Get user details

This method returns information about a specific user in the Vault.

To run this Web service, you must have Audit users permissions.

URL

  • Make sure there are no spaces in the URL.

  • The following characters are not supported in URL values: + & %

  • If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/

  
https://<IIS_Server_Ip>/PasswordVault/API/Users/{UserID}/

Resource information

HTTP method

 Content type

GET

application/json

Header parameter

Parameter

Description

Authorization

The token that identifies the session, encoded in BASE 64.

Type: String

Mandatory: Yes

Default value: None

URL parameter

Parameter

Description

userID

The ID of the user for which information is returned.

Type: Number

Mandatory: Yes

Default value: None

Result

  
{
"enableUser": true,
"changePassOnNextLogon": false,
"expiryDate": 1577836800,
"suspended": false,
"lastSuccessfulLoginDate": 1561282853,

"unAuthorizedInterfaces": [

"GUI"
],

"authenticationMethod": [
"AuthTypePass"
],
"passwordNeverExpires": true,
"distinguishedName": "JohnDoeRoe",
"description": "John Doe Roe",
"businessAddress": {
"workStreet": "Kuritania street",
"workCity": "Curitania",
"workState": "Suritania",
"workZip": "90211",
"workCountry": "Ruritania"
},
"internet": {
"homePage": "example.com",
"homeEmail": "John@example.net",
"businessEmail": "John@example.com",
"otherEmail": "John@example.org"
},
"phones": {
"homeNumber": "555-0100",
"businessNumber": "555-0101",
"cellularNumber": "0491 570 156",
"faxNumber": "555-0102",
"pagerNumber": "555-0103"
},
"personalDetails": {
"street": "Main street",
"city": "Curitania",
"state": "Suritania",
"zip": "90210",
"country": "Ruritania",
"title": "Mr. John",
"organization": "Acme",
"department": "newco",
"profession": "Doing Job",
"firstName": "John",
"middleName": "Doe",
"lastName": "Roe"
},

,"groupsMembership": [
{
"groupID": 16,
"groupName": "PVWAMonitor",
"groupType": "Vault"
},
{
"groupID": 17,
"groupName": "PVWAUsers",
"groupType": "Vault"
},
{
"groupID": 11,
"groupName": "Vault Admins",
"groupType": "Vault"
}
],

"id": 24,

"username": "JohnDR",
"source": "CyberArk",
"userType": "EPVUser",
"componentUser": false,
"vaultAuthorization": [
"AuditUsers"
],
"location": "\\"
}

 

Parameter

Description

id

The unique ID of the user.

Type: Number

username

The name of the user.

Type: String

userDN

The distinguished name of the user. Relevant for LDAP users only.

Type: String

source

The source of the user.

Valid values:

  • CyberArk

  • LDAP

Type: Boolean

changePasswordOnTheNextLogon

Whether or not the user must change their password from the second log on onward.

Type: Boolean

expiryDate

The date when the user expires.

Type: Date/Time

userType

The user type as defined in the license.

Type: String

unAuthorizedInterfaces

The CyberArk interfaces that this user is not authorized to use. The possible values depend on the specific user type as defined in the license.

Valid values:

  • PIMSU

  • PSM

  • PSMP

  • PVWA

  • WINCLIENT

  • PTA

  • PACLI

  • HTTPGW

  • EVD

  • PIMSu

  • AIMApp

  • CPM

  • PVWAApp

  • PSMApp

  • AppPrv

  • AIMApp

  • PSMPApp

Type: List of strings

componentUser

Whether the user is a known component or not.

If the user is a component, the value is true. Otherwise, it's false.

The following user types are considered to be components:

  • CPM

  • ENE

  • PVWA

  • PSM

  • AppProvider

  • OPMProvider

  • PIMProvider

  • PSMPServer

  • PSMPADBridge

  • PSMHTML5Gateway

  • CIFS

  • FTP

  • SFE

  • DCAInstance

  • FEWA

  • SEG

Type: Boolean

location

The location in the Vault where the user will be created.

Type: String

enabled

Whether or not the user is enabled.

Type: Boolean

suspended

Whether or not the user is suspended due after entering incorrect credentials multiple times.

Type: Boolean

authenticationMethod

The authentication method that the user uses to log on.

Valid values:

  • AuthTypePass (CyberArk)

  • AuthTypeRadius (Radius)

  • AuthTypeLDAP (LDAP)

Type: String

passwordNeverExpires

Whether the user’s password is retained until the user changes it.

Type: Boolean

distinguishedName

The user’s distinguished name.

The usage is for PKI authentication, this will match the certificate Subject Name or domain name.

Type: String

vaultAuthorization

The user permissions.

Valid values:

  • AddSafes

  • AuditUsers

  • AddUpdateUsers

  • ResetUsersPasswords

  • ActivateUsers

  • AddNetworkAreas

  • ManageDirectoryMapping

  • ManageServerFileCategories

  • BackupAllSafes

  • RestoreAllSafes

Type: List of strings

groupsMembership

List of groups in which the user is a member.

Type: Array

groupID

The unique ID of the group.

Type: Number

groupName

The name of a group in the Vault.

Type: String

groupType

Whether this is a Vault group or directory group.

Valid values:

  • Vault

  • Directory

Type: String

businessAddress

The user’s postal address, including:

  • City, state, zip, and country

  • Street

Type: Object

internet

The user's email addresses, including:

  • Home page

  • Home email

  • Business email

  • Other email

Type: Object

phones

The user's phone numbers, including:

  • Home

  • Business

  • Cellular

  • Fax

  • Pager

Type: Object

description

Notes and comments.

Type: String

Maximum value: 99 characters

personalDetails

The user's personal details, including:

  • firstName, middleName, lastName, address

  • city, state, zip, country

  • title, organization, department, profession

Type: Object

lastSuccessfulLoginDate

The date that the user last logged on to the Vault successfully.

Type: Date/Time

Return codes

For a complete list of return codes, see Return Codes.