Add user
This method adds a new user to Privilege Cloud.
To run this Web service, you must have the following permissions:
- Add Users
- Update Users
URL
|
-
Make sure there are no spaces in the URL.
-
The following characters are not supported in URL values: + & %
-
If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/
Resource information
HTTP method |
Content type |
---|---|
POST |
application/json |
Header parameter
Parameter |
Description |
---|---|
Authorization |
The token that identifies the session. Type: String Valid values: A session token that was returned from the “Logon” method. |
Body parameters
|
Parameter |
Description |
---|---|
username |
(Mandatory) The name of the user. Validations:
Type: String |
userType |
The user type that was returned according to the license. Possible types could be any user types according to the license. Type: String Default value: EPVUser |
nonAuthorizedInterfaces |
The CyberArk interfaces that this user is not authorized to use. Valid values (depend on the specific user type as defined in the license):
Type: List of strings |
location |
The location in the Vault where the user will be created. Validations:
Type: String Default value: Root |
expiryDate |
The date when the user expires. Type: Date-time |
enableUser |
Whether the user will be enabled upon creation. Type: Boolean Default value: True |
authenticationMethod |
The authentication method that the user will use to log on. Valid values:
Type: String Default value: AuthTypePass |
password |
The password that the user will use to log on for the first time. This password must meet the password policy requirements. Not required for PKI or LDAP. Length <= 39 characters. Type: String |
changePasswordOnTheNextLogon |
Whether or not the user must change their password from the second log on onward. Type: Boolean Default value: True |
passwordNeverExpires |
Whether the user’s password will not expire unless they decide to change it. Type: Boolean Default value: False |
distinguishedName |
The user’s distinguished name. The usage is for PKI authentication, this will match the certificate Subject Name or domain name. Type: String |
vaultAuthorization |
The user permissions. To apply specific authorizations to a user, the user who runs this API must have the same authorizations. Valid values:
Type: List of strings |
businessAddress |
The user’s postal address, including:
Type: Object |
internet |
The user's email addresses, including:
Max 319 characters (for each). Type: Object |
phones |
The user's phone numbers, including:
Max 24 characters (for each). Type: Object |
description |
Notes and comments. Max 99 characters. Type: String |
personalDetails |
The user's personal details, including:
Type: Object |
Result
|
Parameter |
Description |
---|---|
id |
The user's unique ID. Type: Number |
username |
(Mandatory) The name of the user. Validations:
Type: String |
source |
The user management system the user belongs to. Valid values:
Type: Boolean expression |
changePasswordOnTheNextLogon |
Whether or not the user must change their password from the second log on onward. Type: Boolean Default value: True |
expiryDate |
The date when the user expires. Type: Date-time |
userType |
The user type that was returned according to the license. Possible types could be any user types according to the license. Type: String |
unauthorizedInterfaces |
The CyberArk interfaces that this user is not authorized to use. Valid values (depend on the specific user type as defined in the license):
Type: List of strings |
componentUser |
Whether the user is a known component or not. if the user is a component, then the value is true. Otherwise, it is false. The following user types are considered components:
|
location |
The user location. Type: String |
enabled |
Whether or not the user is enabled. Type: Boolean |
suspended |
Whether or not the user is suspended. Type: Boolean |
authenticationMethod |
The authentication method that the user will use to log on. Type: String |
passwordNeverExpires |
Whether the user’s password will not expire unless they decide to change it. Type: Boolean |
distinguishedName |
The user’s distinguished name. The usage is for PKI authentication, this will match the certificate Subject Name or domain name. Type: String |
vaultAuthorization |
The user permissions. Valid values:
Type: List of strings |
businessAddress |
The user’s postal address, including:
Type: Object |
internet |
The user's email addresses, including:
Type: Object |
phones |
The user's phone numbers, including:
Type:Object |
description |
Notes and comments. Max 99 characters. Type: String |
personalDetails |
The user's personal details, including:
Type: Object |
lastSuccessfulLoginDate |
The date that the user last logged on to the Vault successfully. Type: Date time |
Return codes
For a complete list of return codes, see Return Codes.