cyberark_user - Module for CyberArk User Management using PAS Web Services SDK

New in version 2.4.

Synopsis
Parameters
Examples
Return Values
Status
- Author

Synopsis

CyberArk User Management using PAS Web Services SDK. It currently supports the following actions Get User Details, Add User, Update User, Delete User.

Parameters

Parameter	Choices/Defaults	Comments
change_password_on_the_next_logon	Choices: no ← yes	Whether or not the user must change their password in their next logon. Valid values = true/false.
cyberark_session required		Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see cyberark_authentication module for an example of cyberark_session.
disabled	Choices: no ← yes	Whether or not the user will be disabled. Valid values = true/false.
email		The user email address.
expiry_date		The date and time when the user account will expire and become disabled.
first_name		The user first name.
group_name		The name of the group the user will be added to.
initial_password		The password that the new user will use to log on the first time. This password must meet the password policy requirements. this parameter is required when state is present -- Add User.
last_name		The user last name.
location		The Vault Location for the user.
new_password		The user updated password. Make sure that this password meets the password policy requirements.
state	Choices: present ← absent	Specifies the state needed for the user present for create user, absent for delete user.
user_type_name	Default: EPVUser	The type of user.
username required		The name of the user who will be queried (for details), added, updated or deleted.

Examples

- name: Logon to CyberArk Vault using PAS Web Services SDK
  cyberark_authentication:
    api_base_url: "https://components.cyberark.local"
    use_shared_logon_authentication: true

- name: Create user & immediately add it to a group
  cyberark_user:
    username: "username"
    initial_password: "password"
    user_type_name: "EPVUser"
    change_password_on_the_next_logon: false
    group_name: "GroupOfUsers"
    state: present
    cyberark_session: "{{ cyberark_session }}"

- name: Make sure user is present and reset user credential if present
  cyberark_user:
    username: "Username"
    new_password: "password"
    disabled: false
    state: present
    cyberark_session: "{{ cyberark_session }}"

- name: Logoff from CyberArk Vault
  cyberark_authentication:
    state: absent
    cyberark_session: "{{ cyberark_session }}"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Returned	Description
changed bool	always	Whether there was a change done.
cyberark_user dict	always	Dictionary containing result properties. Sample: {'result': {'type': 'dict', 'description': 'user properties when state is present', 'returned': 'success'}}
status_code int	success	Result HTTP Status code Sample: 200

Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Author

Edward Nunez @ CyberArk BizDev (@enunez-cyberark, @cyberark-bizdev, @erasmix)

Hint

If you notice any issues in this documentation you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.5/modules/cyberark_user_module.html