# ------------------------------------------------------------------
# AUTHOR: [LucidLink Support]
# NAME: sso_users_script.ps1
# VERSION: 1.0.1
# DESCRIPTION:  Lists Legacy SSO users from backup and imports
# into JIT SSO integrated Filespace, assigning Admin roles.
#
# THE SCRIPT IS PROVIDED “AS IS” AND “AS AVAILABLE” AND IS WITHOUT
# WARRANTY OF ANY KIND. PLEASE REVIEW ALL TERMS AND CONDITIONS.
# https://www.lucidlink.com/legal-documents
# ------------------------------------------------------------------

Param(
[string]$FS1ROOTPWD
)

# --- Ensure password ---
if ([string]::IsNullOrEmpty($FS1ROOTPWD)) {
    Write-Host "Usage: .\sso_users_script.ps1 <rootpwd> `r`nRequest failed with: Bad Request `r`nEmpty required parameter 'password' is not allowed!"
    exit 1;
}

# --- Filter Legacy SSO Azure and Okta users and roles ---
$SOURCEUSERS = get-content .\sso_users_backup.txt
$USERS = $SOURCEUSERS.trim() -replace "(?<=\s).*Standard user","" -replace '(?<=\s).+(?=Administrator)', ' ' -replace ('Administrator', 'admin') -replace '\s+', ';' -match "azure\\|okta\\"  -replace ('azure', 'sso')  -replace ('okta', 'sso')
$ADMINS = $USERS -match 'admin'

# --- Loop through users, creating within new JIT SSO provider users ---
foreach ($LINES in $USERS) {
$USR, $ROLE = $LINES -split ';'
Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "user --create ""$USR"" --password ""$FS1ROOTPWD""" -Wait -RedirectStandardOutput sso_user_output.txt -RedirectStandardError sso_user_error_output.txt
Get-Content sso_user_output.txt, sso_user_error_output.txt
Get-Content sso_user_output.txt, sso_user_error_output.txt | Out-File sso_user_log.txt -Append
}

# --- Assign Admin roles to users ---
foreach ($LINES in $ADMINS) {
$USR, $ROLE = $LINES -split ';'
Start-Process -WindowStyle hidden -FilePath "C:\Program Files\Lucid\Resources\Lucid.exe" -ArgumentList "user --set ""$USR"" --add-role $ROLE --password ""$FS1ROOTPWD""" -Wait -RedirectStandardOutput sso_user_role_output.txt -RedirectStandardError sso_user_role_error_output.txt
Get-Content sso_user_role_output.txt, sso_user_role_error_output.txt
Get-Content sso_user_role_output.txt, sso_user_role_error_output.txt | Out-File sso_user_role_log.txt -Append
}

exit