Is it possible to get a list of accounts missing MFA?
Hello security audit is upon us and we're to check all of our vaults for accounts missing MFA. The sheer volume of that makes me wonder if there's a possibility to automate this task, and get a list in the end, preferably sorted by AWS/Azure (for example)?
Any hints are welcome, I'll probably lose the rest of my sanity points if I have to go through it manually.
Thank you!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hey @viray ,
From the top of my head, you'll need to build a script that fetches all login items, exclude the ones that have a TOTP field and then output the ones that doesn't.
A good place to start would be with a command such as
op list items --categories login --vault TestVault | op get item -
In this command, you askop
to list all the items that are login items in a vault calledTestVault
(you can remove the--vault
flag if you want it to go over everything in one go but I think this will help you focus and locate things better), then you pipe it down to theop get item -
command which will grab each one of the login items details.If there's a TOTP field in an item, you will see it in the output. Get the script to parse the output and find if there is a TOTP field in every login item, then list the ones that don't.
0