Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1627
Views
4
Helpful
4
Replies

List users for all Child accounts via Accounts API

firstcolumn
Level 1
Level 1

‎07-22-2021 10:12 AM

We are trying to list the users from all of our Child accounts using the Accounts API. The documentation is very sparse for accessing child accounts, it just says to use the Accounts API and append account_id=[enter the accountid] to the end of an API call. However, it isn’t working. I’ve tried using both the Accounts API keypair or the Admin api keypair, but both respond with an error that the signature is wrong. When making requests without the account_id, it works just fine.

Has anyone had experience with accessing child accounts programmatically?

We are using PowerShell for our API calls, but I can parse through Python or Perl if you have examples.

Labels:
0 Helpful
4 Replies 4

DuoKristina
Cisco Employee
Cisco Employee

‎07-23-2021 12:54 PM

Like this…

  1. Create the Accounts API integration in the parent.
  2. Find the target child’s account ID with a post to /accounts/v1/accounts/list (or poke around in the Admin Panel > Accounts page)
  3. the admin api GET request is like https://parent.duosecurity.com/admin/v1/users?account_id=THECHILDACCOUNTIDX and uses the ikey/skey from the Accounts API integration created in step 1.
Duo, not DUO.

me1299
Level 1
Level 1

‎01-11-2022 02:14 PM

Sorry to bump this thread but I have the exact same problem. The solution as is posted by DuoKristina simply does not work for me.

When using the admin API with the ApiKey and Secret from the Accounts API I get an error:

Invalid signature in request credentials

Seperately the credentials work fine for all /account api calls. As do the key and secret for the admin API.

0 Helpful

firstcolumn
Level 1
Level 1
In response to me1299

‎01-12-2022 04:56 AM

I got this working by making sure that the child account ID was hashed into the authentication request. I’m using PowerShell, and the New-DuoRequest module found here duo/new-duoRequest.ps1 at master · StarkCaptain/duo · GitHub.

My request looks like this:

New-DuoRequest -apiHost "api-parent.duosecurity.co" -apiEndpoint "/admin/v1/users" -requestMethod "GET" -apiSecret "parentsecret" -apiKey "Parentkey" -requestparams @{account_id = "childAccountID"}

Hopefully that helps!

me1299
Level 1
Level 1
In response to firstcolumn

‎01-12-2022 05:13 AM

Thank you very much!!! This was the solution. I tried passing the account_id as an extra header but it has to be in the body.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents