I am trying to set up a workflow so that when certain alerts are triggered by MS Defender, InsightConnect makes a call to Entra ID’s API using the Rapid7 Entra ID plugin to reset a user’s password. I don’t see an option to have the password be randomly generated, it only gives me an option to hard code such password. Does anyone have experience setting this up, and if so, were you able to have the password be randomly generated? Even if I try to create a random string using a Python script or similar, I don’t see any options to use that output as an input for the plugin.
generating a password in a previous step still logs the password used.
I had to generate a very long secure password to always use that no one knows.
It would be nice if the step had a checkbox to randomly generate one.
I know each step should only do one function, but to reduce the calls and logs capturing this it would be nice if it was all done behind the scene.
I definitely hear you there. I am not sure how I could overcome this in the builder without some form of enhancement to ICON. Even if I output the PW as something encrypted, the act of decrypting it will display it in the decryption step.
I can pass your feedback to the Dev’s.
You would be fine with the account password being randomly generated by the reset password action, and no way of obtaining the PW after the fact be it locally on the orchestrator or the output in the jobs page?
correct, we currently set a password that no one knows, then direct the user to go through the normal password reset process. We also do this on termination to set the user to an “unknown” password. We also run the step twice with two different passwords to clear out any tokens
Thank you for sharing the snippet, that worked! I implemented that in my workflow and tested it successfully. And I agree with @brandon_mcclure, it would be great if the plugin had this built in, even if the password was not recoverable. In that case, we would rely on users using authentication methods to get back into their accounts. If you do pass the feedback to the dev team, are you able to let us know how likely this would be implemented, and if there is a way to keep track of the implementation if they do move forward with it?
