cyberark_user – Module for CyberArk User Management using PAS Web Services SDK
New in version 2.4.
Synopsis
- CyberArk User Management using PAS Web Services SDK.
- It currently supports the following actions Get User Details, Add User, Update User, Delete User.
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
change_password_on_the_next_logon
boolean
|
|
Whether or not the user must change their password in their next logon.
|
cyberark_session
dictionary /
required
|
Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see
cyberark_authentication module for an example of cyberark_session.
|
|
disabled
boolean
|
|
Whether or not the user will be disabled.
|
email
string
|
The user email address.
|
|
expiry_date
string
|
The date and time when the user account will expire and become disabled.
|
|
first_name
string
|
The user first name.
|
|
group_name
string
|
The name of the group the user will be added to.
|
|
initial_password
string
|
The password that the new user will use to log on the first time.
This password must meet the password policy requirements.
This parameter is required when state is present -- Add User.
|
|
last_name
string
|
The user last name.
|
|
location
string
|
The Vault Location for the user.
|
|
new_password
string
|
The user updated password. Make sure that this password meets the password policy requirements.
|
|
state
string
|
|
Specifies the state needed for the user present for create user, absent for delete user.
|
user_type_name
string
|
The type of user.
The parameter defaults to
EPVUser .
|
|
username
string /
required
|
The name of the user who will be queried (for details), added, updated or deleted.
|
Examples
- name: Logon to CyberArk Vault using PAS Web Services SDK cyberark_authentication: api_base_url: https://components.cyberark.local use_shared_logon_authentication: yes - name: Create user & immediately add it to a group cyberark_user: username: username initial_password: password user_type_name: EPVUser change_password_on_the_next_logon: no group_name: GroupOfUser state: present cyberark_session: '{{ cyberark_session }}' - name: Make sure user is present and reset user credential if present cyberark_user: username: Username new_password: password disabled: no state: present cyberark_session: '{{ cyberark_session }}' - name: Logoff from CyberArk Vault cyberark_authentication: state: absent cyberark_session: '{{ cyberark_session }}'
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
changed
boolean
|
always |
Whether there was a change done.
|
cyberark_user
dictionary
|
always |
Dictionary containing result properties.
Sample:
{'result': {'description': 'user properties when state is present', 'type': 'dict', 'returned': 'success'}}
|
status_code
integer
|
success |
Result HTTP Status code
Sample:
200
|
Status
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by an Ansible Partner. [certified]
Authors
- Edward Nunez (@enunez-cyberark) CyberArk BizDev
- Cyberark Bizdev (@cyberark-bizdev)
- erasmix (@erasmix)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/cyberark_user_module.html