cyberark.pas.cyberark_authentication – CyberArk Authentication using PAS Web Services SDK.
Note
This plugin is part of the cyberark.pas collection (version 1.0.13).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cyberark.pas
.
To use it in a playbook, specify: cyberark.pas.cyberark_authentication
.
New in version 2.4: of cyberark.pas
Synopsis
Authenticates to CyberArk Vault using Privileged Account Security Web Services SDK and creates a session fact that can be used by other modules. It returns an Ansible fact called cyberark_session. Every module can use this fact as
cyberark_session
parameter.
Parameters
Parameter |
Comments |
---|---|
A string containing the base URL of the server hosting CyberArk’s Privileged Account Security Web Services SDK. |
|
To support multiple connections for same user specify different value for this parameter. |
|
Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session. |
|
The new password of the user. This parameter is optional, and enables you to change a password. |
|
The password of the user. |
|
Specifies if an authentication logon/logoff and a cyberark_session should be added/removed. Choices:
|
|
Whether or not LDAP will be used. Choices:
|
|
Whether or not LDAP will be used. Choices:
|
|
Whether or not users will be authenticated via a RADIUS server. Valid values are true/false. Choices:
|
|
Whether or not Windows will be used. Choices:
|
|
The name of the user who will logon to the Vault. |
|
If Choices:
|
Examples
- name: Logon - use_shared_logon_authentication
cyberark_authentication:
api_base_url: "{{ web_services_base_url }}"
use_shared_logon_authentication: yes
- name: Logon - Not use_shared_logon_authentication
cyberark_authentication:
api_base_url: "{{ web_services_base_url }}"
username: "{{ password_object.password }}"
password: "{{ password_object.passprops.username }}"
use_shared_logon_authentication: no
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: "{{ cyberark_session }}"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Authentication facts. Returned: success |
|
Base URL for API calls. Returned in the cyberark_session, so it can be used in subsequent calls. Returned: always |
|
The token that identifies the session, encoded in BASE 64. Returned: always |
|
Whether or not Shared Logon Authentication was used to establish the session. Returned: always |
|
Whether or not SSL certificates should be validated. Returned: always |
Authors
Edward Nunez (@enunez-cyberark) CyberArk BizDev
Cyberark Bizdev (@cyberark-bizdev)
Edgar Mota