- Docs »
- cyberark_authentication – Module for CyberArk Vault Authentication using PAS Web Services SDK
-
Edit on GitHub
You are reading an older version of the Ansible documentation. Use the version selection to the left if you want the latest stable released version.
cyberark_authentication – Module for CyberArk Vault Authentication using PAS Web Services SDK
- Authenticates to CyberArk Vault using Privileged Account Security Web Services SDK and creates a session fact that can be used by other modules. It returns an Ansible fact called cyberark_session. Every module can use this fact as
cyberark_session parameter.
| Parameter |
Choices/Defaults |
Comments |
|
api_base_url
-
|
|
A string containing the base URL of the server hosting CyberArk's Privileged Account Security Web Services SDK.
|
|
cyberark_session
-
|
|
Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session.
|
|
new_password
-
|
|
The new password of the user. This parameter is optional, and enables you to change a password.
|
|
password
-
|
|
The password of the user.
|
|
state
-
|
Choices:
present ← - absent
|
Specifies if an authentication logon/logoff and a cyberark_session should be added/removed.
|
|
use_radius_authentication
boolean
|
|
Whether or not users will be authenticated via a RADIUS server. Valid values are true/false.
|
|
use_shared_logon_authentication
boolean
|
|
Whether or not Shared Logon Authentication will be used.
|
|
username
-
|
|
The name of the user who will logon to the Vault.
|
|
validate_certs
boolean
|
|
If false, SSL certificates will not be validated. This should only set to false used on personally controlled sites using self-signed certificates.
|
- name: Logon to CyberArk Vault using PAS Web Services SDK - use_shared_logon_authentication
cyberark_authentication:
api_base_url: "{{ web_services_base_url }}"
use_shared_logon_authentication: yes
- name: Logon to CyberArk Vault using PAS Web Services SDK - Not use_shared_logon_authentication
cyberark_authentication:
api_base_url: "{{ web_services_base_url }}"
username: "{{ password_object.password }}"
password: "{{ password_object.passprops.username }}"
use_shared_logon_authentication: no
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Common return values are documented here, the following are the fields unique to this module:
| Key |
Returned |
Description |
|
cyberark_session
dictionary
|
success |
Authentication facts.
Sample:
{'api_base_url': {'description': 'Base URL for API calls. Returned in the cyberark_session, so it can be used in subsequent calls.', 'type': 'str', 'returned': 'always'}, 'token': {'description': 'The token that identifies the session, encoded in BASE 64.', 'type': 'str', 'returned': 'always'}, 'use_shared_logon_authentication': {'description': 'Whether or not Shared Logon Authentication was used to establish the session.', 'type': 'bool', 'returned': 'always'}, 'validate_certs': {'description': 'Whether or not SSL certificates should be validated.', 'type': 'bool', 'returned': 'always'}}
|
Authors
- Edward Nunez (@enunez-cyberark) CyberArk BizDev
- Cyberark Bizdev (@cyberark-bizdev)
- erasmix (@erasmix)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
