- Docs »
- cyberark.pas.cyberark_user – CyberArk User Management using PAS Web Services SDK.
-
You are reading an older version of the Ansible documentation. Use the version selection to the left if you want the latest stable released version.
cyberark.pas.cyberark_user – CyberArk User Management using PAS Web Services SDK.
Note
This plugin is part of the cyberark.pas collection (version 1.0.5).
To install it use: ansible-galaxy collection install cyberark.pas.
To use it in a playbook, specify: cyberark.pas.cyberark_user.
New in version 2.4: of cyberark.pas
CyberArk User Management using PAS Web Services SDK, It currently supports the following actions Get User Details, Add User, Update User, Delete User.
| Parameter |
Choices/Defaults |
Comments |
|
change_password_on_the_next_logon
boolean
|
|
Whether or not the user must change their password in their next logon.
|
|
cyberark_session
dictionary
/ required
|
|
Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see cyberark_authentication module for an example of cyberark_session.
|
|
disabled
boolean
|
|
Whether or not the user will be disabled.
|
|
email
string
|
|
The user email address.
|
|
expiry_date
string
|
|
The date and time when the user account will expire and become disabled.
|
|
first_name
string
|
|
The user first name.
|
|
group_name
string
|
|
The name of the group the user will be added to.
|
|
initial_password
string
|
|
The password that the new user will use to log on the first time.
This password must meet the password policy requirements.
This parameter is required when state is present -- Add User.
|
|
last_name
string
|
|
The user last name.
|
|
location
string
|
|
The Vault Location for the user.
|
|
logging_file
string
|
Default:
"/tmp/ansible_cyberark.log"
|
Setting the log file name and location for troubleshooting logs.
|
|
logging_level
string
/ required
|
Choices:
NOTSET ← - DEBUG
- INFO
|
Parameter used to define the level of troubleshooting output to the logging_file value.
|
|
new_password
string
|
|
The user updated password. Make sure that this password meets the password policy requirements.
|
|
state
string
|
Choices:
- absent
present ←
|
Specifies the state needed for the user present for create user, absent for delete user.
|
|
user_type_name
string
|
|
The type of user.
The parameter defaults to EPVUser.
|
|
username
string
/ required
|
|
The name of the user who will be queried (for details), added, updated or deleted.
|
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: https://components.cyberark.local
use_shared_logon_authentication: yes
- name: Create user & immediately add it to a group
cyberark_user:
username: username
initial_password: password
user_type_name: EPVUser
change_password_on_the_next_logon: no
group_name: GroupOfUser
state: present
cyberark_session: '{{ cyberark_session }}'
- name: Make sure user is present and reset user credential if present
cyberark_user:
username: Username
new_password: password
disabled: no
state: present
cyberark_session: '{{ cyberark_session }}'
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: '{{ cyberark_session }}'
Common return values are documented here, the following are the fields unique to this module:
| Key |
Returned |
Description |
|
changed
boolean
|
always |
Whether there was a change done.
|
|
cyberark_user
complex
|
always |
Dictionary containing result properties.
|
| |
result
dictionary
|
success |
user properties when state is present
|
|
status_code
integer
|
success |
Result HTTP Status code
Sample:
200
|
Authors
Edward Nunez (@enunez-cyberark)
Cyberark Bizdev (@cyberark-bizdev)
Erasmo Acosta (@erasmix)
James Stutes (@jimmyjamcabd)
