cyberark_user - Module for CyberArk User Management using PAS Web Services SDK

New in version 2.4.

Synopsis

Parameters

Parameter Choices/Defaults Comments
change_password_on_the_next_logon
bool
    Choices:
  • no ←
  • yes
Whether or not the user must change their password in their next logon. Valid values = true/false.
cyberark_session
required
Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see cyberark_authentication module for an example of cyberark_session.
disabled
bool
    Choices:
  • no ←
  • yes
Whether or not the user will be disabled. Valid values = true/false.
email
The user email address.
expiry_date
The date and time when the user account will expire and become disabled.
first_name
The user first name.
group_name
The name of the group the user will be added to.
initial_password
The password that the new user will use to log on the first time. This password must meet the password policy requirements. this parameter is required when state is present -- Add User.
last_name
The user last name.
location
The Vault Location for the user.
new_password
The user updated password. Make sure that this password meets the password policy requirements.
state
    Choices:
  • present ←
  • absent
Specifies the state needed for the user present for create user, absent for delete user.
user_type_name Default:
EPVUser
The type of user.
username
required
The name of the user who will be queried (for details), added, updated or deleted.

Examples

- name: Logon to CyberArk Vault using PAS Web Services SDK
  cyberark_authentication:
    api_base_url: "https://components.cyberark.local"
    use_shared_logon_authentication: true

- name: Create user & immediately add it to a group
  cyberark_user:
    username: "username"
    initial_password: "password"
    user_type_name: "EPVUser"
    change_password_on_the_next_logon: false
    group_name: "GroupOfUsers"
    state: present
    cyberark_session: "{{ cyberark_session }}"

- name: Make sure user is present and reset user credential if present
  cyberark_user:
    username: "Username"
    new_password: "password"
    disabled: false
    state: present
    cyberark_session: "{{ cyberark_session }}"

- name: Logoff from CyberArk Vault
  cyberark_authentication:
    state: absent
    cyberark_session: "{{ cyberark_session }}"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
changed
bool
always
Whether there was a change done.

cyberark_user
dict
always
Dictionary containing result properties.

Sample:
{'result': {'type': 'dict', 'description': 'user properties when state is present', 'returned': 'success'}}
status_code
int
success
Result HTTP Status code

Sample:
200


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author

  • Edward Nunez @ CyberArk BizDev (@enunez-cyberark, @cyberark-bizdev, @erasmix)

Hint

If you notice any issues in this documentation you can edit this document to improve it.