Public/DuoUserFunctions.ps1

Function Sync-DuoUser{
<#
.SYNOPSIS
    Syncs a user from Duo to from directory within Duo
 
.DESCRIPTION
     Syncs a user from Duo to from directory
 
.PARAMETER Username
    Sync user by their Duo username
 
.PARAMETER UserID
    Sync user by their Duo UserID
 
.PARAMETER Directory
    The intended directory you wish to sync from
 
.Parameter Email
    Switch to change username search to email if normalization is on
 
.OUTPUTS
    [PSCustomObject]DuoRequest
 
.EXAMPLE
    Sync-DuoUser -Username DuoUser1 -Directory "DuoDirectory"
 
.EXAMPLE
    Sync-Duouser -Username DuoUser1@Duosecurity.com -Directory "DuoDirectory"
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>

    Param(
        [Parameter(
            Mandatory=$true,
            ValueFromPipeLine=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "User: $($_) doesn't exist in Duo"}
        })]
            [String]$Username,
        [Parameter(
            Mandatory=$true,
            Position=1)]
        [ValidateNotNullOrEmpty()]
        [ValidateScript({
            If($_ -In (Get-DuoDirectoryNames)){$true}
            Else{Throw "$($_) is an invalid directory"}
        })]
            [String]$Directory,
        [Parameter(
            Mandatory=$false,
            Position=2
        )]
            [Switch]$Email
    )
    
    $dKey = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR((Get-DuoDirectoryKey -DirectoryName $Directory)))
    
    #Base Claim
    [String]$Method = "POST"
    [String]$Uri = "/admin/v1/users/directorysync/$($dKey)/syncuser"
    [Hashtable]$DuoParams = @{}

    #$User = Get-DuoUser -Username $Username
    If($Email){$VerifiedUsername = (Get-Duouser -Username $Username).email}
    Else{$VerifiedUsername = $Username}
    $DuoParams.Add("username",$VerifiedUsername.ToLower())

    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }

}

Function Get-DuoUser {
<#
.Synopsis
    Utilizing Duo REST API to return user(s)
.DESCRIPTION
    Returns a list of Duo users or an individual user
 
.EXAMPLE
    Get-DuoUser
    Returns all users from Duo. Initiates a call for each 300
 
.EXAMPLE
    Get-UserUser -Username TestUser
 
.EXAMPLE
    Get-UserUser -UserID ABCDEF12G34567HIJKLM
 
.OUTPUTS
    [PSCustomObject]$DuoUsers
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>

    [CmdletBinding(DefaultParameterSetName="Uname")]
    PARAM(
        [Parameter(ParameterSetName="UName",
            Mandatory = $false,
            ValueFromPipeLine = $true,
            Position=0
            )]
            [String]$Username,
        [Parameter(ParameterSetName="UID",
            Mandatory = $false,
            ValueFromPipeLine = $false,
            Position=0
            )]
            [String]$UserID
    )

    #Base claim
    [String]$Method = "GET"
    [String]$Uri = "/admin/v1/users"
    [Hashtable]$DuoParams = @{}

    If($Username){
        $DuoParams.Add("username",$Username.ToLower())
    }
    ElseIf($UserID){    
        $Uri = "/admin/v1/users/$($UserID)"
    }
    Else{
        $DuoParams.Add("limit","300")
        $DuoParams.Add("offset","0")
    }
    $Offset = 0

    #Duo has a 300 user limit in their api. Loop to return all users
    Do{
        $DuoParams.Offset = $Offset
        $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
        $Response = Invoke-RestMethod @Request
        If($Response.stat -ne 'OK'){
            Write-Warning 'DUO REST Call Failed'
            Write-Warning "Arguments:"+($DuoParams | Out-String)
            Write-Warning "Method:$Method Path:$Uri"
        }   
        Else{
            $Output = $Response | Select-Object -ExpandProperty Response 
            $Output
            #Increment offset to return the next 300 users
            $Offset += 300
        }
    }Until($Output.Count -lt 300)
}

Function New-DuoUser{
<#
.SYNOPSIS
    Creates a new user within Duo with Duo as the source
 
.DESCRIPTION
     Creates a new user within Duo
 
.PARAMETER Username
    New user's username
 
.PARAMETER Alias1
    First alias for the new user
 
.PARAMETER Alias2
    Second alias for the new user
 
.PARAMETER Alias3
    Third alias for the new user
 
.PARAMETER Alias4
    Fourth alias for the new user
 
.PARAMETER Realname
    The user's realname
 
.PARAMETER Firstname
    User's first name
 
.PARAMETER Lastname
    User's last name
 
.Parameter Email
    User's email address
 
.Parameter Status
    Status for the account to be created with either Active, Bypass, or Disabled
 
.Parameter Notes
    Any notes to be included on the Duo account
 
.OUTPUTS
    [PSCustomObject]DuoRequest
 
.EXAMPLE
    New-DuoUser -Username DuoUser1
 
.EXAMPLE
    New-DuoUser -Username DuoUser1 -email DuoUser1@duosecurity.com
 
.EXAMPLE
    New-DuoUser -UserName DuoUser1 -email DuoUser1@duosecurity.com -alias1 DuoDemo -Status Disabled -Notes "Demo purposes"
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>

    Param(
        [Parameter(Mandatory=$true)]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){Throw "User: $($_) already exist in Duo"}
            Else{$true}
        })]
        [String]$Username,
        
        [Parameter(Mandatory=$false)]
        [String]$Alias1,
        
        [Parameter(Mandatory=$false)]
        [String]$Alias2,
        
        [Parameter(Mandatory=$false)]
        [String]$Alias3,
        
        [Parameter(Mandatory=$false)]
        [String]$Alias4,
        
        [Parameter(Mandatory=$false)]
        [String]$Realname,
        
        [Parameter(Mandatory=$false)]
        [String]$Firstname,
        
        [Parameter(Mandatory=$false)]
        [String]$Lastname,
        
        [Parameter(Mandatory=$false)]
        [String]$Email,
        
        [Parameter(Mandatory=$false)]
        [ValidateSet("Active","Bypass","Disabled")]
        [String]$Status,
        
        [Parameter(Mandatory=$false)]
        [String]$Notes
    )

    #Base claim
    [String]$Method = "POST"
    [String]$Uri = "/admin/v1/users"
    [Hashtable]$DuoParams = @{}

    #Add Username
    $DuoParams.Add("username",$Username.ToLower())

    #Add Optional Parameters
    If($Alias1){$DuoParams.Add("alias1",$Alias1.ToLower())}
    If($Alias2){$DuoParams.Add("alias2",$Alias2.ToLower())}
    If($Alias3){$DuoParams.Add("alias3",$Alias3.ToLower())}
    If($Alias4){$DuoParams.Add("alias4",$Alias4.ToLower())}
    If($Realname){$DuoParams.Add("realname",$Realname)}
    If($Firstname){$DuoParams.Add("firstname",$Firstname)}
    If($Lastname){$DuoParams.Add("lastname",$Lastname)}
    If($Email){$DuoParams.Add("email",$Email.ToLower())}
    If($Status){$DuoParams.Add("status",$Status.ToLower())}
    If($Notes){$DuoParams.Add("notes",$Notes)}

    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }
}

Function Set-DuoUser{
<#
.SYNOPSIS
    Sets fields on a Duo user account.
 
.DESCRIPTION
    Sets fields on a Duo user account.
 
.PARAMETER Username
    Sync user by their Duo username
 
.PARAMETER UserID
    Sync user by their Duo UserID
 
.PARAMETER Directory
    The intended directory you wish to sync from
 
.Parameter Email
    Switch to change username search to email if normalization is on
 
.OUTPUTS
    [PSCustomObject]DuoRequest
 
.EXAMPLE
    Set-DuoUser -Username DuoUser1 -Directory "DuoDirectory"
 
.EXAMPLE
    Set-Duouser -Username DuoUser1@Duosecurity.com -Directory "DuoDirectory"
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>

    Param(
        [Parameter(
            Mandatory=$true,
            ValueFromPipleLine=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserID $_){$true}
            Else{Throw "Invalid User ID"}
        })]
        [String]$UserID,

        [Parameter(
            Mandatory=$false,
            ValueFromPipleLine=$true,
            Position=1
        )]
        [String]$Username,

        [Parameter(Mandatory=$false)]
        [String]$Alias1,

        [Parameter(Mandatory=$false)]
        [String]$Alias2,

        [Parameter(Mandatory=$false)]
        [String]$Alias3,

        [Parameter(Mandatory=$false)]
        [String]$Alias4,

        [Parameter(Mandatory=$false)]
        [String]$RealName,
        
        [Parameter(Mandatory=$false)]
        [String]$FirstName,
        
        [Parameter(Mandatory=$false)]
        [String]$LastName,
        
        [Parameter(Mandatory=$false)]
        [String]$Email,
        
        [ValidateSet("Active","Bypass","Disabled")]
        [String]$Status,
        
        [Parameter(Mandatory=$false)]
        [String]$Notes
    )

    #Base claim
    [String]$Method = "POST"
    [String]$Uri = "/admin/v1/users/$($UserID)"
    [Hashtable]$DuoParams = @{}

    #Create claim with selected attributes to be modified
    If($Username){$DuoParams.Add("username",$Username.ToLower())}
    If($Alias1){$DuoParams.Add("Alias1",$alias1.ToLower())}
    If($Alias2){$DuoParams.Add("Alias2",$alias2.ToLower())}
    If($Alias3){$DuoParams.Add("Alias3",$alias3.ToLower())}
    If($Alias4){$DuoParams.Add("Alias4",$alias4.ToLower())}
    If($RealName){$DuoParams.Add("realname",$RealName)}
    If($FirstName){$DuoParams.Add("firstname",$FirstName)}
    If($LastName){$DuoParams.Add("lastname",$LastName)}
    If($Email){$DuoParams.Add("email",$Email.ToLower())}
    If($Status){$DuoParams.Add("status",$Status.ToLower())}
    If($Notes){$DuoParams.Add("Notes",$Notes)}

    #Creates the request
    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    #Error Handling
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }
    #Returning request
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }
}

Function Remove-DuoUser{
<#
.SYNOPSIS
    Removes a Duo user.
 
.DESCRIPTION
    This function removes a specified Duo user by UserID. It includes an optional confirmation prompt unless the Force switch is used.
 
.PARAMETER UserID
    The user ID of the Duo user to be removed. This parameter is mandatory.
 
.PARAMETER Force
    If specified, the user will be removed without a confirmation prompt.
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>


    PARAM(
        [Parameter(
            Mandatory=$true,
            ValueFromPipleLine=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserID $_){$true}
            Else{Throw "Invalid User ID"}
        })]$UserID,

        [Switch]$Force
    )
    $Username = (Get-DuoUser -UserID $UserID).username
    If($Force -eq $false){
        $Confirm = $Host.UI.PromptForChoice("Please Confirm","Are you sure you want to delete $($Username) from Duo?",@("Yes","No"),1)
    }

    #
    If(($Force -eq $true) -or ($Confirm -eq 0)){
        #Base claim
        [String]$Method = "POST"
        [String]$Uri = "/admin/v1/users/$($UserID)"

        #Creates the request
        $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
        $Response = Invoke-RestMethod @Request
        
        #Error Handling
        If($Response.stat -ne 'OK'){
            Write-Warning 'DUO REST Call Failed'
            Write-Warning "Arguments:"+($DuoParams | Out-String)
            Write-Warning "Method:$Method Path:$Uri"
        }
        #Returning request
        Else{
            $Output = $Response | Select-Object -ExpandProperty Response 
            $Output
        }
    }
}

Function New-DuoUserEnrollment{
<#
.SYNOPSIS
    Enrolls a new Duo user.
 
.DESCRIPTION
    This function enrolls a new Duo user by specifying the username and email. It also allows setting an expiration time for the enrollment.
 
.PARAMETER Username
    The Duo username to be enrolled. This parameter is mandatory.
 
.PARAMETER Email
    The email address to be enrolled. This parameter is mandatory.
 
.PARAMETER ExpirationDate
    The date and time when the enrollment expires. This parameter is optional and is part of the DateTime parameter set.
 
.PARAMETER TimeToExpire
    The number of seconds until the enrollment expires. This parameter is optional and is part of the Seconds parameter set.
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>


    Param(
        [Parameter(
            Mandatory=$true,
            HelpMessage="Duo username to be enrolled",
            ValueFromPipleLine=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -Username $_){$true}
            Else{Throw "Invalid User ID"}
        })]
        [String]$Username,

        [Parameter(
            Mandatory=$true,
            HelpMessage="Email to be enrolled",
            ValueFromPipeline=$true,
            Position=1
        )]
        [MailAddress]$Email,

        [Parameter(ParameterSetName="DateTime",
            HelpMessage="DateTime for when enrollment expires",
            Mandatory=$false,
            ValueFromPipeline=$false,
            Position=2
        )]
        [DateTime]$ExpirationDate,

        [Parameter(ParameterSetName="Seconds",
            HelpMessage="How many seconds until enrollment expires",
            Mandatory=$false,
            ValueFromPipeline=$false,
            Position=2
        )]
        [Int]$TimeToExpire
    )

    If($ExpirationDate){
        $Time = ($ExpirationDate - (Get-Date)).TotalSeconds
    }
    ElseIf($TimeToExpire){
        $Time = $TimeToExpire
    }


    #Base claim
    [String]$Method = "POST"
    [String]$Uri = "/admin/v1/users/enroll"
    [Hashtable]$DuoParams = @{}

    $DuoParams.Add("username",$Username.ToLower())
    $DuoParams.Add("email",$Email.ToString().ToLower())
    If($Time){
        $Time = [Math]::Round($Time)
        $DuoParams.Add("valid_secs",$Time.ToString())
    }

    #Creates the request
    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    
    #Error Handling
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }
    #Returning request
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }
}

Function New-DuoUserBypassCode{
<#
.SYNOPSIS
    Creates new bypass codes for a Duo user.
 
.DESCRIPTION
    This function creates new bypass codes for a specified Duo user. It allows for defining the number of codes, specific codes, number of uses, and expiration time.
 
.PARAMETER Username
    The username of the Duo user. This parameter is mandatory.
 
.PARAMETER Count
    The number of bypass codes to create. The maximum is 10. This parameter is optional.
 
.PARAMETER Codes
    Specific bypass codes to be used. The maximum is 10. This parameter is optional.
 
.PARAMETER NumberOfUses
    The number of times the bypass codes can be used. The default is 1. This parameter is optional.
 
.PARAMETER ExpirationDate
    The expiration date and time for the bypass codes. This parameter is optional and is part of the DateTime parameter set.
 
.PARAMETER TimeToExpire
    The number of seconds until the bypass codes expire. This parameter is optional and is part of the Seconds parameter set.
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>


    Param(
        [Parameter(
            Mandatory=$true,
            ValueFromPipleLine=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -Username $_){$true}
            Else{Throw "Invalid User ID"}
        })]
        [String]$Username,

        [Parameter(
            Mandatory=$false,
            HelpMessage="Define bypass codes to be used. Maximum of 10",
            ValueFromPipeline=$false
        )]
        [Int]$Count,
        
        [Parameter(
            Mandatory=$false,
            HelpMessage="Define bypass codes to be used. Maximum of 10",
            ValueFromPipeline=$false
        )]
        [String]$Codes,

        [Parameter(
            Mandatory=$false,
            HelpMessage="Number of times the bypass codes can be used. Default of 1",
            ValueFromPipeline=$false
        )]
        [Int]$NumberOfUses,

        [Parameter(ParameterSetName="DateTime",
            HelpMessage="DateTime for when bypass codes expire",
            Mandatory=$false,
            ValueFromPipeline=$false
        )]
        [DateTime]$ExpirationDate,

        [Parameter(ParameterSetName="Seconds",
            HelpMessage="How many seconds until bypass code expires",
            Mandatory=$false,
            ValueFromPipeline=$false
        )]
        [Int]$TimeToExpire
    )
    $UserID = (Get-DuoUser -Username $Username).user_id

    If($ExpirationDate){
        $Time = [Math]::Round(($ExpirationDate - (Get-Date)).TotalSeconds)
    }
    ElseIf($TimeToExpire){
        $Time = $TimeToExpire
    }
    Else{
        $Time = 3600
    }

    If($Count -eq $null){
        $Count = 1
    }

    #Base claim
    [String]$Method = "POST"
    [String]$Uri = "/admin/v1/users/$($UserID)/bypass_codes"
    [Hashtable]$DuoParams = @{}
    $DuoParams.Add("count",$Count.ToString())
    If($Codes){
        $Codes = $Codes | ConvertTo-Csv -NoTypeInformation
        $DuoParams.Add("codes",$Codes)
    }
    If($NumberOfUses){
        $DuoParams.Add("resuse_count",$NumberOfUses)
    }
    $DuoParams.Add("valid_secs",$Time.ToString())

    #Creates the request
    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    
    #Error Handling
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }
    #Returning request
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }
}

Function Get-DuoUserBypassCode{
<#
.SYNOPSIS
    Retrieves bypass codes associated with a Duo user.
 
.DESCRIPTION
    This function retrieves bypass codes associated with a Duo user based on the provided parameters. It can fetch bypass codes by Username or UserID.
 
.PARAMETER Username
    The username of the Duo user. This parameter is optional and can be piped.
 
.PARAMETER UserID
    The user ID of the Duo user. This parameter is optional.
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>


    [CmdletBinding(DefaultParameterSetName="Uname")]
    PARAM(
        [Parameter(ParameterSetName="UName",
            Mandatory = $false,
            ValueFromPipeLine = $true,
            Position=0
            )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "User: $($_) doesn't exist in Duo"}
        })]
        [String]$Username,
        
        [Parameter(ParameterSetName="UID",
            Mandatory = $false,
            ValueFromPipeLine = $false,
            Position=0
            )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$UserID
    )

    If($Username){
        $UserID = (Get-DuoUser -Username $Username).user_id
    }

    #Base claim
    [String]$Method = "GET"
    [String]$Uri = "/admin/v1/users/$($UserID)/bypass_codes"
    [Hashtable]$DuoParams = @{}
    $DuoParams.Add("limit","300")
    $DuoParams.Add("offset","0")

    #Creates the request
    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    
    #Call private function to validate and format the request
    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Offset = 0

    #Duo has a 500 bypass code limit in their api. Loop to return all bypass codes
    Do{
        $DuoParams.Offset = $Offset
        $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
        $Response = Invoke-RestMethod @Request
        If($Response.stat -ne 'OK'){
            Write-Warning 'DUO REST Call Failed'
            Write-Warning "Arguments:"+($DuoParams | Out-String)
            Write-Warning "Method:$Method Path:$Uri"
        }   
        Else{
            $Output = $Response | Select-Object -ExpandProperty Response 
            $Output
            #Increment offset to return the next 300 users
            $Offset += 500
        }
    }Until($Output.Count -lt 500)
}

Function Get-DuoUserGroup{
<#
.SYNOPSIS
    Retrieves groups associated with a Duo user.
 
.DESCRIPTION
    This function retrieves groups associated with a Duo user based on the provided parameters. It can fetch groups by Username or UserID.
 
.PARAMETER Username
    The username of the Duo user. This parameter is optional and can be piped.
 
.PARAMETER UserID
    The user ID of the Duo user. This parameter is optional.
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>


    [CmdletBinding(DefaultParameterSetName="Uname")]
    PARAM(
        [Parameter(ParameterSetName="UName",
            Mandatory = $false,
            ValueFromPipeLine = $true,
            Position=0
            )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "User: $($_) doesn't exist in Duo"}
        })]
        [String]$Username,
        
        [Parameter(ParameterSetName="UID",
            Mandatory = $false,
            ValueFromPipeLine = $false,
            Position=0
            )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$UserID
    )

    If($Username){
        $UserID = (Get-DuoUser -Username $Username).user_id
    }

    #Base claim
    [String]$Method = "GET"
    [String]$Uri = "/admin/v1/users/$($UserID)/groups"
    [Hashtable]$DuoParams = @{}
    $DuoParams.Add("limit","300")
    $DuoParams.Add("offset","0")

    #Creates the request
    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    
    #Call private function to validate and format the request
    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Offset = 0

    #Duo has a 500 bypass code limit in their api. Loop to return all bypass codes
    Do{
        $DuoParams.Offset = $Offset
        $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
        $Response = Invoke-RestMethod @Request
        If($Response.stat -ne 'OK'){
            Write-Warning 'DUO REST Call Failed'
            Write-Warning "Arguments:"+($DuoParams | Out-String)
            Write-Warning "Method:$Method Path:$Uri"
        }   
        Else{
            $Output = $Response | Select-Object -ExpandProperty Response 
            $Output
            #Increment offset to return the next 300 users
            $Offset += 500
        }
    }Until($Output.Count -lt 500)
}

Function Add-DuoGroupMember{
<#
.SYNOPSIS
    Adds a user to a Duo group.
 
.DESCRIPTION
    This function adds a user to a specified Duo group based on the provided parameters. It can add users by Username or UserID.
 
.PARAMETER Username
    The username of the Duo user. This parameter is mandatory when using the Uname parameter set.
 
.PARAMETER UserID
    The user ID of the Duo user. This parameter is mandatory when using the UID parameter set.
 
.PARAMETER GroupID
    The ID of the Duo group to which the user will be added. This parameter is mandatory.
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>


    [CmdletBinding(DefaultParameterSetName="Uname")]
    Param(
        [Parameter(ParameterSetName="Uname",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "User: $($_) doesn't exist in Duo"}
        })]
        [String]$Username,

        [Parameter(ParameterSetName="UID",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$UserID,
        
        [Parameter(Mandatory=$true,
            ValueFromPipeline=$true,
            Position=1
        )]
        [ValidateScript({
            If(Test-DuoGroup -GroupID $_){$true}
            Else{Throw "GroupID: $($_) doesn't exist in Duo"}
        })]
        [String]$GroupID
    )

    If($Username){
        $UserID = (Get-DuoUser -Username $Username).user_id
    }

    #Base claim
    [String]$Method = "POST"
    [String]$Uri = "/admin/v1/users/$($UserID)/groups"
    [Hashtable]$DuoParams = @{}
    $DuoParams.Add("group_id",$GroupID)

    #Creates the request
    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    
    #Error Handling
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }
    #Returning request
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }
}

Function Remove-DuoGroupMember{
<#
.SYNOPSIS
    Removes a user from a Duo group.
 
.DESCRIPTION
    This function removes a user from a specified Duo group based on the provided parameters. It can remove users by Username or UserID.
 
.PARAMETER Username
    The username of the Duo user. This parameter is mandatory when using the Uname parameter set.
 
.PARAMETER UserID
    The user ID of the Duo user. This parameter is mandatory when using the UID parameter set.
 
.PARAMETER GroupID
    The ID of the Duo group from which the user will be removed. This parameter is mandatory.
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>


    [CmdletBinding(DefaultParameterSetName="Uname")]
    Param(
        [Parameter(ParameterSetName="Uname",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "User: $($_) doesn't exist in Duo"}
        })]
        [String]$Username,

        [Parameter(ParameterSetName="UID",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$UserID,

        [Parameter(Mandatory=$true,
            ValueFromPipeline=$true,
            Position=1
        )]
        [ValidateScript({
            If(Test-DuoGroup -GroupID $_){$true}
            Else{Throw "GroupID: $($_) doesn't exist in Duo"}
        })]
        [String]$GroupID
    )

    If($Username){
        $UserID = (Get-DuoUser -Username $Username).user_id
    }

    #Base claim
    [String]$Method = "DELETE"
    [String]$Uri = "/admin/v1/users/$($UserID)/groups/$($GroupID)"
    [Hashtable]$DuoParams = @{}

    #Creates the request
    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    
    #Error Handling
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }
    #Returning request
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }
}

Function Get-DuoUserPhone{
<#
.SYNOPSIS
    Retrieves phones associated with a Duo user.
 
.DESCRIPTION
    This function retrieves phones associated with a Duo user based on the provided parameters. It can fetch phones by Username or UserID.
 
.PARAMETER Username
    The username of the Duo user. This parameter is mandatory when using the Uname parameter set.
 
.PARAMETER UserID
    The user ID of the Duo user. This parameter is mandatory when using the UID parameter set.
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>


    [CmdletBinding(DefaultParameterSetName="Uname")]
    Param(
        [Parameter(ParameterSetName="Uname",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "User: $($_) doesn't exist in Duo"}
        })]
        [String]$Username,

        [Parameter(ParameterSetName="UID",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$UserID
    )

    If($Username){
        $UserID = (Get-DuoUser -Username $Username).user_id
    }

    #Base claim
    [String]$Method = "GET"
    [String]$Uri = "/admin/v1/users/$($UserID)/phones"
    [Hashtable]$DuoParams = @{}
    $DuoParams.Add("limit","500")
    $DuoParams.Add("offset","0")
    
    $Offset = 0

    #Duo has a 500 phone limit in their api. Loop to return all phones
    Do{
        $DuoParams.Offset = $Offset
        $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
        $Response = Invoke-RestMethod @Request
        If($Response.stat -ne 'OK'){
            Write-Warning 'DUO REST Call Failed'
            Write-Warning "Arguments:"+($DuoParams | Out-String)
            Write-Warning "Method:$Method Path:$Uri"
        }   
        Else{
            $Output = $Response | Select-Object -ExpandProperty Response 
            $Output
            #Increment offset to return the next 500 phones
            $Offset += 500
        }
    }Until($Output.Count -lt 500)
}

Function Add-DuoPhoneMember{
<#
.SYNOPSIS
    Adds a phone to a Duo user.
 
.DESCRIPTION
    This function adds a phone to a Duo user based on the provided parameters. It can add phones by Username or UserID and PhoneNumber or PhoneID.
 
.PARAMETER Username
    The username of the Duo user. This parameter is mandatory when using the Uname parameter set.
 
.PARAMETER UserID
    The user ID of the Duo user. This parameter is mandatory when using the UID parameter set.
 
.PARAMETER PhoneNumber
    The phone number to add. This parameter is mandatory when using the Pnumber parameter set. The phone number must be in E.164 format.
 
.PARAMETER PhoneID
    The phone ID to add. This parameter is mandatory when using the PID parameter set.
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>


[CmdletBinding(DefaultParameterSetName="Uname")]
    Param(
        [Parameter(ParameterSetName="Uname",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "User: $($_) doesn't exist in Duo"}
        })]
        [String]$Username,

        [Parameter(ParameterSetName="UID",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$UserID,

        [Parameter(ParameterSetName="Pnumber",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=1
        )]
        [ValidateScript({
            If(Validate-PhoneNumber -PhoneNumber $_){
                If(Test-DuoPhone -Number $_){$true}
                Else{Throw "User: $($_) doesn't exist in Duo"}
            }
            Else{Throw "Invalid phone number. Please use E. 164 format."}
        })]
        [String]$PhoneNumber,

        [Parameter(ParameterSetName="PID",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=1
        )]
        [ValidateScript({
            If(Test-DuoPhone -PhoneID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$PhoneID
    )

    If($Username){
        $UserID = (Get-DuoUser -Username $Username).user_id
    }
    If($PhoneNumber){
        $PhoneID = (Get-DuoPhone -Number $PhoneNumber).phone_id
    }

    #Base claim
    [String]$Method = "POST"
    [String]$Uri = "/admin/v1/users/$($UserID)/phones"
    [Hashtable]$DuoParams = @{}
    $DuoParams.Add("phone_id",$PhoneID)

    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }   
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }

}

Function Remove-DuoPhoneMember{
<#
.SYNOPSIS
    Removes a phone from a Duo user.
 
.DESCRIPTION
    This function removes a phone associated with a Duo user based on the provided parameters. It can remove phones by Username or UserID and PhoneNumber or PhoneID.
 
.PARAMETER Username
    The username of the Duo user. This parameter is mandatory when using the Uname parameter set.
 
.PARAMETER UserID
    The user ID of the Duo user. This parameter is mandatory when using the UID parameter set.
 
.PARAMETER PhoneNumber
    The phone number to remove. This parameter is mandatory when using the Pnumber parameter set. The phone number must be in E.164 format.
 
.PARAMETER PhoneID
    The phone ID to remove. This parameter is mandatory when using the PID parameter set.
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>


    [CmdletBinding(DefaultParameterSetName="Uname")]
    Param(
        [Parameter(ParameterSetName="Uname",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "User: $($_) doesn't exist in Duo"}
        })]
        [String]$Username,

        [Parameter(ParameterSetName="UID",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$UserID,

        [Parameter(ParameterSetName="Pnumber",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=1
        )]
        [ValidateScript({
            If(Validate-PhoneNumber -PhoneNumber $_){
                If(Test-DuoPhone -Number $_){$true}
                Else{Throw "User: $($_) doesn't exist in Duo"}
            }
            Else{Throw "Invalid phone number. Please use E. 164 format."}
        })]
        [String]$PhoneNumber,

        [Parameter(ParameterSetName="PID",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=1
        )]
        [ValidateScript({
            If(Test-DuoPhone -PhoneID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$PhoneID
    )

    If($Username){
        $UserID = (Get-DuoUser -Username $Username).user_id
    }
    If($PhoneNumber){
        $PhoneID = (Get-DuoPhone -Number $PhoneNumber).phone_id
    }

    #Base claim
    [String]$Method = "DELETE"
    [String]$Uri = "/admin/v1/users/$($UserID)/phones"
    [Hashtable]$DuoParams = @{}
    $DuoParams.Add("phone_id",$PhoneID)

    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }   
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }
}

Function Get-DuoUserToken{
<#
.SYNOPSIS
    Returns all tokens assocaited with a particular user.
 
.DESCRIPTION
    Get all tokens associated with a user.
 
.PARAMETER Username
    Duo user's username
 
.PARAMETER UserID
    Dou user's ID
 
.PARAMETER TokenID
    Duo token's ID
 
.Parameter Serial
    Token's serial number. Requires -Type
 
.Parameter Type
    Token type, HOTP-6,HOTP-8,YubiKey, or Duo-D100. Requires -Serial
 
.OUTPUTS
    [PSCustomObject]DuoRequest
 
.EXAMPLE
    Get-DuoUserToken -UserID 123ABCDE456FGH -TokenID 12356879456DFD
 
.EXAMPLE
    Get-DuoUserToken -Username duouser -Serial DDF2341DFBKL5457 -Type YubiKey
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>

    [CmdletBinding(DefaultParameterSetName="Uname")]
    Param(
        [Parameter(ParameterSetName="Uname",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "User: $($_) doesn't exist in Duo"}
        })]
        [String]$Username,

        [Parameter(ParameterSetName="UID",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$UserID
    )

    If($Username){
        $UserID = (Get-DuoUser -Username $Username).user_id
    }

    #Base claim
    [String]$Method = "GET"
    [String]$Uri = "/admin/v1/users/$($UserID)/tokens"
    [Hashtable]$DuoParams = @{}

    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }   
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }
}

Function Add-DuoTokenMember{
<#
.SYNOPSIS
    Associates a token token from a user.
 
.DESCRIPTION
    Adds a token from a Duo user.
 
.PARAMETER Username
    Duo user's username
 
.PARAMETER UserID
    Dou user's ID
 
.PARAMETER TokenID
    Duo token's ID
 
.Parameter Serial
    Token's serial number. Requires -Type
 
.Parameter Type
    Token type, HOTP-6,HOTP-8,YubiKey, or Duo-D100. Requires -Serial
 
.OUTPUTS
    [PSCustomObject]DuoRequest
 
.EXAMPLE
    Add-DuoTokenMember -UserID 123ABCDE456FGH -TokenID 12356879456DFD
 
.EXAMPLE
    Add-DuoTokenMember -Username duouser -Serial DDF2341DFBKL5457 -Type YubiKey
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>
    
    [CmdletBinding(DefaultParameterSetName="Uname")]
    Param(
        [Parameter(ParameterSetName="Uname",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "User: $($_) doesn't exist in Duo"}
        })]
        [String]$Username,

        [Parameter(ParameterSetName="UID",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$UserID,

        [Parameter(ParameterSetName="TID",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=1
        )]
        [ValidateScript({
            If(Test-DuoToken -UserID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$TokenID,

        [Parameter(ParameterSetName="Tserial",
            Mandatory = $false,
            ValueFromPipeLine = $false,
            Position=1
        )]
        [String]$Serial,

        [Parameter(ParameterSetName="Tserial",
            Mandatory = $true,
            ValueFromPipeLine = $false,
            Position=2
        )]
        [ValidateSet("HOTP-6","HOTP-8","YubiKey","Duo-D100")]
        [String]$Type
    )

    If($Username){
        $UserID = (Get-DuoUser -Username $Username).user_id
    }
    If($Serial){
        $TokenID = (Get-DuoTokens -Serial $Serial -Type $Type).token_id
    }

    #Base claim
    [String]$Method = "POST"
    [String]$Uri = "/admin/v1/users/$($UserID)/tokens"
    [Hashtable]$DuoParams = @{}
    $DuoParams.Add("token_id",$TokenID)

    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }   
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }
}

Function Remove-DuoTokenMember{
<#
.SYNOPSIS
    Disassociates a token token from a user.
 
.DESCRIPTION
    Removes a token from a Duo user.
 
.PARAMETER Username
    Duo user's username
 
.PARAMETER UserID
    Dou user's ID
 
.PARAMETER TokenID
    Duo token's ID
 
.Parameter Serial
    Token's serial number. Requires -Type
 
.Parameter Type
    Token type, HOTP-6,HOTP-8,YubiKey, or Duo-D100. Requires -Serial
 
.OUTPUTS
    [PSCustomObject]DuoRequest
 
.EXAMPLE
    Remove-DuoTokenMember -UserID 123ABCDE456FGH -TokenID 12356879456DFD
 
.EXAMPLE
    Remove-DuoTokenMember -Username duouser -Serial DDF2341DFBKL5457 -Type YubiKey
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>

    [CmdletBinding(DefaultParameterSetName="Uname")]
    Param(
        [Parameter(ParameterSetName="Uname",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "User: $($_) doesn't exist in Duo"}
        })]
        [String]$Username,

        [Parameter(ParameterSetName="UID",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$UserID,

        [Parameter(ParameterSetName="TID",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=1
        )]
        [ValidateScript({
            If(Test-DuoToken -UserID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$TokenID,
        
        [Parameter(ParameterSetName="Tserial",
            Mandatory = $false,
            ValueFromPipeLine = $false,
            Position=1
            )]
        [String]$Serial,
        
        [Parameter(ParameterSetName="Tserial",
            Mandatory = $true,
            ValueFromPipeLine = $false,
            Position=2
        )]
        [ValidateSet("HOTP-6","HOTP-8","YubiKey","Duo-D100")]
        [String]$Type
    )

    If($Username){
        $UserID = (Get-DuoUser -Username $Username).user_id
    }
    If($Serial){
        $TokenID = (Get-DuoTokens -Serial $Serial -Type $Type).token_id
    }

    #Base claim
    [String]$Method = "DELETE"
    [String]$Uri = "/admin/v1/users/$($UserID)/tokens"
    [Hashtable]$DuoParams = @{}
    $DuoParams.Add("token_id",$TokenID)

    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }   
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }
}

Function Get-DuoUserWebAuthN{<#
.SYNOPSIS
    Get all WebAuthN keys associated with a particular user
 
.DESCRIPTION
    Returns all WebAuthN keys assocaited with an individual user
 
.PARAMETER Username
    Duo User's username
 
.PARAMETER UserID
    Duo User's User DI
 
.OUTPUTS
    [PSCustomObject]DuoRequest
 
.EXAMPLE
    Get-DuoUseWebAuthN -UserID 123ABCDE456FGH
 
.EXAMPLE
  Get-DuoUserWebAuthN -Username duouser
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>

    [CmdletBinding(DefaultParameterSetName="Uname")]
    Param(
        [Parameter(ParameterSetName="Uname",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "User: $($_) doesn't exist in Duo"}
        })]
        [String]$Username,
        
        [Parameter(ParameterSetName="UID",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$UserID
    )

    If($Username){
        $UserID = (Get-DuoUser -Username $Username).user_id
    }

    #Base claim
    [String]$Method = "GET"
    [String]$Uri = "/admin/v1/users/$($UserID)/webauthncredentials"
    [Hashtable]$DuoParams = @{}

    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }   
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }
}

Function Get-DuoUserDesktop {
<#
.SYNOPSIS
    Return Desktops associated with a particular user
 
.DESCRIPTION
    Returns all desktops associated with an individual user
 
.PARAMETER Username
    Duo user's username
 
.PARAMETER UserID
    Duo user's ID
 
.OUTPUTS
    [PSCustomObject]DuoRequest
 
.EXAMPLE
    Get-DuoUserDesktop -Username duouser@duosecurity.com
 
.EXAMPLE
    Get-DuoUserDesktop -UserID 123ABDE456FGH
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>

    [CmdletBinding(DefaultParameterSetName="Uname")]
    Param(
        [Parameter(ParameterSetName="Uname",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "User: $($_) doesn't exist in Duo"}
        })]
        [String]$Username,
        
        [Parameter(ParameterSetName="UID",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$UserID
    )

    If($Username){
        $UserID = (Get-DuoUser -Username $Username).user_id
    }

    #Base claim
    [String]$Method = "GET"
    [String]$Uri = "/admin/v1/users/$($UserID)/desktopauthenticators"
    [Hashtable]$DuoParams = @{}

    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }   
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }
}

Function Send-DuoPush {
<#
.SYNOPSIS
    Send a Duo Push Verification to identified user.
 
.DESCRIPTION
    Can send a Dup Push Verification to a specific user and returns the PushID for use with Get-DuoVerificationResponse
 
.PARAMETER Username
    Duo user's Username
 
.PARAMETER UserID
    Duo user's Duo user ID
 
.PARAMETER PhoneNumber
    Phone number of the phone associated with the user.
 
.Parameter PhoneID
    Duo's phone ID
 
.OUTPUTS
    [PSCustomObject]DuoRequest
 
.EXAMPLE
    Send-DuoPush -UserID 123ABCDE456FGHI -PhoneID 9875645ADFD
 
.EXAMPLE
    Send-DuoPush -Username Duouser@duosecurity.com -PhoneNumber +15555555555
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>

    [CmdletBinding(DefaultParameterSetName="Uname")]
    Param(
        [Parameter(ParameterSetName="Uname",
            Mandatory=$true,
            ValueFromPipeline=$false,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "User: $($_) doesn't exist in Duo"}
        })]
        [String]$Username,
        
        [Parameter(ParameterSetName="UID",
            Mandatory=$true,
            ValueFromPipeline=$false,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$UserID,

        [Parameter(ParameterSetName="UID",
            Mandatory=$true,
            ValueFromPipeline=$false,
            Position=1
        )]
        [ValidateScript({
            If(Test-DuoPhone -PhoneID $_){$true}
            Else{Throw "PhoneID: $($_) doesn't exist in Duo"}
        })]
        [String]$PhoneID,
        
        [Parameter(ParameterSetName="Uname",
            Mandatory=$true,
            ValueFromPipeline=$false,
            Position=1
        )]
        [ValidateScript({
            If(Test-DuoPhone -Number $_){$true}
            Else{Throw "Phone Number: $($_) doesn't exist in Duo"}
        })]
        [String]$PhoneNumber
    )

    If($Username){
        $UserID = (Get-DuoUser -Username $Username).user_id
    }
    IF($PhoneNumber){
        $PhoneID = (Get-DuoPhone -Number $PhoneNumber).phone_id
    }

    #Base claim
    [String]$Method = "POST"
    [String]$Uri = "/admin/v1/users/$($UserID)/send_verification_push"
    [Hashtable]$DuoParams = @{}

    $DuoParams.Add("phone_id",$PhoneID)

    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }   
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }
}

Function Get-DuoVerificationResponse {
<#
.SYNOPSIS
    Check the response to a identified verification request.
 
.DESCRIPTION
    Returns the user's response to the verifictaion request.
 
.PARAMETER Username
    The user's username within Duo
 
.PARAMETER UserID
    The user's Duo ID
 
.PARAMETER PushID
    The ID of the Push request that was sent to the user.
 
.OUTPUTS
    [PSCustomObject]DuoRequest
 
.EXAMPLE
    Get-DuoVerificationResponse -UID 123ABCD456EFGH -PushID 987654ZYX
 
.EXAMPLE
    Get-DuoVerificationResponse -Username DuoUser@Duosecurity.com -PushID 987654ZYX
 
.LINK
    https://github.com/jyates2006/PSDuo
    https://jaredyatesit.com/Documentation/PSDuo
#>

    [CmdletBinding(DefaultParameterSetName="Uname")]
    Param(
        [Parameter(ParameterSetName="Uname",
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserName $_){$true}
            Else{Throw "User: $($_) doesn't exist in Duo"}
        })]
        [String]$Username,

        [Parameter(ParameterSetName="UID",
            Mandatory=$true,
            ValueFromPipeline=$false,
            Position=0
        )]
        [ValidateScript({
            If(Test-DuoUser -UserID $_){$true}
            Else{Throw "UserID: $($_) doesn't exist in Duo"}
        })]
        [String]$UserID,

        [Parameter(
            Mandatory=$true,
            ValueFromPipeline=$true,
            Position=1
        )]
        [String]$PushID
    )

    If($Username){
        $UserID = (Get-DuoUser -Username $Username).user_id
    }
    IF($PhoneNumber){
        $PhoneID = (Get-DuoPhone -Number $PhoneNumber).phone_id
    }

    #Base claim
    [String]$Method = "GET"
    [String]$Uri = "/admin/v1/users/$($UserID)/verification_push_response"
    [Hashtable]$DuoParams = @{}

    $DuoParams.Add("push_id",$PushID)

    $Request = New-DuoRequest -UriPath $Uri -Method $Method -Arguments $DuoParams
    $Response = Invoke-RestMethod @Request
    If($Response.stat -ne 'OK'){
        Write-Warning 'DUO REST Call Failed'
        Write-Warning "Arguments:"+($DuoParams | Out-String)
        Write-Warning "Method:$Method Path:$Uri"
    }   
    Else{
        $Output = $Response | Select-Object -ExpandProperty Response 
        $Output
    }
}