Cloud SWG tenant has more than 100 administrators defined to manage the service.
For compliance reasons, SOC team needs to provide a report of all admins accessing the Cloud SWG Portal, with the following information:
Can go through each administrator manually and gather the information needed, but very cumbersome.
Is it possible to generate such a report?
Cloud SWG Portal.
Although no report is available that will do this, there is an easy way of pulling this information out of Cloud SWG using the following approach:
- From Cloud SWG Portal, go to Account Configuration/Administrators/Admins and Users
- Start developer tools and click the highlighted refresh button to generate a request to read the admin info
- Highlight the POST request to directprovider endpoint and browse to the 'Response' tab to view the JSON output that includes all the administrator information for this tenant. Save this JSON file as results.json.
- Using the following Python script, we can readin the results.json file from previous step and output the needed fields:
import json
# Opening JSON file
f = open('results.json',)
# returns JSON object as
# a dictionary
data = json.load(f)
# Iterating through the json
# list
# Iterate through the "users" array and print the desired variables
for user in data["result"]:
print("Name:", user["firstName"])
print("Email:", user["email"])
print("Enabled:", user["enabled"])
print("Roles:", user["roles"])
print()
# Closing file
f.close()
Sample output after saving results.json file
$ python.exe dump-user.py
Name: User One
Email: [email protected]
Enabled: True
Roles: ['ROLE_ADMIN', 'ROLE_REPORT_USER']
Name: User Two
Email: [email protected]
Enabled: True
Roles: ['ROLE_REPORT_USER']
Name: User Three
Email: [email protected]
Enabled: True
Roles: ['ROLE_ADMIN', 'ROLE_REPORT_USER', 'ROLE_REVIEWER']