# ------------------------------------------------------------------
# AUTHOR: [LucidLink Support]
# NAME: jit_users_script.ps1
# VERSION: 1.0.1
# DESCRIPTION:  Lists "Just-in-Time" SSO users from backup and 
# imports into JIT SSO integrated Filespace, assigning Admin roles.
#
# THE SCRIPT IS PROVIDED “AS IS” AND “AS AVAILABLE” AND IS WITHOUT
# WARRANTY OF ANY KIND. PLEASE REVIEW ALL TERMS AND CONDITIONS.
# https://www.lucidlink.com/legal-documents
# ------------------------------------------------------------------

Param(
[string]$ROOTPWD
)

# --- Ensure password ---
if ([string]::IsNullOrEmpty($ROOTPWD)) {
    Write-Host "Usage: .\jit_users_script.ps1 <rootpwd> `r`nRequest failed with: Bad Request `r`nEmpty required parameter 'password' is not allowed!"
    exit 1;
}

# --- Filter Legacy SSO Azure and Okta users and roles ---
$SOURCEUSERS = get-content .\jit_users_backup.txt
$USERS = $SOURCEUSERS.trim() -replace "(?<=\s).*Standard user","" -replace '(?<=\s).+(?=Administrator)', ' ' -replace ('Administrator', 'admin') -replace '\s+', ';' -match "sso\\" 
$ADMINS = $USERS -match 'admin'

# --- Loop through users, creating within new JIT SSO provider users ---
foreach ($LINES in $USERS) {
$USR, $ROLE = $LINES -split ';'
Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "user --create ""$USR"" --password ""$ROOTPWD""" -Wait -RedirectStandardOutput jit_user_output.txt -RedirectStandardError jit_user_error_output.txt
Get-Content jit_user_output.txt, jit_user_error_output.txt
Get-Content jit_user_output.txt, jit_user_error_output.txt | Out-File jit_user_log.txt -Append
}

# --- Assign Admin roles to users ---
foreach ($LINES in $ADMINS) {
$USR, $ROLE = $LINES -split ';'
Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "user --set ""$USR"" --add-role $ROLE --password ""$ROOTPWD""" -Wait -RedirectStandardOutput jit_user_role_output.txt -RedirectStandardError jit_user_role_error_output.txt
Get-Content jit_user_role_output.txt, jit_user_role_error_output.txt
Get-Content jit_user_role_output.txt, jit_user_role_error_output.txt | Out-File jit_user_role_log.txt -Append
}

exit