Merge pull request #759 from github/bss-mc-2fa-ent-graphql-examples

Create `.graphql` files for checking 2FA status of enterprise members…

Author: bss-mc

graphql/queries/enterprise-members-2fa-disabled.graphql

@@ -0,0 +1,28 @@
+# This GraphQL query will list any enterprise members who have yet to enable 2FA on their personal GitHub account.
+# This does not list any outside collaborators, and will not work with Enterprise Managed Users other than the setup user.
+
+query GetEnterpriseMembersWith2faDisabled {
+  enterprise(slug: "ENTERPRISE_SLUG") {
+    enterprise_id: id
+    enterprise_slug: slug
+    members_with_no_2fa: members(
+      first: 100
+      twoFactorMethodSecurity: DISABLED
+    ) {
+      num_of_members: totalCount
+      edges {
+        node {
+          ... on EnterpriseUserAccount {
+            login
+          }
+        }
+      }
+      pageInfo {
+        endCursor
+        startCursor
+        hasNextPage
+        hasPreviousPage
+      }
+    }
+  }
+}

graphql/queries/enterprise-members-2fa-insecure.graphql

@@ -0,0 +1,28 @@
+# This GraphQL query will list any enterprise members who have enabled 2FA on their GitHub account, but amongst their 2FA methods is SMS (which is deemed insecure).
+# This does not list any outside collaborators, and will not work with Enterprise Managed Users other than the setup user.
+
+query GetEnterpriseMembersWithInsecure2fa {
+  enterprise(slug: "ENTERPRISE_SLUG") {
+    enterprise_id: id
+    enterprise_slug: slug
+    members_with_insecure_2fa: members(
+      first: 100
+      twoFactorMethodSecurity: INSECURE
+    ) {
+      num_of_members: totalCount
+      edges {
+        node {
+          ... on EnterpriseUserAccount {
+            login
+          }
+        }
+      }
+      pageInfo {
+        endCursor
+        startCursor
+        hasNextPage
+        hasPreviousPage
+      }
+    }
+  }
+}

graphql/queries/enterprise-members-2fa-secure.graphql

@@ -0,0 +1,28 @@
+# This GraphQL query will list any enterprise members who have enabled 2FA on their GitHub account with a secure (non-SMS) method.
+# This does not list any outside collaborators, and will not work with Enterprise Managed Users other than the setup user.
+
+query GetEnterpriseMembersWithSecure2fa {
+  enterprise(slug: "ENTERPRISE_SLUG") {
+    enterprise_id: id
+    enterprise_slug: slug
+    members_with_secure_2fa: members(
+      first: 100
+      twoFactorMethodSecurity: SECURE
+    ) {
+      num_of_members: totalCount
+      edges {
+        node {
+          ... on EnterpriseUserAccount {
+            login
+          }
+        }
+      }
+      pageInfo {
+        endCursor
+        startCursor
+        hasNextPage
+        hasPreviousPage
+      }
+    }
+  }
+}

graphql/queries/enterprise-outside-collaborators-2fa-disabled.graphql

@@ -0,0 +1,25 @@
+# This GraphQL query will list any outside collaborators in an enterprise who have yet to enable 2FA on their GitHub account.
+
+query GetEnterpriseollaboratorsWith2faDisabled {
+  enterprise(slug: "ENTERPRISE_SLUG") {
+    enterprise_id: id
+    enterprise_slug: slug
+    enterprise_owner_info: ownerInfo {
+      collaborators_with_no_2fa: outsideCollaborators(
+        twoFactorMethodSecurity: DISABLED
+        first: 100
+      ) {
+        num_of_collaborators: totalCount
+        nodes {
+          login
+        }
+        pageInfo {
+          endCursor
+          startCursor
+          hasNextPage
+          hasPreviousPage
+        }
+      }
+    }
+  }
+}

graphql/queries/enterprise-outside-collaborators-2fa-insecure.graphql

@@ -0,0 +1,25 @@
+# This GraphQL query will list any outside collaborators in an enterprise who have enabled 2FA on their GitHub account, but amongst the 2FA methods is SMS (which is deemed insecure).
+
+query GetEnterpriseCollaboratorsWithInsecure2fa {
+  enterprise(slug: "ENTERPRISE_SLUG") {
+    enterprise_id: id
+    enterprise_slug: slug
+    enterprise_owner_info: ownerInfo {
+      collaborators_with_insecure_2fa: outsideCollaborators(
+        twoFactorMethodSecurity: INSECURE
+        first: 100
+      ) {
+        num_of_collaborators: totalCount
+        nodes {
+          login
+        }
+        pageInfo {
+          endCursor
+          startCursor
+          hasNextPage
+          hasPreviousPage
+        }
+      }
+    }
+  }
+}

graphql/queries/enterprise-outside-collaborators-2fa-secure.graphql

@@ -0,0 +1,25 @@
+# This GraphQL query will list any outside collaborators in an enterprise who have enabled 2FA on their GitHub account with a secure (non-SMS) method.
+
+query GetEnterpriseCollaboratorsWithSecure2fa {
+  enterprise(slug: "ENTERPRISE_SLUG") {
+    enterprise_id: id
+    enterprise_slug: slug
+    enterprise_owner_info: ownerInfo {
+      collaborators_with_secure_2fa: outsideCollaborators(
+        twoFactorMethodSecurity: SECURE
+        first: 100
+      ) {
+        num_of_collaborators: totalCount
+        nodes {
+          login
+        }
+        pageInfo {
+          endCursor
+          startCursor
+          hasNextPage
+          hasPreviousPage
+        }
+      }
+    }
+  }
+}