turbot/duo

GitHub
steampipe plugin install duosteampipe plugin install duo

Table: duo_user

Users in the Duo account.

Examples

List all users

select
user_id,
username,
email
from
duo_user
order by
username

Users who have not yet enrolled

select
user_id,
username,
email
from
duo_user
where
not is_enrolled
order by
username

Most recent 10 users to login

select
user_id,
username,
email,
last_login
from
duo_user
order by
last_login desc
limit
10

Users who have never logged in

select
user_id,
username,
email
from
duo_user
where
last_login is null
order by
username

Users who have not logged in for more than 30 days

select
user_id,
username,
email,
last_login,
age(last_login) as age
from
duo_user
where
age(last_login) > interval '30 days'
order by
age desc

Users who are locked out

select
user_id,
username,
email,
last_login,
status
from
duo_user
where
status = 'locked_out'
order by
username

User statistics by status

select
status,
count(*)
from
duo_user
group by
status
order by
status

Users and their group memberships

select
u.username,
g ->> 'name' as groupname
from
duo_user as u,
jsonb_array_elements(u.groups) as g
order by
username,
groupname

Users and their phones

select
u.username,
p ->> 'number' as phone_number,
p ->> 'extension' as phone_extension
from
duo_user as u,
jsonb_array_elements(u.phones) as p
order by
username,
phone_number,
phone_extension

Users and their hardware tokens

select
u.username,
t ->> 'serial' as token_serial
from
duo_user as u,
jsonb_array_elements(u.tokens) as t
order by
username,
token_serial

.inspect duo_user

Users in the Duo account.

NameTypeDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
aliasesjsonbMap of the user's username alias(es). Up to eight aliases may exist.
createdtimestamp with time zoneThe user's creation date.
emailtextThe user's email address.
firstnametextThe user's given name.
groupsjsonbList of groups to which this user belongs.
is_enrolledbooleanIs true if the user has a phone, hardware token, U2F token, WebAuthn security key, or other WebAuthn method available for authentication. Otherwise, false.
last_directory_synctimestamp with time zoneThe last update to the user via directory sync, or null if the user has never synced with an external directory or if the directory that originally created the user has been deleted from Duo.
last_logintimestamp with time zoneThe last time this user logged in, or null if the user has not logged in.
lastnametextThe user's surname.
notestextNotes about this user.
phonesjsonbA list of phones that this user can use.
realnametextThe user's real name (or full name).
statustextThe user's status: active, bypass, disabled, locked out, pending deletion.
tokensjsonbA list of tokens that this user can use.
user_idtextThe user's ID.
usernametextThe user's username.