Documentation

cyberark_user - Module for CyberArk User Management using PAS Web Services SDK

New in version 2.4.

Synopsis

  • CyberArk User Management using PAS Web Services SDK. It currently supports the following actions Get User Details, Add User, Update User, Delete User.

Options

parameter required default choices comments
change_password_on_the_next_logon
no no
  • yes
  • no
Whether or not the user must change their password in their next logon. Valid values = true/false.
cyberark_session
yes
Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see cyberark_authentication module for an example of cyberark_session.
disabled
no no
  • yes
  • no
Whether or not the user will be disabled. Valid values = true/false.
email
no
The user email address.
expiry_date
no
The date and time when the user account will expire and become disabled.
first_name
no
The user first name.
group_name
no
The name of the group the user will be added to.
initial_password
no
The password that the new user will use to log on the first time. This password must meet the password policy requirements. this parameter is required when state is present -- Add User.
last_name
no
The user last name.
location
no
The Vault Location for the user.
new_password
no
The user updated password. Make sure that this password meets the password policy requirements.
state
no present
  • present
  • absent
Specifies the state needed for the user present for create user, absent for delete user.
user_type_name
no EPVUser
The type of user.
username
yes
The name of the user who will be queried (for details), added, updated or deleted.

Examples

- name: Logon to CyberArk Vault using PAS Web Services SDK
  cyberark_authentication:
    api_base_url: "https://components.cyberark.local"
    use_shared_logon_authentication: true

- name: Create user & immediately add it to a group
  cyberark_user:
    username: "username"
    initial_password: "password"
    user_type_name: "EPVUser"
    change_password_on_the_next_logon: false
    group_name: "GroupOfUsers"
    state: present
    cyberark_session: "{{ cyberark_session }}"

- name: Make sure user is present and reset user credential if present
  cyberark_user:
    username: "Username"
    new_password: "password"
    disabled: false
    state: present
    cyberark_session: "{{ cyberark_session }}"

- name: Logoff from CyberArk Vault
  cyberark_authentication:
    state: absent
    cyberark_session: "{{ cyberark_session }}"

Return Values

Common return values are documented here Return Values, the following are the fields unique to this module:

name description returned type sample
status_code
Result HTTP Status code
success int 200
changed
Whether there was a change done.
always bool
cyberark_user
Dictionary containing result properties.
always dict {'result': {'type': 'dict', 'description': 'user properties when state is present', 'returned': 'success'}}


Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.