cyberark_user – Module for CyberArk User Management using PAS Web Services SDK

From Get docs
Ansible/docs/2.7/modules/cyberark user module


cyberark_user – Module for CyberArk User Management using PAS Web Services SDK

New in version 2.4.


Synopsis

  • CyberArk User Management using PAS Web Services SDK. It currently supports the following actions Get User Details, Add User, Update User, Delete User.

Parameters

Parameter Choices/Defaults Comments

change_password_on_the_next_logon

boolean

  • no

  • yes

Whether or not the user must change their password in their next logon. Valid values = true/false.

cyberark_session

- / required

Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see cyberark_authentication module for an example of cyberark_session.

disabled

boolean

  • no

  • yes

Whether or not the user will be disabled. Valid values = true/false.

email

-

The user email address.

expiry_date

-

The date and time when the user account will expire and become disabled.

first_name

-

The user first name.

group_name

-

The name of the group the user will be added to.

initial_password

-

The password that the new user will use to log on the first time. This password must meet the password policy requirements. this parameter is required when state is present -- Add User.

last_name

-

The user last name.

location

-

The Vault Location for the user.

new_password

-

The user updated password. Make sure that this password meets the password policy requirements.

state

-

  • present

  • absent

Specifies the state needed for the user present for create user, absent for delete user.

user_type_name

-

Default:

"EPVUser"

The type of user.

username

- / required

The name of the user who will be queried (for details), added, updated or deleted.



Examples

- name: Logon to CyberArk Vault using PAS Web Services SDK
  cyberark_authentication:
    api_base_url: "https://components.cyberark.local"
    use_shared_logon_authentication: true

- name: Create user & immediately add it to a group
  cyberark_user:
    username: "username"
    initial_password: "password"
    user_type_name: "EPVUser"
    change_password_on_the_next_logon: false
    group_name: "GroupOfUsers"
    state: present
    cyberark_session: "{{ cyberark_session }}"

- name: Make sure user is present and reset user credential if present
  cyberark_user:
    username: "Username"
    new_password: "password"
    disabled: false
    state: present
    cyberark_session: "{{ cyberark_session }}"

- name: Logoff from CyberArk Vault
  cyberark_authentication:
    state: absent
    cyberark_session: "{{ cyberark_session }}"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

changed

boolean

always

Whether there was a change done.


cyberark_user

dictionary

always

Dictionary containing result properties.


Sample:

{'result': {'description': 'user properties when state is present', 'type': 'dict', 'returned': 'success'}}

status_code

integer

success

Result HTTP Status code


Sample:

200




Status

Authors

  • Edward Nunez @ CyberArk BizDev (@enunez-cyberark, @cyberark-bizdev, @erasmix)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/modules/cyberark_user_module.html