cyberark.pas.cyberark_user – CyberArk User Management using PAS Web Services SDK.
cyberark.pas.cyberark_user – CyberArk User Management using PAS Web Services SDK.
Note
This plugin is part of the cyberark.pas collection (version 1.0.5).
To install it use: ansible-galaxy collection install cyberark.pas
.
To use it in a playbook, specify: cyberark.pas.cyberark_user
.
New in version 2.4: of cyberark.pas
Synopsis
- CyberArk User Management using PAS Web Services SDK, It currently supports the following actions Get User Details, Add User, Update User, Delete User.
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
change_password_on_the_next_logon boolean |
|
Whether or not the user must change their password in their next logon. |
cyberark_session dictionary / required |
Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see cyberark_authentication module for an example of cyberark_session. | |
disabled boolean |
|
Whether or not the user will be disabled. |
string |
The user email address. | |
expiry_date string |
The date and time when the user account will expire and become disabled. | |
first_name string |
The user first name. | |
group_name string |
The name of the group the user will be added to. | |
initial_password string |
The password that the new user will use to log on the first time. This password must meet the password policy requirements. This parameter is required when state is present -- Add User. | |
last_name string |
The user last name. | |
location string |
The Vault Location for the user. | |
logging_file string |
Default: "/tmp/ansible_cyberark.log" |
Setting the log file name and location for troubleshooting logs. |
logging_level string / required |
|
Parameter used to define the level of troubleshooting output to the |
new_password string |
The user updated password. Make sure that this password meets the password policy requirements. | |
state string |
|
Specifies the state needed for the user present for create user, absent for delete user. |
user_type_name string |
The type of user. The parameter defaults to | |
username string / required |
The name of the user who will be queried (for details), added, updated or deleted. |
Examples
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: https://components.cyberark.local
use_shared_logon_authentication: yes
- name: Create user & immediately add it to a group
cyberark_user:
username: username
initial_password: password
user_type_name: EPVUser
change_password_on_the_next_logon: no
group_name: GroupOfUser
state: present
cyberark_session: '{{ cyberark_session }}'
- name: Make sure user is present and reset user credential if present
cyberark_user:
username: Username
new_password: password
disabled: no
state: present
cyberark_session: '{{ cyberark_session }}'
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: '{{ cyberark_session }}'
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
changed boolean |
always |
Whether there was a change done.
| |
cyberark_user complex |
always |
Dictionary containing result properties.
| |
result dictionary |
success |
user properties when state is present
| |
status_code integer |
success |
Result HTTP Status code
Sample: 200 |
Authors
- Edward Nunez (@enunez-cyberark)
- Cyberark Bizdev (@cyberark-bizdev)
- Erasmo Acosta (@erasmix)
- James Stutes (@jimmyjamcabd)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/cyberark/pas/cyberark_user_module.html