You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

cyberark_user - Module for CyberArk User Management using PAS Web Services SDK¶

New in version 2.4.

Synopsis
Options
Examples
Return Values
- Status

Synopsis ¶

CyberArk User Management using PAS Web Services SDK. It currently supports the following actions Get User Details, Add User, Update User, Delete User.

Options ¶

parameter	required	default	choices	comments
change_password_on_the_next_logon	no	no	yes no	Whether or not the user must change their password in their next logon. Valid values = true/false.
cyberark_session	yes			Dictionary set by a CyberArk authentication containing the different values to perform actions on a logged-on CyberArk session, please see cyberark_authentication module for an example of cyberark_session.
disabled	no	no	yes no	Whether or not the user will be disabled. Valid values = true/false.
email	no			The user email address.
expiry_date	no			The date and time when the user account will expire and become disabled.
first_name	no			The user first name.
group_name	no			The name of the group the user will be added to.
initial_password	no			The password that the new user will use to log on the first time. This password must meet the password policy requirements. this parameter is required when state is present -- Add User.
last_name	no			The user last name.
location	no			The Vault Location for the user.
new_password	no			The user updated password. Make sure that this password meets the password policy requirements.
state	no	present	present absent	Specifies the state needed for the user present for create user, absent for delete user.
user_type_name	no	EPVUser		The type of user.
username	yes			The name of the user who will be queried (for details), added, updated or deleted.

Examples ¶

- name: Logon to CyberArk Vault using PAS Web Services SDK
  cyberark_authentication:
    api_base_url: "https://components.cyberark.local"
    use_shared_logon_authentication: true

- name: Create user & immediately add it to a group
  cyberark_user:
    username: "username"
    initial_password: "password"
    user_type_name: "EPVUser"
    change_password_on_the_next_logon: false
    group_name: "GroupOfUsers"
    state: present
    cyberark_session: "{{ cyberark_session }}"

- name: Make sure user is present and reset user credential if present
  cyberark_user:
    username: "Username"
    new_password: "password"
    disabled: false
    state: present
    cyberark_session: "{{ cyberark_session }}"

- name: Logoff from CyberArk Vault
  cyberark_authentication:
    state: absent
    cyberark_session: "{{ cyberark_session }}"

Return Values ¶

Common return values are documented here Return Values, the following are the fields unique to this module:

name	description	returned	type	sample
changed	Whether there was a change done.	always	bool
cyberark_user	Dictionary containing result properties.	always	dict	{'result': {'type': 'dict', 'description': 'user properties when state is present', 'returned': 'success'}}
status_code	Result HTTP Status code	success	int	200

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.