Track MFA enrollment progress across an organization and produce a list of users without MFA, segmented by team and tenure.
Pulls MFA enrollment data from an identity provider (GitHub Org, Google Workspace, Okta, Entra ID) and produces a tracker that segments users without MFA by team and tenure, plus a nudge plan with deadlines.
provider: one of github-org, google-workspace, okta, entra-id.org: provider-specific organization id.team_mapping: CSV mapping email -> team for richer segmentation.gh api orgs/<org>/members --paginate joined with the security manager's 2fa_disabled filter (only available to org admins).gcloud directory users list --domain <domain> --query 'isEnrolledIn2Sv=false'.okta-admin users list --filter 'profile.mfaEnrolled eq false' (or via REST GET /api/v1/users?search=...).Get-MgUser -All then Get-MgUserAuthenticationMethod (PowerShell) or Graph API.team_mapping to add team labels; users without a team map to unknown.mfa-tracker.md with: enrollment summary (count enrolled, count not, percent), per-team table, per-tenure-bucket table, nudge plan with dates. Plus mfa-not-enrolled.csv with one row per user. Exit 1 if any admin lacks MFA.
Cross-check the not-enrolled count by spot-querying three users in the provider's admin UI. After waves go out, re-run the tracker weekly; the not-enrolled count must monotonically decrease (small fluctuations from new hires are acceptable but should be flagged separately). Confirm team_mapping coverage; if more than 20% of users land in unknown, the mapping is stale.
inherited-mfa rather than not-enrolled.Other publishers' experience with this skill. Self-rating is blocked.
Ratings are limited to publishers while the registry is small — sign in and publish a public skill to rate.
No ratings yet. Be the first.
Same domains or capabilities as amitte/mfa-rollout-tracker.
Audit an AWS IAM policy against CloudTrail usage data and propose a minimized policy listing only actions actually invoked in the analysis window.
Read-only AWS surface — list/describe EC2, S3 buckets, IAM users, and Lambda functions. Auth via STS-assumed role; no mutating tools.
Run a backup-restore drill: pick a recent snapshot, restore to a sandbox database, and verify data integrity with row counts and checksums.
Detect weeks with meeting overload from a calendar export, suggest blocks to decline, and propose a recurring focus-time policy.
Read-only Cloudflare surface — list zones, DNS records, deployed Workers, and page rules. Auth via scoped API token; no mutating tools.
Identify imports and module-init code that contribute to Cloudflare Worker cold starts and propose lazy-load rewrites.