cyberark.pas.cyberark_user – CyberArk User Management using PAS Web Services SDK.

Note

This plugin is part of the cyberark.pas collection (version 1.0.6).

To install it use: ansible-galaxy collection install cyberark.pas.

To use it in a playbook, specify: cyberark.pas.cyberark_user.

New in version 2.4: of cyberark.pas

Synopsis

• CyberArk User Management using PAS Web Services SDK, It currently supports the following actions Get User Details, Add User, Update User, Delete User.

Parameters

Parameter	Choices/Defaults	Comments
change_password_on_the_next_logon boolean	Choices: no ← yes	Whether or not the user must change their password in their next logon.
cyberark_session dictionary / required		Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see cyberark_authentication module for an example of cyberark_session.
disabled boolean	Choices: no ← yes	Whether or not the user will be disabled.
email string		The user email address.
expiry_date string		The date and time when the user account will expire and become disabled.
first_name string		The user first name.
group_name string		The name of the group the user will be added to.
initial_password string		The password that the new user will use to log on the first time. This password must meet the password policy requirements. This parameter is required when state is present -- Add User.
last_name string		The user last name.
location string		The Vault Location for the user.
logging_file string	Default: "/tmp/ansible_cyberark.log"	Setting the log file name and location for troubleshooting logs.
logging_level string / required	Choices: NOTSET ← DEBUG INFO	Parameter used to define the level of troubleshooting output to the logging_file value.
new_password string		The user updated password. Make sure that this password meets the password policy requirements.
state string	Choices: absent present ←	Specifies the state needed for the user present for create user, absent for delete user.
user_type_name string		The type of user. The parameter defaults to EPVUser.
username string / required		The name of the user who will be queried (for details), added, updated or deleted.

Examples

- name: Logon to CyberArk Vault using PAS Web Services SDK
  cyberark_authentication:
    api_base_url: https://components.cyberark.local
    use_shared_logon_authentication: yes

- name: Create user & immediately add it to a group
  cyberark_user:
    username: username
    initial_password: password
    user_type_name: EPVUser
    change_password_on_the_next_logon: no
    group_name: GroupOfUser
    state: present
    cyberark_session: '{{ cyberark_session }}'

- name: Make sure user is present and reset user credential if present
  cyberark_user:
    username: Username
    new_password: password
    disabled: no
    state: present
    cyberark_session: '{{ cyberark_session }}'

- name: Logoff from CyberArk Vault
  cyberark_authentication:
    state: absent
    cyberark_session: '{{ cyberark_session }}'

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key		Returned	Description
changed boolean		always	Whether there was a change done.
cyberark_user complex		always	Dictionary containing result properties.
	result dictionary	success	user properties when state is present
status_code integer		success	Result HTTP Status code Sample: 200

Authors

• Edward Nunez (@enunez-cyberark)

• Cyberark Bizdev (@cyberark-bizdev)

• Erasmo Acosta (@erasmix)

• James Stutes (@jimmyjamcabd)