cyberark_user – Module for CyberArk User Management using PAS Web Services SDK
New in version 2.4.
Synopsis
- CyberArk User Management using PAS Web Services SDK. It currently supports the following actions Get User Details, Add User, Update User, Delete User.
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| change_password_on_the_next_logon boolean |
| Whether or not the user must change their password in their next logon. Valid values = true/false. |
| cyberark_session - / required | Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see cyberark_authentication module for an example of cyberark_session. | |
| disabled boolean |
| Whether or not the user will be disabled. Valid values = true/false. |
| email - | The user email address. | |
| expiry_date - | The date and time when the user account will expire and become disabled. | |
| first_name - | The user first name. | |
| group_name - | The name of the group the user will be added to. | |
| initial_password - | The password that the new user will use to log on the first time. This password must meet the password policy requirements. this parameter is required when state is present -- Add User. | |
| last_name - | The user last name. | |
| location - | The Vault Location for the user. | |
| new_password - | The user updated password. Make sure that this password meets the password policy requirements. | |
| state - |
| Specifies the state needed for the user present for create user, absent for delete user. |
| user_type_name - | Default: "EPVUser" | The type of user. |
| username - / required | The name of the user who will be queried (for details), added, updated or deleted. |
Examples
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: "https://components.cyberark.local"
use_shared_logon_authentication: true
- name: Create user & immediately add it to a group
cyberark_user:
username: "username"
initial_password: "password"
user_type_name: "EPVUser"
change_password_on_the_next_logon: false
group_name: "GroupOfUsers"
state: present
cyberark_session: "{{ cyberark_session }}"
- name: Make sure user is present and reset user credential if present
cyberark_user:
username: "Username"
new_password: "password"
disabled: false
state: present
cyberark_session: "{{ cyberark_session }}"
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| changed boolean | always | Whether there was a change done. |
| cyberark_user dictionary | always | Dictionary containing result properties. Sample: {'result': {'description': 'user properties when state is present', 'type': 'dict', 'returned': 'success'}} |
| status_code integer | success | Result HTTP Status code Sample: 200 |
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors
- Edward Nunez @ CyberArk BizDev (@enunez-cyberark, @cyberark-bizdev, @erasmix)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/modules/cyberark_user_module.html