Reference MFA implementation using Rest API in PowerShell

Introduction

This PowerShell script is a reference implementation for using REST API  to implement UPSSO authentication/MFA in custom applications.

Capabilities

• Login using default UPSSO authentication
• Login using LDAP authentication.
• Select the type of MFA delivery (SMS, Email, or Google Authenticator)
• Validate OTP

Usage

Register API application.

• sing UPSSO web UI, register an application. Please refer to the following link on how to generate REST API Credential

Update API credentials in the script.

• Download the PowerShell script package below and unzip it.
• Right-click the PowerShell script and click edit.
• Under the global variables, find $Client_ID and replace the value with the previous step's generated value.
• Under the global variables, find $token and replace the value with the previous step's generated value.
• Save the file and exit.

Running the script

• Right-click on the PowerShell script and click run.
• In the address, enter the IP address or domain name. (Example:192.168.3.70 or sso.upsso.net)
• In the username prompt, enter UPSSO/LDAP user.
• In the password prompt, enter the password of the user entered in the previous step.
• In the OTP type, enter the type which you want to receive OTP
• Script validates the username and password and prompts for OTP as per the configuration.
• Enter the received OTP if prompted.
• Authentication status is printed on the console.

API's used in the script.

1. Get Token API
2. Authenticate User
3. Validate OTP
4. Terminate session.

Flow diagram

Sample Script Execution