cyberark.pas.cyberark_user module – CyberArk User Management using PAS Web Services SDK.
Note
This module is part of the cyberark.pas collection (version 1.0.14).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install cyberark.pas
.
To use it in a playbook, specify: cyberark.pas.cyberark_user
.
New in version 2.4: of cyberark.pas
Synopsis
CyberArk User Management using PAS Web Services SDK, It currently supports the following actions Get User Details, Add User, Update User, Delete User.
Parameters
Parameter |
Comments |
---|---|
A list of authorization options for this user. Options can include AddSafes and AuditUsers The default provides backwards compatability with older versions of the collection Default: [“AddSafes”, “AuditUsers”] |
|
Whether or not the user must change their password in their next logon. Choices:
|
|
Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see M(cyberark_authentication) module for an example of cyberark_session. |
|
Whether or not the user will be disabled. Choices:
|
|
The user email address. |
|
The date and time when the user account will expire and become disabled. |
|
The user first name. |
|
The name of the group the user will be added to. Causes an additional lookup in cyberark Will be ignored if vault_id is used Will cause a failure if group is missing or more than one group with that name exists |
|
The password that the new user will use to log on the first time. This password must meet the password policy requirements. This parameter is required when state is present – Add User. |
|
The user last name. |
|
The Vault Location for the user. |
|
Setting the log file name and location for troubleshooting logs. Default: “/tmp/ansible_cyberark.log” |
|
Parameter used to define the level of troubleshooting output to the Choices:
|
|
The user updated password. Make sure that this password meets the password policy requirements. |
|
Specifies the state needed for the user present for create user, absent for delete user. Choices:
|
|
How long to wait for the server to send data before giving up Default: 10 |
|
The type of user. The parameter defaults to |
|
The name of the user who will be queried (for details), added, updated or deleted. |
|
The ID of the user group to add the user to Prefered over group_name |
Examples
- name: Logon to CyberArk Vault using PAS Web Services SDK
cyberark_authentication:
api_base_url: https://components.cyberark.local
use_shared_logon_authentication: yes
- name: Create user & immediately add it to a group
cyberark_user:
username: username
initial_password: password
user_type_name: EPVUser
change_password_on_the_next_logon: no
group_name: GroupOfUser
state: present
cyberark_session: '{{ cyberark_session }}'
- name: Make sure user is present and reset user credential if present
cyberark_user:
username: Username
new_password: password
disabled: no
state: present
cyberark_session: '{{ cyberark_session }}'
- name: Logoff from CyberArk Vault
cyberark_authentication:
state: absent
cyberark_session: '{{ cyberark_session }}'
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Whether there was a change done. Returned: always |
|
Dictionary containing result properties. Returned: always |
|
user properties when state is present Returned: success |
|
Result HTTP Status code Returned: success Sample: 200 |
Authors
Edward Nunez (@enunez-cyberark)
Cyberark Bizdev (@cyberark-bizdev)
Erasmo Acosta (@erasmix)
James Stutes (@jimmyjamcabd)