the user entered in the previous step.
  • In the OTP type, enter the type which you want to receive OTP
  • Script validates the username and password and prompts for OTP as per the configuration.
  • Enter the received OTP if prompted.
  • Authentication status is printed on the console.

API's used in the script.

  1. Get Token API
  2. Authenticate User
  3. Validate OTP
  4. Terminate session.

Flow diagram

Diagram

Description automatically generated

Sample Script Execution