https://community.cisco.com/t5/network-platform-api/vpn-user-provisioning-with-api/m-p/5449002#M7634 <P>Happy Friday everyone,<BR />Boss tasked me with going through our Anyconnect authorized users on Meraki, verifying who is inactive in AD, and removing inactive users from Anyconnect. While SCIM would be ideal, I'm not finding any SCIM availability for AnyConnect Provisioning. So far I'm getting the information I want from the Invoke-RestMethod, and I'm able to then query those users against AD to confirm Enabled -eq True. My final hurdle is to take the list of disabled users, get their id from the Meraki response, and send a DELETE invoke-RestMethod to delete the disabled users via the "<SPAN class=""><SPAN>{{baseUrl}}</SPAN></SPAN><SPAN>/networks/:networkId/merakiAuthUsers/:merakiAuthUserId" endpoint.</SPAN></P><PRE>$AllUsers = @()<BR />foreach ($NetworkID in $NetworkIDs) {<BR />$Users = Invoke-RestMethod -Method Get -Uri "https://api.meraki.com/api/v1/networks/$NetworkID/merakiAuthUsers" -Headers $headers<BR />$AllUsers += $Users<BR />}<BR />$InactiveUsers = foreach ($User in $AllUsers) {<BR />$ADUser = Get-ADUser -Filter "mail -eq '$($User.email)'" -Properties Enabled<BR />if ($ADUser -and !$ADUser.Enabled)<BR />}</PRE><P> Any tips or tricks would be greatly appreciated!</P> Fri, 08 Nov 2024 17:16:56 GMT gingerwon 2024-11-08T17:16:56Z https://community.cisco.com/t5/network-platform-api/vpn-user-provisioning-with-api/m-p/5449002#M7634 <P>Happy Friday everyone,<BR />Boss tasked me with going through our Anyconnect authorized users on Meraki, verifying who is inactive in AD, and removing inactive users from Anyconnect. While SCIM would be ideal, I'm not finding any SCIM availability for AnyConnect Provisioning. So far I'm getting the information I want from the Invoke-RestMethod, and I'm able to then query those users against AD to confirm Enabled -eq True. My final hurdle is to take the list of disabled users, get their id from the Meraki response, and send a DELETE invoke-RestMethod to delete the disabled users via the "<SPAN class=""><SPAN>{{baseUrl}}</SPAN></SPAN><SPAN>/networks/:networkId/merakiAuthUsers/:merakiAuthUserId" endpoint.</SPAN></P><PRE>$AllUsers = @()<BR />foreach ($NetworkID in $NetworkIDs) {<BR />$Users = Invoke-RestMethod -Method Get -Uri "https://api.meraki.com/api/v1/networks/$NetworkID/merakiAuthUsers" -Headers $headers<BR />$AllUsers += $Users<BR />}<BR />$InactiveUsers = foreach ($User in $AllUsers) {<BR />$ADUser = Get-ADUser -Filter "mail -eq '$($User.email)'" -Properties Enabled<BR />if ($ADUser -and !$ADUser.Enabled)<BR />}</PRE><P> Any tips or tricks would be greatly appreciated!</P> Fri, 08 Nov 2024 17:16:56 GMT https://community.cisco.com/t5/network-platform-api/vpn-user-provisioning-with-api/m-p/5449002#M7634 gingerwon 2024-11-08T17:16:56Z https://community.cisco.com/t5/network-platform-api/vpn-user-provisioning-with-api/m-p/5449003#M7635 <P>Going completely sideways; do you use Office 365/Entra ID? Have you considered authenticating directly against that instead?</P><P><A href="https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_Azure_AD_SAML_Configuration" target="_blank" rel="noopener nofollow noreferrer">https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/AnyConnect_Azure_AD_SAML_Configuration</A></P> Thu, 14 Nov 2024 09:56:15 GMT https://community.cisco.com/t5/network-platform-api/vpn-user-provisioning-with-api/m-p/5449003#M7635 Philip D'Ath 2024-11-14T09:56:15Z https://community.cisco.com/t5/network-platform-api/vpn-user-provisioning-with-api/m-p/5449004#M7636 <P>Thanks for the reply Philip!<BR /><BR />We have/are considering this, but didn't think SSO would automatically deprovision disabled users from the Meraki authenticated users list. Maybe this is a much simpler solution, I'll try to do some testing today. Thanks again!</P> Thu, 14 Nov 2024 14:54:37 GMT https://community.cisco.com/t5/network-platform-api/vpn-user-provisioning-with-api/m-p/5449004#M7636 gingerwon 2024-11-14T14:54:37Z