cyberark.pas.cyberark_authentication – CyberArk Authentication using PAS Web Services SDK.

Note

This plugin is part of the cyberark.pas collection (version 1.0.13).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cyberark.pas.

To use it in a playbook, specify: cyberark.pas.cyberark_authentication.

New in version 2.4: of cyberark.pas

Synopsis

  • Authenticates to CyberArk Vault using Privileged Account Security Web Services SDK and creates a session fact that can be used by other modules. It returns an Ansible fact called cyberark_session. Every module can use this fact as cyberark_session parameter.

Parameters

Parameter Choices/Defaults Comments
api_base_url
string
A string containing the base URL of the server hosting CyberArk's Privileged Account Security Web Services SDK.
connection_number
integer
To support multiple connections for same user specify
different value for this parameter.
cyberark_session
dictionary
Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session.
new_password
string
The new password of the user. This parameter is optional, and enables you to change a password.
password
string
The password of the user.
state
string
    Choices:
  • present ←
  • absent
Specifies if an authentication logon/logoff and a cyberark_session should be added/removed.
use_cyberark_authentication
boolean
    Choices:
  • no ←
  • yes
Whether or not LDAP will be used.
use_ldap_authentication
boolean
    Choices:
  • no ←
  • yes
Whether or not LDAP will be used.
use_radius_authentication
boolean
    Choices:
  • no ←
  • yes
Whether or not users will be authenticated via a RADIUS server. Valid values are true/false.
use_windows_authentication
boolean
    Choices:
  • no ←
  • yes
Whether or not Windows will be used.
username
string
The name of the user who will logon to the Vault.
validate_certs
boolean
    Choices:
  • no
  • yes ←
If false, SSL certificates will not be validated. This should only set to false used on personally controlled sites using self-signed certificates.

Examples

- name: Logon - use_shared_logon_authentication
  cyberark_authentication:
    api_base_url: "{{ web_services_base_url }}"
    use_shared_logon_authentication: yes

- name: Logon - Not use_shared_logon_authentication
  cyberark_authentication:
    api_base_url: "{{ web_services_base_url }}"
    username: "{{ password_object.password }}"
    password: "{{ password_object.passprops.username }}"
    use_shared_logon_authentication: no

- name: Logoff from CyberArk Vault
  cyberark_authentication:
    state: absent
    cyberark_session: "{{ cyberark_session }}"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
cyberark_session
complex
success
Authentication facts.

 
api_base_url
string
always
Base URL for API calls. Returned in the cyberark_session, so it can be used in subsequent calls.

 
token
string
always
The token that identifies the session, encoded in BASE 64.

 
use_shared_logon_authentication
boolean
always
Whether or not Shared Logon Authentication was used to establish the session.

 
validate_certs
boolean
always
Whether or not SSL certificates should be validated.



Authors

  • Edward Nunez (@enunez-cyberark) CyberArk BizDev

  • Cyberark Bizdev (@cyberark-bizdev)

  • Edgar Mota