Add reporting jit

Author: KelvinTegelaar

Modules/CIPPCore/Public/Entrypoints/HTTP Functions/Identity/Administration/Users/Invoke-ExecJITAdmin.ps1

@@ -32,6 +32,7 @@ function Invoke-ExecJITAdmin {
                 'UserPrincipalName' = $Username
             }
             Expiration   = $Expiration
+            StartDate    = $Start
             Reason       = $Request.Body.reason
             Action       = 'Create'
             TenantFilter = $TenantFilter
@@ -152,6 +153,7 @@ function Invoke-ExecJITAdmin {
         Action       = 'AddRoles'
         Reason       = $Request.Body.Reason
         Expiration   = $Expiration
+        StartDate    = $Start
         Headers      = $Headers
         APIName      = $APIName
     }
@@ -173,7 +175,7 @@ function Invoke-ExecJITAdmin {
         }
         Add-CIPPScheduledTask -Task $TaskBody -hidden $false
         if ($Request.Body.userAction -ne 'create') {
-            Set-CIPPUserJITAdminProperties -TenantFilter $TenantFilter -UserId $Request.Body.existingUser.value -Expiration $Expiration -Reason $Request.Body.Reason
+            Set-CIPPUserJITAdminProperties -TenantFilter $TenantFilter -UserId $Request.Body.existingUser.value -Expiration $Expiration -StartDate $Start -Reason $Request.Body.Reason -CreatedBy (([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails)
         }
         $Results.Add("Scheduling JIT Admin enable task for $Username")
     } else {

Modules/CIPPCore/Public/Set-CIPPUserJITAdmin.ps1

@@ -42,6 +42,7 @@ function Set-CIPPUserJITAdmin {
         [ValidateSet('Create', 'AddRoles', 'RemoveRoles', 'DeleteUser', 'DisableUser')]
         [string]$Action,
         [datetime]$Expiration,
+        [datetime]$StartDate,
         [string]$Reason = 'No reason provided',
         $Headers,
         [string]$APIName = 'Set-CIPPUserJITAdmin'
@@ -72,7 +73,9 @@ function Set-CIPPUserJITAdmin {
                     $Schema.id        = @{
                         jitAdminEnabled    = $false
                         jitAdminExpiration = $Expiration.ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
+                        jitAdminStartDate  = if ($StartDate) { $StartDate.ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ') } else { $null }
                         jitAdminReason     = $Reason
+                        jitAdminCreatedBy  = if ($Headers) { ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails } else { 'Unknown' }
                     }
                 }
                 $Json = ConvertTo-Json -Depth 5 -InputObject $Body
@@ -83,7 +86,16 @@ function Set-CIPPUserJITAdmin {
                     if ($PasswordLink) {
                         $Password = $PasswordLink
                     }
-                    Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message "Created JIT Admin user: $($User.UserPrincipalName). Reason: $Reason" -Sev 'Info'
+                    $LogData = @{
+                        UserPrincipalName = $User.UserPrincipalName
+                        Action            = 'Create'
+                        Reason            = $Reason
+                        StartDate         = if ($StartDate) { $StartDate.ToString('o') } else { (Get-Date).ToString('o') }
+                        Expiration        = $Expiration.ToString('o')
+                        ExpirationUTC     = $Expiration.ToUniversalTime().ToString('o')
+                        CreatedBy         = if ($Headers) { ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails } else { 'Unknown' }
+                    }
+                    Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message "Created JIT Admin user: $($User.UserPrincipalName). Reason: $Reason" -Sev 'Info' -LogData $LogData
                     [PSCustomObject]@{
                         id                = $NewUser.id
                         userPrincipalName = $NewUser.userPrincipalName
@@ -116,9 +128,21 @@ function Set-CIPPUserJITAdmin {
                     } catch {}
                 }
 
-                Set-CIPPUserJITAdminProperties -TenantFilter $TenantFilter -UserId $UserObj.id -Enabled -Expiration $Expiration -Reason $Reason | Out-Null
+                Set-CIPPUserJITAdminProperties -TenantFilter $TenantFilter -UserId $UserObj.id -Enabled -Expiration $Expiration -StartDate $StartDate -Reason $Reason -CreatedBy (if ($Headers) { ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails } else { 'Unknown' }) | Out-Null
                 $Message = "Added admin roles to user $($UserObj.displayName) ($($UserObj.userPrincipalName)). Reason: $Reason"
-                Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info'
+                $LogData = @{
+                    UserPrincipalName = $UserObj.userPrincipalName
+                    UserId            = $UserObj.id
+                    DisplayName       = $UserObj.displayName
+                    Action            = 'AddRoles'
+                    Roles             = $Roles
+                    Reason            = $Reason
+                    StartDate         = if ($StartDate) { $StartDate.ToString('o') } else { (Get-Date).ToString('o') }
+                    Expiration        = $Expiration.ToString('o')
+                    ExpirationUTC     = $Expiration.ToUniversalTime().ToString('o')
+                    CreatedBy         = if ($Headers) { ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($Headers.'x-ms-client-principal')) | ConvertFrom-Json).userDetails } else { 'Unknown' }
+                }
+                Write-LogMessage -Headers $Headers -API $APIName -tenant $TenantFilter -message $Message -Sev 'Info' -LogData $LogData
                 return "Added admin roles to user $($UserObj.displayName) ($($UserObj.userPrincipalName))"
             }
             'RemoveRoles' {

Modules/CIPPCore/Public/Set-CIPPUserJITAdminProperties.ps1

@@ -5,8 +5,10 @@ function Set-CIPPUserJITAdminProperties {
         [string]$UserId,
         [switch]$Enabled,
         $Expiration,
+        $StartDate,
         [switch]$Clear,
-        [string]$Reason
+        [string]$Reason,
+        [string]$CreatedBy
     )
     try {
         $Schema = Get-CIPPSchemaExtensions | Where-Object { $_.id -match '_cippUser' } | Select-Object -First 1
@@ -15,15 +17,19 @@ function Set-CIPPUserJITAdminProperties {
                 "$($Schema.id)" = @{
                     jitAdminEnabled    = $null
                     jitAdminExpiration = $null
+                    jitAdminStartDate  = $null
                     jitAdminReason     = $null
+                    jitAdminCreatedBy  = $null
                 }
             }
         } else {
             $Body = [PSCustomObject]@{
                 "$($Schema.id)" = @{
                     jitAdminEnabled    = $Enabled.IsPresent
                     jitAdminExpiration = $Expiration.ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ')
+                    jitAdminStartDate  = if ($StartDate) { $StartDate.ToUniversalTime().ToString('yyyy-MM-ddTHH:mm:ssZ') } else { $null }
                     jitAdminReason     = $Reason
+                    jitAdminCreatedBy  = $CreatedBy
                 }
             }
         }