Add user

This method adds a new user to the Vault.

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %
If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/

To run this Web service, you must have the following permissions:

Add Users
Update Users

URL

https://<IIS_Server_Ip>/PasswordVault/API/Users/

Resource information

HTTP method	Content type
POST	application/json

Header parameter

Parameter	Description
Authorization	The token that identifies the session. Type: String Valid values: A session token that was returned from the “Logon” method.

Parameter

Description

Authorization

The token that identifies the session.

Type: String

Valid values: A session token that was returned from the “Logon” method.

Body parameters

{
    "username":"newUser",
    "userType": "EPVUser",
    "initialPassword": "MyPassword123",
    "authenticationMethod": ["AuthTypePass"],
    "location": "\\",
    "unAuthorizedInterfaces": ["PSM", "PSMP"],
    "expiryDate": 1577836800,
    "vaultAuthorization": ["AddSafes", "AuditUsers" ],
    "enableUser": true,
    "changePassOnNextLogon": true,
    "passwordNeverExpires": true,
    "distinguishedName": "newUser@cyberark",
    "description": "This user is privileged",
    "businessAddress":
     {
     "workStreet": "Hapssagot 9",
     "workCity": "Petah Tikva",
     "workState": "Israel",
     "workZip": "9999999",
     "workCountry": "Israel"
     },
    "internet":
     {
     "homePage": "Cyberark.com",
     "homeEmail": "user@gmail.com",
     "businessEmail": "user@cyberark.com",
     "otherEmail": "user2@gmail.com"
     },
    "phones": {
     "homeNumber": "555123456",
     "businessNumber": "555456789",
     "cellularNumber": "555789789",
     "faxNumber": "999999",
     "pagerNumber": "111111"
  },
  "personalDetails": {
    "street": "Dizzengof 56",
    "city": "Tel Aviv",
    "state": "Israel",
    "zip": "123456",
    "country": "Israel",
    "title": "Mr. VIP",
    "organization": "Cyber ark",
    "department": "R&D",
    "profession": "software development",
    "firstName": "John",
    "middleName": "Doe",
    "lastName": "Smith"
  },
}

Parameter	Description
username	(Mandatory) The name of the user. Validations: Length <= 128 No leading or trailing space No trailing dot When a name is longer than 28 characters, the 28th character in the name cannot be space Cannot include the characters: "\\/:*?\"<>\|\t\r\n\x1F" The first 28 characters in the name must be unique Type: String
userType	The user type that was returned according to the license. Possible types could be any user types according to the license. Type: String Default value: EPVUser.
nonAuthorizedInterfaces	The CyberArk interfaces that this user is not authorized to use. Valid values (depend on the specific user type as defined in the license): PIMSU PSM PSMP PVWA WINCLIENT PTA PACLI HTTPGW EVD PIMSu AIMApp CPM PVWAApp PSMApp AppPrv AIMApp PSMPApp Type: List of strings
location	The location in the Vault where the user will be created. Validations: Length <= 128 characters Must begin with "\\", but cannot contain or end with "\\" No trailing space Type: String Default value: Root
expiryDate	The date when the user expires. Type: Date-time
enableUser	Whether the user will be enabled upon creation. Type: Boolean Default value: True
authenticationMethod	The authentication method that the user will use to log on. Valid values: AuthTypePass (CyberArk) AuthTypeRadius (Radius) AuthTypeLDAP (LDAP) Type: String Default value: AuthTypePass
password	The password that the user will use to log on for the first time. This password must meet the password policy requirements. Not required for PKI or LDAP. Length <= 39 characters. Type: String
changePasswordOnTheNextLogon	Whether or not the user must change their password from the second log on onward. Type: Boolean Default value: True
passwordNeverExpires	Whether the user’s password will not expire unless they decide to change it. Type: Boolean Default value: False
distinguishedName	The user’s distinguished name. The usage is for PKI authentication, this will match the certificate Subject Name or domain name. Type: String
vaultAuthorization	The user permissions. To apply specific authorizations to a user, the user who runs this API must have the same authorizations. Valid values: AddSafes AuditUsers AddUpdateUsers ResetUsersPasswords ActivateUsers AddNetworkAreas ManageDirectoryMapping ManageServerFileCategories BackupAllSafes RestoreAllSafes Type: List of strings
businessAddress	The user’s postal address, including: City, state, zip, and country (max 19 characters) Street (max 29 characters) Type: Object
internet	The user's email addresses, including: Home page Home email Business email Other email Max 319 characters (for each). Type: Object
phones	The user's phone numbers, including: Home Business Cellular Fax Pager Max 24 characters (for each). Type: Object
description	Notes and comments. Max 99 characters. Type: String
personalDetails	The user's personal details, including: firstName, middleName, lastName, address (max 29 characters) city, state, zip, country (max 19 characters) title, organization, department, profession (max 49 characters) Type: Object

Result

{
  "enableUser": true,
  "changePassOnNextLogon": true,
  "expiryDate": 1577836800,
  "suspended": false,
  "lastSuccessfulLoginDate": 1561282853,
  "unAuthorizedInterfaces": [
    "PSMP",
    "PSM"
  ],
  "authenticationMethod": [
    "AuthTypePass"
  ],
  "passwordNeverExpires": true,
  "distinguishedName": "newUser@cyberark",
  "description": "This user is privileged",
  "businessAddress": {
    "workStreet": "9999999",
    "workCity": "Petah Tikva",
    "workState": "Hapssagot 9",
    "workZip": "Petah Tikva",
    "workCountry": "Israel"
  },
  "internet": {
    "homePage": "Cyberark.com",
    "homeEmail": "user@gmail.com",
    "businessEmail": "user@cyberark.com",
    "otherEmail": "user2@gmail.com"
  },
  "phones": {
    "homeNumber": "555123456",
    "businessNumber": "555456789",
    "cellularNumber": "555789789",
    "faxNumber": "999999",
    "pagerNumber": "111111"
  },
  "personalDetails": {
    "street": "Dizzengof 56",
    "city": "Tel Aviv",
    "state": "Israel",
    "zip": "123456",
    "country": "Israel",
    "title": "Mr. VIP",
    "organization": "Cyber ark",
    "department": "R&D",
    "profession": "software development",
    "firstName": "John",
    "middleName": "Doe",
    "lastName": "Smith"
  },
  "id": 350,
  "username": "newUser",
  "source": "CyberArk",
  "userType": "EPVUser",
  "componentUser": false,
  "vaultAuthorization": [
    "AddSafes",
    "AuditUsers"
  ],
  "location": "\\"
}

Parameter	Description
id	The user's unique ID. Type: Number
username	(Mandatory) The name of the user. Validations: Length <= 128 No leading or trailing space No trailing dot When a name is longer than 28 characters, the 28th character in the name cannot be space Cannot include the characters: "\\/:*?\"<>\|\t\r\n\x1F" The first 28 characters in the name must be unique Type: String
source	The user management system the user belongs to. Valid values: CyberArk LDAP Type: Boolean expression
changePasswordOnTheNextLogon	Whether or not the user must change their password from the second log on onward. Type: Boolean Default value: True
expiryDate	The date when the user expires. Type: Date-time
userType	The user type that was returned according to the license. Possible types could be any user types according to the license. Type: String
unauthorizedInterfaces	The CyberArk interfaces that this user is not authorized to use. Valid values (depend on the specific user type as defined in the license): PIMSU PSM PSMP PVWA WINCLIENT PTA PACLI HTTPGW EVD PIMSu AIMApp CPM PVWAApp PSMApp AppPrv AIMApp PSMPApp Type: List of strings
componentUser	Whether the user is a known component or not. if the user is a component, then the value is true. Otherwise, it is false. The following user types are considered components: CPM ENE PVWA PSM AppProvider OPMProvider PIMProvider PSMPServer PSMPADBridge PSMHTML5Gateway CIFS FTP SFE DCAInstance FEWA SEG
location	The user location. Type: String
enabled	Whether or not the user is enabled. Type: Boolean
suspended	Whether or not the user is suspended. Type: Boolean
authenticationMethod	The authentication method that the user will use to log on. Type: String
passwordNeverExpires	Whether the user’s password will not expire unless they decide to change it. Type: Boolean
distinguishedName	The user’s distinguished name. The usage is for PKI authentication, this will match the certificate Subject Name or domain name. Type: String
vaultAuthorization	The user permissions. Valid values: AddSafes AuditUsers AddUpdateUsers ResetUsersPasswords ActivateUsers AddNetworkAreas ManageDirectoryMapping ManageServerFileCategories BackupAllSafes RestoreAllSafes Type: List of strings
businessAddress	The user’s postal address, including: City, state, zip, and country Street Type: Object
internet	The user's email addresses, including: Home page Home email Business email Other email Type: Object
phones	The user's phone numbers, including: Home Business Cellular Fax Pager Type:Object
description	Notes and comments. Max 99 characters. Type: String
personalDetails	The user's personal details, including: firstName, middleName, lastName, address city, state, zip, country title, organization, department, profession Type: Object
lastSuccessfulLoginDate	The date that the user last logged on to the Vault successfully. Type: Date time

Return codes

For a complete list of return codes, see Return Codes.