CyberArk

the cyberark connector facilitates secure privileged access management by automating user and account operations within the cyberark vault cyberark is a leader in privileged access management, securing privileged credentials and secrets in an enterprise environment the cyberark turbine connector enables secure, automated credential management and privileged access within swimlane turbine's low code security automation platform by integrating with cyberark, users can streamline privileged account operations, enhance security posture, and ensure compliance with industry regulations through centralized management of sensitive credentials prerequisites to effectively utilize the cyberark connector within swimlane turbine, ensure you have the following prerequisites http basic authentication with these parameters url endpoint url for the cyberark vault username user name for authentication password password for authentication oauth 2 0 client credentials with these parameters url endpoint url for the cyberark vault client id unique identifier for the oauth client client secret secret key for the oauth client identity tenant id identifier for the tenant in the identity platform capabilities the cyberark connector provides the following capabilities add account add account to group add user add user to group change account credentials delete account delete account from group delete user get account details get accounts get all safe members get all safes get applications get password value get security events and so on notes for more information on api's refer cyberark documentation https //docs cyberark com/pam self hosted/latest/en/content/webservices/implementing%20privileged%20account%20security%20web%20services%20 htm?tocpath=developer%7crest%20apis%7c 0oauth authentication https //docs cyberark com/ispss deployment/latest/en/content/ispss/ispss api authentication htm this connector was developed against product version 14 0 configurations cyberark http basic authentication authenticates using username and password configuration parameters parameter description type required url a url to the target host string required username username string required password password string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional cyberark oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required identity tenant id identity tenant id string required client id user name the user login name as displayed in the identity administration portal users list login name@ string required client secret password the access password defined for the user string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add account adds a new privileged account or ssh key to the cyberark vault with specified platformid and safename endpoint url /passwordvault/api/accounts method post input argument name type required description name string optional the name of the account address string optional the name or address of the machine where the account will be used username string optional account user's name platformid string optional the platform assigned to this account safename string optional the safe where the account is created secrettype string optional the type of password secret string optional the password value platformaccountproperties object optional the object containing key value pairs to associate with the account, as defined by the account platform secretmanagement object optional parameter for add account secretmanagement automaticmanagementenabled boolean optional whether the account secret is automatically managed by the cpm secretmanagement manualmanagementreason string optional reason for disabling automatic secret management secretmanagement status string optional account management status secretmanagement lastmodifieddatetime string optional last modified date of the account secretmanagement lastreconcileddatetime string optional last reconciled date of the account secretmanagement lastverifieddatetime string optional last verified date of the account remotemachinesaccess object optional parameter for add account remotemachinesaccess remotemachines string optional list of remote machines, separated by semicolons remotemachinesaccess accessrestrictedtoremotemachines boolean optional whether or not to restrict access only to specified remote machines input example {"json body" {"name" "test","address" "ip","username" "test user","platformid" "winserverlocal","safename" "test safe","secrettype" "key","secret" "test","platformaccountproperties" {},"secretmanagement" {"automaticmanagementenabled"\ true,"manualmanagementreason" "test reason","status" "succeeded","lastmodifieddatetime" "2024 01 10t20 03 52 250","lastreconcileddatetime" "2024 01 10t20 03 52 250","lastverifieddatetime" "2024 01 10t20 03 52 250"},"remotemachinesaccess" {"remotemachines" "server1 cyberark com;server2","accessrestrictedtoremotemachines"\ true}}} output parameter type description status code number http status code of the response reason string response reason phrase name string name of the resource address string output field address username string name of the resource platformid string unique identifier safename string name of the resource secrettype string type of the resource secret string output field secret platformaccountproperties object output field platformaccountproperties secretmanagement object output field secretmanagement secretmanagement automaticmanagementenabled boolean output field secretmanagement automaticmanagementenabled secretmanagement manualmanagementreason string response reason phrase remotemachinesaccess object output field remotemachinesaccess remotemachinesaccess remotemachines string output field remotemachinesaccess remotemachines remotemachinesaccess accessrestrictedtoremotemachines boolean output field remotemachinesaccess accessrestrictedtoremotemachines output example {"status code" 201,"response headers" {},"reason" "created","json body" {"name" "string","address" "string","username" "string","platformid" "string","safename" "string","secrettype" "key","secret" "string","platformaccountproperties" {},"secretmanagement" {"automaticmanagementenabled"\ true,"manualmanagementreason" "string"},"remotemachinesaccess" {"remotemachines" "string","accessrestrictedtoremotemachines"\ true}}} add account to group adds a specified account to an existing cyberark group by utilizing the provided groupid and accountid endpoint url /passwordvault/api/accountgroups/{{groupid}}/members/ method post input argument name type required description path parameters groupid string required the unique id of account group accountid string optional the id of the account that will be added as a member to the group input example {"json body" {"accountid" "456"},"path parameters" {"groupid" "123"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 201,"response headers" {},"reason" "created","json body" {}} add user adds a new user to the cyberark vault with the provided username via a json body input endpoint url /passwordvault/api/users/ method post input argument name type required description username string optional the name of the user usertype string optional the user type that was returned according to the license unauthorizedinterfaces array optional the user type that was returned according to the license location string optional the location in the vault where the user will be created expirydate number optional the date when the user expires useractivitylogretentiondays number optional the number of days that a user's account activity records are stored before they are deleted loginfromhour number optional the starting time of the timeframe in which a user can log in to an account logintohour number optional the ending time of the timeframe in which a user can log in to an account enableuser boolean optional whether the user will be enabled upon creation authenticationmethod array optional the authentication method that the user will use to log on initialpassword string optional the password that the user will use to log on for the first time changepassonnextlogon boolean optional whether or not the user must change their password from the second log on onward passwordneverexpires boolean optional whether the user's password will not expire unless they decide to change it distinguishedname string optional the user's distinguished name vaultauthorization array optional the user permissions businessaddress object optional the user's postal address, including city, state, zip, country and street businessaddress workstreet string optional parameter for add user businessaddress workcity string optional parameter for add user businessaddress workstate string optional parameter for add user businessaddress workzip string optional parameter for add user businessaddress workcountry string optional parameter for add user internet object optional the user's email addresses, including home page, home email, business email and other email internet homepage string optional parameter for add user internet homeemail string optional parameter for add user internet businessemail string optional parameter for add user input example {"json body" {"username" "newuser","usertype" "epvuser","unauthorizedinterfaces" \["pimsu","psm"],"location" "\\\\","expirydate" 1577836800,"useractivitylogretentiondays" 30,"loginfromhour" 1577836800,"logintohour" 1577836800,"enableuser"\ true,"authenticationmethod" \["authtypepass"],"initialpassword" "mypassword123","changepassonnextlogon"\ true,"passwordneverexpires"\ true,"distinguishedname" "newuser\@cyberark","vaultauthorization" \["addsafes","auditusers"],"businessaddress" {"workstreet" "hapssagot 9","workcity" "petah tikva","workstate" "israel","workzip" "9999999","workcountry" "israel"},"internet" {"homepage" "cyberark com","homeemail" "user\@gmail com","businessemail" "user\@cyberark com","otheremail" "user2\@gmail com"},"phones" {"homenumber" "555123456","businessnumber" "555456789","cellularnumber" "555789789","faxnumber" "999999","pagernumber" "111111"},"description" "this user is privileged","personaldetails" {"street" "2 second street","city" "tel aviv","state" "israel","zip" "123456","country" "israel","title" "mr vip","organization" "cyberark","department" "r\&d","profession" "software development","firstname" "john","middlename" "don","lastname" "smith"}}} output parameter type description status code number http status code of the response reason string response reason phrase enableuser boolean output field enableuser changepassonnextlogon boolean output field changepassonnextlogon expirydate number date value suspended boolean output field suspended lastsuccessfullogindate number whether the operation was successful unauthorizedinterfaces array output field unauthorizedinterfaces authenticationmethod array http method to use passwordneverexpires boolean output field passwordneverexpires distinguishedname string name of the resource description string output field description businessaddress object output field businessaddress businessaddress workstreet string output field businessaddress workstreet businessaddress workcity string output field businessaddress workcity businessaddress workstate string output field businessaddress workstate businessaddress workzip string output field businessaddress workzip businessaddress workcountry string output field businessaddress workcountry internet object output field internet internet homepage string output field internet homepage internet homeemail string output field internet homeemail internet businessemail string output field internet businessemail internet otheremail string output field internet otheremail phones object output field phones phones homenumber string output field phones homenumber output example {"status code" 201,"response headers" {},"reason" "created","json body" {"enableuser"\ true,"changepassonnextlogon"\ true,"expirydate" 1577836800,"suspended"\ false,"lastsuccessfullogindate" 1561282853,"unauthorizedinterfaces" \["psmp","psm"],"authenticationmethod" \["authtypepass"],"passwordneverexpires"\ true,"distinguishedname" "newuser\@cyberark","description" "this user is privileged","businessaddress" {"workstreet" "9999999","workcity" "white mountain","workstate" "10 first street","workzip" "123 add user to group adds a user to a cyberark vault group by using the group's id and the user's member id endpoint url /passwordvault/api/usergroups/{{id}}/members/ method post input argument name type required description path parameters id string required the unique id of the vault group memberid string optional the name of the vault user or ldap group to add to the vault group membertype string optional the type of user being added to the vault group this differentiates members who are domain users from members who are vault users domainname string optional the dns address of the domain input example {"json body" {"memberid" "mock vault","membertype" "vault","domainname" "www"},"path parameters" {"id" "123"}} output parameter type description status code number http status code of the response reason string response reason phrase memberid string unique identifier membertype string type of the resource domainname string name of the resource output example {"status code" 201,"response headers" {},"reason" "created","json body" {"memberid" "string","membertype" "vault","domainname" "string"}} change account credentials initiates an immediate credential change for a specified account in cyberark using the accountid endpoint url /passwordvault/api/accounts/{{accountid}}/change/ method post input argument name type required description path parameters accountid string required the unique id of the account changeentiregroup boolean optional whether or not the cpm will change the credentials in all the accounts that belong to the same group input example {"json body" {"changeentiregroup"\ true},"path parameters" {"accountid" "123"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 204,"response headers" {},"reason" "no content","response text" ""} delete account permanently removes a specified account from the cyberark vault using the unique account id provided in path parameters endpoint url /passwordvault/api/accounts/{{id}}/ method delete input argument name type required description path parameters id string required the account's unique id, composed of the safeid and internal accountid of the account to delete input example {"path parameters" {"id" "123"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 204,"response headers" {},"reason" "no content","response text" ""} delete account from group removes a specified account from a cyberark group using the provided groupid and accountid endpoint url /passwordvault/api/accountgroups/{{groupid}}/members/{{accountid}}/ method delete input argument name type required description path parameters groupid string required the unique id of the group path parameters accountid string required the unique id of the account input example {"path parameters" {"groupid" "123","accountid" "456"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 204,"response headers" {},"reason" "no content","response text" ""} delete user removes a specified user from the cyberark vault by utilizing the provided userid endpoint url /passwordvault/api/users/{{userid}}/ method delete input argument name type required description path parameters userid string required the user's unique id input example {"path parameters" {"userid" "45"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 204,"response headers" {},"reason" "no content","response text" ""} get account details retrieve specific account details from cyberark using the unique account identifier (id) provided in path parameters endpoint url passwordvault/api/accounts/{{id}}/ method get input argument name type required description path parameters id string required the account's unique id input example {"path parameters" {"id" "acc 1"}} output parameter type description status code number http status code of the response reason string response reason phrase categorymodificationtime number time value id string unique identifier name string name of the resource address string output field address username string name of the resource platformid string unique identifier safename string name of the resource secrettype string type of the resource platformaccountproperties object output field platformaccountproperties secretmanagement object output field secretmanagement secretmanagement automaticmanagementenabled boolean output field secretmanagement automaticmanagementenabled secretmanagement manualmanagementreason string response reason phrase secretmanagement status string status value secretmanagement lastmodifiedtime number time value secretmanagement lastreconciledtime number time value secretmanagement lastverifiedtime number time value remotemachinesaccess object output field remotemachinesaccess remotemachinesaccess remotemachines string output field remotemachinesaccess remotemachines remotemachinesaccess accessrestrictedtoremotemachines boolean output field remotemachinesaccess accessrestrictedtoremotemachines createdtime number time value output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"categorymodificationtime" 1588049324,"id" "string","name" "string","address" "string","username" "string","platformid" "string","safename" "string","secrettype" "key","platformaccountproperties" {},"secretmanagement" {"automaticmanagementenabled"\ true,"manualmanagementreason" "string","status" "inprocess","lastmodifiedtime" 0,"lastreconciledtime" 0,"lastverifiedtime" 0},"remotemachinesaccess" {"remotemachines" "string","accessr get accounts retrieve a comprehensive list of all accounts stored within the cyberark vault, providing an overview of credentials endpoint url /passwordvault/api/accounts method get input argument name type required description parameters search string optional a list of keywords to search for in accounts, separated by a space parameters searchtype string optional get accounts that either contain or start with the value specified in the search parameter parameters sort string optional the property or properties that you want to sort returned accounts, followed by asc (default) or desc to control sort direction separate multiple properties with commas, up to a maximum of three properties parameters offset number optional offset of the first account that is returned in the collection of results parameters limit number optional the maximum number of returned accounts the maximum number that you can specify is 1000 parameters filter string optional search for accounts using a filter parameters savedfilter string optional search for accounts using a saved filter(s) input example {"parameters" {"search" "windows admin","searchtype" "contains","sort" "windows asc","offset" 0,"limit" 10,"filter" "safename eq mysafe and modificationtime gte 0","savedfilter" "deleted"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier name string name of the resource address string output field address username string name of the resource platformid string unique identifier safename string name of the resource secrettype string type of the resource platformaccountproperties object output field platformaccountproperties secretmanagement object output field secretmanagement secretmanagement automaticmanagementenabled boolean output field secretmanagement automaticmanagementenabled secretmanagement manualmanagementreason string response reason phrase secretmanagement status string status value secretmanagement lastmodifiedtime number time value secretmanagement lastreconciledtime number time value secretmanagement lastverifiedtime number time value remotemachinesaccess object output field remotemachinesaccess remotemachinesaccess remotemachines string output field remotemachinesaccess remotemachines remotemachinesaccess accessrestrictedtoremotemachines boolean output field remotemachinesaccess accessrestrictedtoremotemachines createdtime number time value categorymodificationtime number time value output example {"status code" 200,"response headers" {},"reason" "success","json body" {"id" "string","name" "string","address" "string","username" "string","platformid" "string","safename" "string","secrettype" "key","platformaccountproperties" {},"secretmanagement" {"automaticmanagementenabled"\ true,"manualmanagementreason" "string","status" "inprocess","lastmodifiedtime" 0,"lastreconciledtime" 0,"lastverifiedtime" 0},"remotemachinesaccess" {"remotemachines" "string","accessrestrictedtoremotemachines"\ true}, get all safe members retrieve all members associated with a specified cyberark safe, identified by the safeurlid endpoint url passwordvault/api/safes/{{safeurlid}}/members/ method get input argument name type required description path parameters safeurlid string required the unique id of the safe used when calling safe apis parameters filter string optional filters are according to the rest standard parameters search string optional searches according to the safe name parameters offset number optional offset of the first member that is returned in the collection of results parameters limit number optional the maximum number of members that are returned parameters sort string optional sorts according to the membername property in ascending order (default) or descending order to control the sort direction input example {"parameters" {"filter" "membertype eq user","search" "searchword","offset" 0,"limit" 25,"sort" "asc"},"path parameters" {"safeurlid" "safe12345"}} output parameter type description status code number http status code of the response reason string response reason phrase value array value for the parameter value safeurlid string url endpoint for the request value safename string name of the resource value safenumber number value for the parameter value memberid string unique identifier value membername string name of the resource value membertype string type of the resource value membershipexpirationdate object value for the parameter value isexpiredmembershipenable boolean value for the parameter value ispredefineduser boolean value for the parameter value permissions object value for the parameter value permissions useaccounts boolean value for the parameter value permissions retrieveaccounts boolean value for the parameter value permissions listaccounts boolean value for the parameter value permissions addaccounts boolean value for the parameter value permissions updateaccountcontent boolean value for the parameter value permissions updateaccountproperties boolean value for the parameter value permissions initiatecpmaccountmanagementoperations boolean value for the parameter value permissions specifynextaccountcontent boolean value for the parameter value permissions renameaccounts boolean name of the resource value permissions deleteaccounts boolean value for the parameter value permissions unlockaccounts boolean value for the parameter value permissions managesafe boolean value for the parameter output example {"status code" 200,"response headers" {},"reason" "ok","json body" {"value" \[{}],"count" 8}} get all safes retrieve all accessible safes within the cyberark vault based on user permissions endpoint url /passwordvault/api/safes/ method get input argument name type required description parameters search string optional searches according to the safe name search is performed according to the rest standard (search="search word") parameters offset number optional offset of the first safe that is returned in the collection of results parameters limit number optional the maximum number of safes that are returned parameters sort string optional sorts according to the safename property in ascending order (default) or descending order to control the sort direction parameters includeaccounts boolean optional whether or not to return accounts for each safe as part of the response parameters extendeddetails boolean optional whether or not to return all safe details or only safename as part of the response input example {"parameters" {"search" "test safe","offset" 0,"limit" 1,"sort" "safename desc","includeaccounts"\ false,"extendeddetails"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase value array value for the parameter value safeurlid string url endpoint for the request value safename string name of the resource value safenumber number value for the parameter value description string value for the parameter value location string value for the parameter value creator object value for the parameter value creator id string unique identifier value creator name string name of the resource value olacenabled boolean value for the parameter value managingcpm string value for the parameter value numberofversionsretention object value for the parameter value numberofdaysretention number value for the parameter value autopurgeenabled boolean value for the parameter value creationtime number value for the parameter value lastmodificationtime number value for the parameter value isexpiredmember boolean value for the parameter count number count value nextlink string output field nextlink output example {"status code" 200,"response headers" {},"reason" "success","json body" {"value" \[{}],"count" 1769,"nextlink" "api/safes?offset=25\&limit=25\&usecache=false"}} get applications obtain a complete list of applications stored in the cyberark vault, ensuring secure access to application credentials endpoint url /passwordvault/webservices/pimservices svc/applications/ method get input argument name type required description parameters appid string optional the application name parameters location string optional the location of the application in the vault hierarchy parameters includesublocations boolean optional whether or not the search will be performed in sublocations of the specified location input example {"parameters" {"appid" "app1","location" "\\\\","includesublocations"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase application array output field application application accesspermittedfrom string output field application accesspermittedfrom application accesspermittedto string output field application accesspermittedto application allowextendedauthenticationrestrictions boolean output field application allowextendedauthenticationrestrictions application appid string unique identifier application businessowneremail string output field application businessowneremail application businessownerfname string name of the resource application businessownerlname string name of the resource application businessownerphone string output field application businessownerphone application description string output field application description application disabled boolean output field application disabled application expirationdate string date value application location string output field application location output example {"status code" 200,"response headers" {},"reason" "success","json body" {"application" \[{}]}} get password value retrieves a password or ssh key for a specified account in cyberark using the account id, optionally including a reason and ticket id endpoint url passwordvault/api/accounts/{{accountid}}/password/retrieve/ method post input argument name type required description path parameters accountid string required the unique id of the account reason string optional the reason that is required to retrieve the password/ssh key ticketingsystemname string optional the name of the ticketing system ticketid string optional the ticket id of the ticketing system version number optional the version number of the required password if there are no previous versions, the current password/key version is returned valid values are any positive numbers actiontype string optional the action this password will be used for isuse boolean optional internal parameter (for psm for ssh only) machine string optional the address of the remote machine to connect to input example {"json body" {"reason" "reason","ticketingsystemname" "ticketing system 1","ticketid" "ticketid 1","version" 1 1,"actiontype" "show","isuse"\ true,"machine" "127 32 13 1"},"path parameters" {"accountid" "acc 1"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "ok","json body" "\<mypassword>"} get security events retrieve all privileged threat analytics (pta) security events from cyberark to monitor and analyze threats endpoint url /passwordvault/api/pta/api/events/ method get input argument name type required description parameters fromupdatedate number optional the starting date to get the security events from (calculated by the number of seconds since 1970) parameters status string optional the status of the security event (open or closed) parameters accountid string optional the unique account identifier of the account that is referred to in the security event input example {"parameters" {"fromupdatedate" 1577836800,"status" "open","accountid" "3 279"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {},"reason" "success","json body" \[{"id" "444445e56bbb0b0a063f4444","type" "psmsuspiciousactivity","score" 70,"createtime" 1586134861000,"lastupdatetime" 1586134861000,"audits" \[],"additionaldata" {},"mstatus" "open"},{"id" "555545e56aaa0b0a063ff555","type" "psmsuspiciousactivity","score" 70,"createtime" 1586134862000,"lastupdatetime" 1586134862000,"audits" \[],"additionaldata" {},"mstatus" "closed","closereason" "handled","reasontext" "handled by soc team"}] get user details retrieve detailed information for a specified user in cyberark vault by providing the userid endpoint url /passwordvault/api/users/{{userid}}/ method get input argument name type required description path parameters userid string required the id of the user for which information is returned input example {"path parameters" {"userid" "45"}} output parameter type description status code number http status code of the response reason string response reason phrase enableuser boolean output field enableuser changepassonnextlogon boolean output field changepassonnextlogon expirydate number date value suspended boolean output field suspended lastsuccessfullogindate number whether the operation was successful unauthorizedinterfaces array output field unauthorizedinterfaces authenticationmethod array http method to use passwordneverexpires boolean output field passwordneverexpires distinguishedname string name of the resource description string output field description businessaddress object output field businessaddress businessaddress workstreet string output field businessaddress workstreet businessaddress workcity string output field businessaddress workcity businessaddress workstate string output field businessaddress workstate businessaddress workzip string output field businessaddress workzip businessaddress workcountry string output field businessaddress workcountry internet object output field internet internet homepage string output field internet homepage internet homeemail string output field internet homeemail internet businessemail string output field internet businessemail internet otheremail string output field internet otheremail phones object output field phones phones homenumber string output field phones homenumber output example {"status code" 200,"response headers" {},"reason" "success","json body" {"enableuser"\ true,"changepassonnextlogon"\ false,"expirydate" 1577836800,"suspended"\ false,"lastsuccessfullogindate" 1561282853,"unauthorizedinterfaces" \["gui"],"authenticationmethod" \["authtypepass"],"passwordneverexpires"\ true,"distinguishedname" "johndoeroe","description" "john doe roe","businessaddress" {"workstreet" "kuritania street","workcity" "curitania","workstate" "suritania","workzip" "90211","workcountry" "rurita get user groups retrieve a comprehensive list of user groups available within cyberark for access management and control endpoint url /passwordvault/api/usergroups/ method get input argument name type required description parameters filter string optional filters according to the rest standard parameters sort string optional property or properties by which to sort returned users, followed by asc (default) or desc to control sort direction parameters search string optional searches according to the rest standard (searching with "contains") search matches when all search terms appear in the group name parameters includemembers boolean optional whether or not to return members for each user group as part of the response input example {"parameters" {"filter" "grouptype eq vault","sort" "name asc","search" "mock","includemembers"\ true}} output parameter type description status code number http status code of the response reason string response reason phrase value array value for the parameter value id number unique identifier value grouptype string type of the resource value members array value for the parameter value members username string name of the resource value members id number unique identifier value groupname string name of the resource value description string value for the parameter value location string value for the parameter count number count value output example {"status code" 200,"response headers" {},"reason" "success","json body" {"value" \[{}],"count" 1}} get users retrieves a list of all users in the cyberark vault, excluding master and batch built in users endpoint url /passwordvault/api/users/ method get input argument name type required description parameters filter string optional filters according to the rest standard search for users using the following filters usertype, componentuser and username parameters sort string optional property or properties by which to sort returned users, followed by asc (default) or desc to control sort direction parameters search string optional search using the following values username, firstname and lastname parameters extendeddetails boolean optional returns additional user details as user groups and userdn for ldap users parameters pageoffset number optional offsets the first user that is returned in the results parameters pagesize number optional when used together with the offset parameter, this value determines the maximum number of users to return input example {"parameters" {"filter" "username eq test","sort" "username asc","search" "username","extendeddetails"\ true,"pageoffset" 0,"pagesize" 1}} output parameter type description status code number http status code of the response reason string response reason phrase users array output field users users id number unique identifier users username string name of the resource users source string output field users source users usertype string type of the resource users componentuser boolean output field users componentuser users groupsmembership array output field users groupsmembership users groupsmembership groupid number unique identifier users groupsmembership groupname string name of the resource users groupsmembership grouptype string type of the resource users vaultauthorization array output field users vaultauthorization users location string output field users location users personaldetails object output field users personaldetails users personaldetails firstname string name of the resource users personaldetails middlename string unique identifier users personaldetails lastname string name of the resource total number output field total output example {"status code" 200,"response headers" {},"reason" "success","json body" {"users" \[{}],"total" 1}} remove user from group removes a specified user from a cyberark vault user group by utilizing the provided groupid and member details endpoint url /passwordvault/api/usergroups/{{groupid}}/members/{{member}}/ method delete input argument name type required description path parameters groupid string required the unique id of the group path parameters member string required the name of the group member to be removed input example {"path parameters" {"groupid" "123","member" "test"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 204,"response headers" {},"reason" "no content","response text" ""} reset user password resets a cyberark vault user's password with a specified userid and new password, ensuring secure access management endpoint url /passwordvault/api/users/{{userid}}/resetpassword/ method post input argument name type required description path parameters userid number required the user's unique id newpassword string optional the users new password input example {"json body" {"newpassword" "mockpassword"},"path parameters" {"userid" 234}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 204,"response headers" {},"reason" "no content","response text" ""} update account updates an existing cyberark account's details using the specified accountid required inputs include path parameters and json body endpoint url /passwordvault/api/accounts/{{accountid}}/ method patch input argument name type required description path parameters accountid string required the unique id of the account to update input example {"json body" \[{"op" "replace","path" "/address","value" "10 10 27 254"},{"op" "replace","path" "/secretmanagement/automaticmanagementenabled","value" "false"}],"path parameters" {"accountid" "123"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier name string name of the resource address string output field address username string name of the resource platformid string unique identifier safename string name of the resource secrettype string type of the resource platformaccountproperties object output field platformaccountproperties secretmanagement object output field secretmanagement secretmanagement automaticmanagementenabled boolean output field secretmanagement automaticmanagementenabled secretmanagement manualmanagementreason string response reason phrase secretmanagement status string status value secretmanagement lastmodifiedtime number time value secretmanagement lastreconciledtime number time value secretmanagement lastverifiedtime number time value remotemachinesaccess object output field remotemachinesaccess remotemachinesaccess remotemachines string output field remotemachinesaccess remotemachines remotemachinesaccess accessrestrictedtoremotemachines boolean output field remotemachinesaccess accessrestrictedtoremotemachines createdtime number time value output example {"status code" 200,"response headers" {},"reason" "success","json body" {"id" "string","name" "string","address" "string","username" "string","platformid" "string","safename" "string","secrettype" "key","platformaccountproperties" {},"secretmanagement" {"automaticmanagementenabled"\ true,"manualmanagementreason" "string","status" "inprocess","lastmodifiedtime" 0,"lastreconciledtime" 0,"lastverifiedtime" 0},"remotemachinesaccess" {"remotemachines" "string","accessrestrictedtoremotemachines"\ true}, update security event status updates the status of a specified security event in cyberark to open or closed, using the provided securityeventid endpoint url /passwordvault/api/pta/api/events/{{securityeventid}} method patch input argument name type required description path parameters securityeventid string required security event id mstatus string optional the new status of the event closereason string optional the close reason for the security event after you have investigated and handled the event successfully or determined to close it for other reasons reasontext string optional free text for the user to elaborate on the close reason limited to 100 characters input example {"json body" {"mstatus" "closed","closereason" "handled","reasontext" "handled by soc team"},"path parameters" {"securityeventid" "123"}} output parameter type description status code number http status code of the response reason string response reason phrase id string unique identifier type string type of the resource score number score value createtime number time value lastupdatetime number time value audits array output field audits audits id string unique identifier audits type string type of the resource audits sensortype string type of the resource audits action string output field audits action audits psmcommand string output field audits psmcommand audits createtime number time value audits vaultuser string output field audits vaultuser audits account object count value audits account accountasstr string output field audits account accountasstr audits account type string type of the resource audits account account object count value audits account account mtarget object output field audits account account mtarget audits account account mtarget moriginaladdress string output field audits account account mtarget moriginaladdress audits account account mtarget mresolvedaddress object output field audits account account mtarget mresolvedaddress audits account account muser string output field audits account account muser audits source object output field audits source audits source moriginaladdress string output field audits source moriginaladdress output example {"status code" 200,"response headers" {},"reason" "success","json body" {"id" "444445e56bbb0b0a063f4444","type" "psmsuspiciousactivity","score" 70,"createtime" 1586134861000,"lastupdatetime" 1586134861000,"audits" \[{}],"additionaldata" {"matchpatterns" "kill( )"},"mstatus" "closed","closereason" "handled","reasontext" "handled by soc team"}} update user modifies a cyberark vault user's details by utilizing their userid and new username requires both userid and username endpoint url /passwordvault/api/users/{{userid}}/ method put input argument name type required description path parameters userid string required parameters for the update user action username string optional the name of the user usertype string optional the user type that was returned according to the license unauthorizedinterfaces array optional the user type that was returned according to the license location string optional the location in the vault where the user will be created expirydate number optional the date when the user expires useractivitylogretentiondays number optional the number of days that a user's account activity records are stored before they are deleted loginfromhour number optional the starting time of the timeframe in which a user can log in to an account logintohour number optional the ending time of the timeframe in which a user can log in to an account enableuser boolean optional whether the user is enabled authenticationmethod array optional the authentication method that the user uses to log on password string optional the password that the user will use to log on for the first time changepassonnextlogon boolean optional whether or not the user must change their password from the second log on onward passwordneverexpires boolean optional whether the user's password will not expire unless they decide to change it distinguishedname string optional the user's distinguished name vaultauthorization array optional the user permissions businessaddress object optional the user's postal address, including city, state, zip, country and street businessaddress workstreet string optional parameter for update user businessaddress workcity string optional parameter for update user businessaddress workstate string optional parameter for update user businessaddress workzip string optional parameter for update user businessaddress workcountry string optional parameter for update user internet object optional the user's email addresses, including home page, home email, business email and other email internet homepage string optional parameter for update user internet homeemail string optional parameter for update user input example {"json body" {"username" "newuser","usertype" "epvuser","unauthorizedinterfaces" \["pimsu","psm"],"location" "\\\\","expirydate" 1577836800,"useractivitylogretentiondays" 30,"loginfromhour" 1577836800,"logintohour" 1577836800,"enableuser"\ true,"authenticationmethod" \["authtypepass"],"password" "mypassword123","changepassonnextlogon"\ true,"passwordneverexpires"\ true,"distinguishedname" "newuser\@cyberark","vaultauthorization" \["addsafes","auditusers"],"businessaddress" {"workstreet" "hapssagot 9","workcity" "petah tikva","workstate" "israel","workzip" "9999999","workcountry" "israel"},"internet" {"homepage" "cyberark com","homeemail" "user\@gmail com","businessemail" "user\@cyberark com","otheremail" "user2\@gmail com"},"phones" {"homenumber" "555123456","businessnumber" "555456789","cellularnumber" "555789789","faxnumber" "999999","pagernumber" "111111"},"description" "this user is privileged","personaldetails" {"street" "2 second street","city" "tel aviv","state" "israel","zip" "123456","country" "israel","title" "mr vip","organization" "cyberark","department" "r\&d","profession" "software development","firstname" "john","middlename" "don","lastname" "smith"}},"path parameters" {"userid" "123"}} output parameter type description status code number http status code of the response reason string response reason phrase enableuser boolean output field enableuser changepassonnextlogon boolean output field changepassonnextlogon expirydate number date value suspended boolean output field suspended unauthorizedinterfaces array output field unauthorizedinterfaces authenticationmethod array http method to use passwordneverexpires boolean output field passwordneverexpires distinguishedname string name of the resource description string output field description businessaddress object output field businessaddress businessaddress workstreet string output field businessaddress workstreet businessaddress workcity string output field businessaddress workcity businessaddress workstate string output field businessaddress workstate businessaddress workzip string output field businessaddress workzip businessaddress workcountry string output field businessaddress workcountry internet object output field internet internet homepage string output field internet homepage internet homeemail string output field internet homeemail internet businessemail string output field internet businessemail internet otheremail string output field internet otheremail phones object output field phones phones homenumber string output field phones homenumber phones businessnumber string output field phones businessnumber output example {"status code" 200,"response headers" {},"reason" "success","json body" {"enableuser"\ true,"changepassonnextlogon"\ false,"expirydate" 1577836800,"suspended"\ false,"unauthorizedinterfaces" \["gui"],"authenticationmethod" \["authtypepass"],"passwordneverexpires"\ true,"distinguishedname" "johndoeroe","description" "john doe roe","businessaddress" {"workstreet" "kuritania street","workcity" "curitania","workstate" "suritania","workzip" "90211","workcountry" "ruritania"},"internet" {"homepage" "example verify account credentials marks an account for verification in cyberark using the provided accountid as a path parameter endpoint url /passwordvault/api/accounts/{{accountid}}/verify/ method post input argument name type required description path parameters accountid string required the unique id of the account input example {"path parameters" {"accountid" "123"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"status code" 204,"response headers" {},"reason" "no content","response text" ""} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt