cyberark_user - Module for CyberArk User Management using PAS Web Services SDK¶
New in version 2.4.
Synopsis¶
- CyberArk User Management using PAS Web Services SDK. It currently supports the following actions Get User Details, Add User, Update User, Delete User.
Parameters¶
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
change_password_on_the_next_logon
bool |
|
Whether or not the user must change their password in their next logon. Valid values = true/false.
|
|
cyberark_session
required |
Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see cyberark_authentication module for an example of cyberark_session.
|
|
|
disabled
bool |
|
Whether or not the user will be disabled. Valid values = true/false.
|
|
The user email address.
|
||
| expiry_date |
The date and time when the user account will expire and become disabled.
|
|
| first_name |
The user first name.
|
|
| group_name |
The name of the group the user will be added to.
|
|
| initial_password |
The password that the new user will use to log on the first time. This password must meet the password policy requirements. this parameter is required when state is present -- Add User.
|
|
| last_name |
The user last name.
|
|
| location |
The Vault Location for the user.
|
|
| new_password |
The user updated password. Make sure that this password meets the password policy requirements.
|
|
| state |
|
Specifies the state needed for the user present for create user, absent for delete user.
|
| user_type_name |
Default: EPVUser
|
The type of user.
|
|
username
required |
The name of the user who will be queried (for details), added, updated or deleted.
|
Examples¶
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "https://components.cyberark.local"
use_shared_logon_authentication: true
- name: Create user & immediately add it to a group
cyberark_user:
username: "username"
initial_password: "password"
user_type_name: "EPVUser"
change_password_on_the_next_logon: false
group_name: "GroupOfUsers"
state: present
cyberark_session: "{{ cyberark_session }}"
- name: Make sure user is present and reset user credential if present
cyberark_user:
username: "Username"
new_password: "password"
disabled: false
state: present
cyberark_session: "{{ cyberark_session }}"
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
|
changed
bool
|
always |
Whether there was a change done.
|
|
cyberark_user
dict
|
always |
Dictionary containing result properties.
Sample:
{'result': {'type': 'dict', 'description': 'user properties when state is present', 'returned': 'success'}}
|
|
status_code
int
|
success |
Result HTTP Status code
Sample:
200
|
Status¶
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Maintenance¶
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Author¶
- Edward Nunez @ CyberArk BizDev (@enunez-cyberark, @cyberark-bizdev, @erasmix)
Hint
If you notice any issues in this documentation you can edit this document to improve it.